Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Cannot Access Microsoft or Anti-virus Sites

This is a discussion on Cannot Access Microsoft or Anti-virus Sites within the Resolved HJT Threads forums, part of the Tech Support Forum category. Okay, so I recently got blue-screened and had to re-format. I did a re-install of windows and now I have


 
 
Thread Tools Search this Thread
Old 12-31-2009, 01:24 PM   #1
Registered Member
 
Join Date: Jun 2006
Posts: 28
OS: Windows XP



Okay, so I recently got blue-screened and had to re-format. I did a re-install of windows and now I have this problem in that I cannot access Microsoft or anti-virus websites. For example: if I try to go to microsoft.com Firefox brings up its "Server not found" screen.

The only things that have been installed so far are:
- all my drivers, from their respective CD's,
- my wireless driver, which I downloaded the install from another computer and put it on a thumb drive.
- and, Firefox, however the problem existed before the Firefox install.

I've tried connecting to the websites via other computers on the same network and they all work.


DDS.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Braden at 13:02:54.73 on 31/12/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1704 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\Braden\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WUSB54Gv2] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\braden\applic~1\mozilla\firefox\profiles\3excahqe.default\
FF - prefs.js: browser.startup.homepage - www.google.ca

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S2 ywlnv;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

=============== Created Last 30 ================

2009-12-31 05:04:22 0 d-s---w- c:\documents and settings\braden\UserData
2009-12-31 05:02:55 0 d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-12-31 05:01:49 0 d-----w- C:\Linksys Driver
2009-12-31 05:01:17 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-31 04:59:28 0 d-----w- c:\program files\Realtek Sound Manager
2009-12-31 04:59:26 0 d-----w- c:\program files\AvRack
2009-12-31 04:59:25 164 ------r- c:\windows\avrack.ini
2009-12-31 04:59:22 0 d-----w- c:\program files\Realtek AC97
2009-12-31 04:59:19 2324480 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2009-12-31 04:59:18 77824 ----a-r- c:\windows\SOUNDMAN.EXE
2009-12-31 04:59:18 40960 ------r- c:\windows\system32\ChCfg.exe
2009-12-31 04:59:18 156672 ----a-r- c:\windows\system32\RTLCPAPI.dll
2009-12-31 04:59:15 9410048 ----a-r- c:\windows\system32\RTLCPL.EXE
2009-12-31 04:59:15 141016 ----a-r- c:\windows\system32\ALSNDMGR.WAV
2009-12-31 04:59:09 294912 ------r- c:\windows\alcupd.exe
2009-12-31 04:59:09 200704 ------r- c:\windows\alcrmv.exe
2009-12-31 04:59:09 18751488 ----a-r- c:\windows\system32\ALSNDMGR.CPL
2009-12-31 04:58:17 0 d-----w- c:\program files\Marvell
2009-12-31 04:57:31 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-31 04:57:14 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-12-31 04:57:13 4594 ----a-w- c:\windows\Ascd_tmp.ini
2009-12-31 04:57:10 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-29 07:28:54 188689 ----a-w- c:\windows\system32\nvapps.xml
2009-12-29 07:28:18 18335 ----a-w- c:\windows\system32\nvdisp.nvu
2009-12-29 07:28:18 0 d-----w- c:\windows\nview
2009-12-29 07:28:17 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-29 07:27:38 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-29 04:28:58 0 d-sh--w- c:\documents and settings\all users\DRM
2009-12-29 04:28:42 0 d--h--w- c:\program files\WindowsUpdate
2009-12-29 04:27:44 0 d-----w- c:\program files\common files\MSSoap
2009-12-29 04:26:29 0 d-----w- c:\program files\Online Services
2009-12-29 04:26:24 0 d-----w- c:\program files\Messenger
2009-12-29 04:26:19 0 d-----w- c:\program files\MSN Gaming Zone
2009-12-29 04:25:37 0 d-----w- c:\program files\Windows NT
2009-12-28 21:16:19 0 d-----w- c:\program files\common files\ODBC
2009-12-28 21:16:16 0 d-----w- c:\program files\common files\SpeechEngines
2009-12-28 21:15:50 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-12-31 05:02:56 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-12-29 04:27:03 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-04 12:00:00 161814 --sha-r- c:\windows\system32\gbujfpdo.dll

============= FINISH: 13:03:02.42 ===============



Attach.txt and ark.txt are in attach.zip.

I do have access to my Windows boot CD if needed.
Attached Files
File Type: zip attach.zip (1.8 KB, 29 views)
leadrhino is offline  
Sponsored Links
Advertisement
 
Old 12-31-2009, 03:05 PM   #2
Security Team
Analyst
 
Join Date: May 2009
Posts: 516
OS: 98,xp



Hi Leadrhino, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1
Link 2
to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    -Tools->Options->Main tab
    -Set to "Always ask me where to Save the files".
  • During the download, before you save it to your desktop, rename Combofix to jgh.exe
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    -----------------------------------------------------------
  • Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with
  • combofix log
How is the computer?

Thanks
__________________
oldman960 is offline  
Old 12-31-2009, 03:57 PM   #3
Registered Member
 
Join Date: Jun 2006
Posts: 28
OS: Windows XP



Okay, I downloaded Combofix, which I renamed to jgh.exe during the download process. Ran it and it worked as far as I could tell. The problem has not been fixed. I still can't connect to hxxp://www.microsoft.com or hxxp://www.f-secure.com or any other Microsoft or anti-virus site.

I was unsure whether you wanted the Combofix log attached or posted in the message so I did both.



ComboFix 09-12-31.06 - Braden 31/12/2009 15:47:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1771 [GMT -7:00]
Running from: c:\documents and settings\Braden\Desktop\jgh.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 05:08 . 2009-12-31 05:08 0 ----a-w- c:\windows\nsreg.dat
2009-12-31 05:08 . 2009-12-31 05:08 -------- d-----w- c:\documents and settings\Braden\Local Settings\Application Data\Mozilla
2009-12-31 05:04 . 2009-12-31 05:04 -------- d-s---w- c:\documents and settings\Braden\UserData
2009-12-31 05:02 . 2009-12-31 05:02 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-12-31 05:02 . 2004-04-24 05:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
2009-12-31 05:02 . 2004-03-04 21:47 147456 ----a-w- c:\windows\system32\ssleay32.dll
2009-12-31 05:02 . 2004-03-04 21:46 929792 ----a-w- c:\windows\system32\AegisE5.dll
2009-12-31 05:02 . 2004-03-04 21:46 651264 ----a-w- c:\windows\system32\libeay32.dll
2009-12-31 05:02 . 2004-01-08 00:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
2009-12-31 05:02 . 2004-01-08 00:04 339488 ----a-w- c:\windows\system32\drivers\WUSB20XP.sys
2009-12-31 05:02 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-12-31 05:02 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-12-31 05:01 . 2009-12-31 05:01 -------- d-----w- C:\Linksys Driver
2009-12-31 05:01 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-31 04:59 . 2009-12-31 04:59 -------- d-----w- c:\program files\Realtek Sound Manager
2009-12-31 04:59 . 2009-12-31 04:59 -------- d-----w- c:\program files\AvRack
2009-12-31 04:59 . 2009-12-31 04:59 -------- d-----w- c:\program files\Realtek AC97
2009-12-31 04:59 . 2005-06-20 14:08 2324480 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2009-12-31 04:59 . 2005-06-20 13:42 77824 ----a-r- c:\windows\SOUNDMAN.EXE
2009-12-31 04:59 . 2005-05-18 05:38 40960 ------r- c:\windows\system32\ChCfg.exe
2009-12-31 04:59 . 2004-09-07 06:23 156672 ----a-r- c:\windows\system32\RTLCPAPI.dll
2009-12-31 04:59 . 2005-06-20 13:39 9410048 ----a-r- c:\windows\system32\RTLCPL.EXE
2009-12-31 04:59 . 2005-06-02 08:43 200704 ------r- c:\windows\alcrmv.exe
2009-12-31 04:59 . 2005-06-02 08:31 294912 ------r- c:\windows\alcupd.exe
2009-12-31 04:59 . 2009-12-31 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 04:58 . 2009-12-31 04:58 -------- d-----w- c:\program files\Marvell
2009-12-31 04:58 . 2009-12-31 05:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-31 04:57 . 2004-10-05 23:54 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-31 04:57 . 2004-08-13 02:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-12-31 04:57 . 2004-04-27 15:26 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-29 07:28 . 2009-12-29 07:28 -------- d-----w- c:\windows\nview
2009-12-29 07:28 . 2008-06-25 19:57 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-29 07:27 . 2008-06-16 23:34 446464 ----a-w- c:\windows\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 04:29 . 2009-12-29 04:29 -------- d-----w- c:\program files\microsoft frontpage
2009-12-29 04:29 . 2009-12-29 04:29 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-29 04:27 . 2009-12-29 04:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-04 12:00 . 2004-08-04 12:00 161814 --sha-r- c:\windows\system32\gbujfpdo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
"nwiz"="nwiz.exe" [2008-06-25 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"WUSB54Gv2"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7656:TCP"= 7656:TCP:ogtuary

S2 ywlnv;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 5:00 AM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ywlnv
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Braden\Application Data\Mozilla\Firefox\Profiles\3excahqe.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-12-31 15:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ywlnv]
"ServiceDll"="c:\windows\system32\gbujfpdo.dll"
.
Completion time: 2009-12-31 15:49:54
ComboFix-quarantined-files.txt 2009-12-31 22:49

Pre-Run: 12,420,820,992 bytes free
Post-Run: 12,442,349,568 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 12C270E6609EF767A192D4BDCFCC4B63
Attached Files
File Type: zip ComboFix.zip (2.3 KB, 21 views)
leadrhino is offline  
Sponsored Links
Advertisement
 
Old 12-31-2009, 09:43 PM   #4
Security Team
Analyst
 
Join Date: May 2009
Posts: 516
OS: 98,xp



Hi leadrhino,

We will be using Combofix again but will run it differently.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the all of the text in the code box below into the Notepad, (including the URL). Do Not copy the word CODE

Code:
https://www.techsupportforum.com/f100/cannot-access-microsoft-or-anti-virus-sites-446929.html#post2517912
 
Collect::
c:\windows\system32\gbujfpdo.dll

NetSvc::
ywlnv

Driver::
ywlnv
In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again. Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Please post the combofix in your next reply.

How's the computer?

Thanks
__________________
oldman960 is offline  
Old 01-02-2010, 08:05 PM   #5
Registered Member
 
Join Date: Jun 2006
Posts: 28
OS: Windows XP



Made the script and dragged it into Combofix (which was named jgh.exe). It ran, and the problem seems to be solved, I can access microsoft and antivirus sites.

Log is here:

ComboFix 09-12-31.06 - Braden 02/01/2010 19:43:01.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1748 [GMT -7:00]
Running from: c:\documents and settings\Braden\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Braden\Desktop\CFScript.txt

file zipped: c:\windows\system32\gbujfpdo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gbujfpdo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YWLNV
-------\Service_ywlnv


((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2009-12-31 05:08 . 2009-12-31 05:08 0 ----a-w- c:\windows\nsreg.dat
2009-12-31 05:08 . 2009-12-31 05:08 -------- d-----w- c:\documents and settings\Braden\Local Settings\Application Data\Mozilla
2009-12-31 05:04 . 2009-12-31 05:04 -------- d-s---w- c:\documents and settings\Braden\UserData
2009-12-31 05:02 . 2009-12-31 05:02 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-12-31 05:02 . 2004-04-24 05:43 374752 ----a-w- c:\windows\system32\WUSBGXP.sys
2009-12-31 05:02 . 2004-03-04 21:47 147456 ----a-w- c:\windows\system32\ssleay32.dll
2009-12-31 05:02 . 2004-03-04 21:46 929792 ----a-w- c:\windows\system32\AegisE5.dll
2009-12-31 05:02 . 2004-03-04 21:46 651264 ----a-w- c:\windows\system32\libeay32.dll
2009-12-31 05:02 . 2004-01-08 00:04 339488 ----a-w- c:\windows\system32\WUSB20XP.sys
2009-12-31 05:02 . 2004-01-08 00:04 339488 ----a-w- c:\windows\system32\drivers\WUSB20XP.sys
2009-12-31 05:02 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-12-31 05:02 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-12-31 05:01 . 2009-12-31 05:01 -------- d-----w- C:\Linksys Driver
2009-12-31 05:01 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-31 04:59 . 2009-12-31 04:59 -------- d-----w- c:\program files\Realtek Sound Manager
2009-12-31 04:59 . 2009-12-31 04:59 -------- d-----w- c:\program files\AvRack
2009-12-31 04:59 . 2009-12-31 04:59 -------- d-----w- c:\program files\Realtek AC97
2009-12-31 04:59 . 2005-06-20 14:08 2324480 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2009-12-31 04:59 . 2005-06-20 13:42 77824 ----a-r- c:\windows\SOUNDMAN.EXE
2009-12-31 04:59 . 2005-05-18 05:38 40960 ------r- c:\windows\system32\ChCfg.exe
2009-12-31 04:59 . 2004-09-07 06:23 156672 ----a-r- c:\windows\system32\RTLCPAPI.dll
2009-12-31 04:59 . 2005-06-20 13:39 9410048 ----a-r- c:\windows\system32\RTLCPL.EXE
2009-12-31 04:59 . 2005-06-02 08:43 200704 ------r- c:\windows\alcrmv.exe
2009-12-31 04:59 . 2005-06-02 08:31 294912 ------r- c:\windows\alcupd.exe
2009-12-31 04:59 . 2009-12-31 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 04:58 . 2009-12-31 04:58 -------- d-----w- c:\program files\Marvell
2009-12-31 04:58 . 2009-12-31 05:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-31 04:57 . 2004-10-05 23:54 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-31 04:57 . 2004-08-13 02:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-12-31 04:57 . 2004-04-27 15:26 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-29 07:28 . 2009-12-29 07:28 -------- d-----w- c:\windows\nview
2009-12-29 07:28 . 2008-06-25 19:57 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-29 07:27 . 2008-06-16 23:34 446464 ----a-w- c:\windows\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 19:49 . 2009-12-29 04:29 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-29 04:29 . 2009-12-29 04:29 -------- d-----w- c:\program files\microsoft frontpage
2009-12-29 04:27 . 2009-12-29 04:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( [email protected]_22.49.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-12-31 22:44 39992 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-02 19:18 39992 c:\windows\system32\perfc009.dat
+ 2009-12-29 04:29 . 2010-01-02 19:49 2378 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-12-29 04:29 . 2010-01-02 19:49 8972 c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2004-08-04 12:00 . 2010-01-02 19:18 311604 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-12-31 22:44 311604 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
"nwiz"="nwiz.exe" [2008-06-25 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"WUSB54Gv2"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7656:TCP"= 7656:TCP:ogtuary

.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Braden\Application Data\Mozilla\Firefox\Profiles\3excahqe.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-01-02 19:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-01-02 19:48:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-03 02:48
ComboFix2.txt 2009-12-31 22:49

Pre-Run: 12,385,259,520 bytes free
Post-Run: 12,329,734,144 bytes free

- - End Of File - - EE84EFA1CE00E5E9CA211457CAB02755
leadrhino is offline  
Old 01-02-2010, 11:39 PM   #6
Security Team
Analyst
 
Join Date: May 2009
Posts: 516
OS: 98,xp



Hi leadrhino,

Looks good. Let's do a couple of checks to be sure you are clean.

First

There isn't an antivirus program installled on this machine.

Here's some free ones you can choose from. Download and install only one of these.

Avast
Help and support can be found here Avast Forum
AVG
Help and support can be found here AVG Forum
Antivir PersonalEditionClassic
Help and support can be found here Avira Personal Support Forum

Next

This is a program that I not only use during the course of a cleaning but recommend be kept and used regularly.

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Next

Just to be sure nothing was missed.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Go here to run an online scannner from
ESET

(Note: You must use Internet Explorer for this scan.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.
Please post back with the ESET log.

Please post back with
  • MBAM log
  • Eset log
  • new DDS log taken last.
Thanks
__________________
oldman960 is offline  
Old 01-03-2010, 07:04 PM   #7
Registered Member
 
Join Date: Jun 2006
Posts: 28
OS: Windows XP



All right.

1. Antivirus installed.

2. MBAM log:


Malwarebytes' Anti-Malware 1.43
Database version: 3490
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

03/01/2010 6:30:04 PM
mbam-log-2010-01-03 (18-30-04).txt

Scan type: Quick Scan
Objects scanned: 95719
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


3. ESET log:


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7abfc5b7982a3e449e8767866829ab98
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-04 01:58:49
# local_time=2010-01-03 06:58:49 (-0700, Mountain Standard Time)
# country="Canada"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=2304 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=15699
# found=0
# cleaned=0
# scan_time=258


4. DDS log:



DDS (Ver_09-12-01.01) - NTFSx86
Run by Braden at 19:00:16.73 on 03/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1657 [GMT -7:00]

AV: F-Secure Anti-Virus for Workstations 9.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Braden\Desktop\dds.scr

============== Pseudo HJT Report ===============

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WUSB54Gv2] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\braden\applic~1\mozilla\firefox\profiles\3excahqe.default\
FF - prefs.js: browser.startup.homepage - www.google.ca

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-1-3 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2010-1-3 68080]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2010-1-3 219760]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2010-1-3 107104]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2010-1-3 166512]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2010-1-3 55920]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2010-1-3 39792]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2010-1-3 25200]

=============== Created Last 30 ================

2010-01-04 01:47:21 0 d-----w- c:\program files\ESET
2010-01-04 01:43:11 0 d-sh--w- c:\documents and settings\braden\IECompatCache
2010-01-04 01:42:29 0 d-sh--w- c:\documents and settings\braden\PrivacIE
2010-01-04 01:41:37 0 d-sh--w- c:\documents and settings\braden\IETldCache
2010-01-04 01:39:49 0 d--h--w- c:\windows\$hf_mig$
2010-01-04 01:39:49 0 d-----w- c:\windows\ie8updates
2010-01-04 01:39:23 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-04 01:38:49 0 dc-h--w- c:\windows\ie8
2010-01-04 01:37:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-04 01:37:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-04 01:37:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-04 01:37:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-04 01:37:07 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-04 01:37:05 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-04 01:36:12 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-04 01:26:44 0 d-----w- c:\docume~1\braden\applic~1\Malwarebytes
2010-01-04 01:26:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 01:26:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 01:26:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 01:26:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-04 01:21:03 0 d-----w- c:\docume~1\alluse~1\applic~1\fssg
2010-01-04 01:21:01 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-01-04 01:20:02 0 d-----w- c:\program files\F-Secure
2010-01-04 00:53:41 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-03 20:05:13 13646 ----a-w- c:\windows\system32\wpa.bak
2009-12-31 22:47:37 0 d-sha-r- C:\cmdcons
2009-12-31 22:46:46 98816 ----a-w- c:\windows\sed.exe
2009-12-31 22:46:46 77312 ----a-w- c:\windows\MBR.exe
2009-12-31 22:46:46 261632 ----a-w- c:\windows\PEV.exe
2009-12-31 22:46:46 161792 ----a-w- c:\windows\SWREG.exe
2009-12-31 05:04:22 0 d-s---w- c:\documents and settings\braden\UserData
2009-12-31 05:02:55 0 d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-12-31 05:01:49 0 d-----w- C:\Linksys Driver
2009-12-31 05:01:17 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-31 04:59:28 0 d-----w- c:\program files\Realtek Sound Manager
2009-12-31 04:59:26 0 d-----w- c:\program files\AvRack
2009-12-31 04:59:25 164 ------r- c:\windows\avrack.ini
2009-12-31 04:59:22 0 d-----w- c:\program files\Realtek AC97
2009-12-31 04:59:19 2324480 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2009-12-31 04:59:18 77824 ----a-r- c:\windows\SOUNDMAN.EXE
2009-12-31 04:59:18 40960 ------r- c:\windows\system32\ChCfg.exe
2009-12-31 04:59:18 156672 ----a-r- c:\windows\system32\RTLCPAPI.dll
2009-12-31 04:59:15 9410048 ----a-r- c:\windows\system32\RTLCPL.EXE
2009-12-31 04:59:15 141016 ----a-r- c:\windows\system32\ALSNDMGR.WAV
2009-12-31 04:59:09 294912 ------r- c:\windows\alcupd.exe
2009-12-31 04:59:09 200704 ------r- c:\windows\alcrmv.exe
2009-12-31 04:59:09 18751488 ----a-r- c:\windows\system32\ALSNDMGR.CPL
2009-12-31 04:58:17 0 d-----w- c:\program files\Marvell
2009-12-31 04:57:31 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-31 04:57:14 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-12-31 04:57:13 4594 ----a-w- c:\windows\Ascd_tmp.ini
2009-12-31 04:57:10 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-29 07:28:54 188689 ----a-w- c:\windows\system32\nvapps.xml
2009-12-29 07:28:18 18335 ----a-w- c:\windows\system32\nvdisp.nvu
2009-12-29 07:28:18 0 d-----w- c:\windows\nview
2009-12-29 07:28:17 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-29 07:27:38 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-29 04:28:58 0 d-sh--w- c:\documents and settings\all users\DRM
2009-12-29 04:28:42 0 d--h--w- c:\program files\WindowsUpdate
2009-12-29 04:27:44 0 d-----w- c:\program files\common files\MSSoap
2009-12-29 04:26:29 0 d-----w- c:\program files\Online Services
2009-12-29 04:26:24 0 d-----w- c:\program files\Messenger
2009-12-29 04:26:19 0 d-----w- c:\program files\MSN Gaming Zone
2009-12-29 04:25:37 0 d-----w- c:\program files\Windows NT
2009-12-28 21:16:19 0 d-----w- c:\program files\common files\ODBC
2009-12-28 21:16:16 0 d-----w- c:\program files\common files\SpeechEngines
2009-12-28 21:15:50 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-01-04 01:25:41 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-12-31 05:02:56 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2009-12-29 04:27:03 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 19:00:24.93 ===============



Computer's still working fine.
leadrhino is offline  
Old 01-03-2010, 10:55 PM   #8
Security Team
Analyst
 
Join Date: May 2009
Posts: 516
OS: 98,xp



Hi LeadRhino,

Looks good.

From your desktop, please delete
  • any notepads/logs that we created
  • GMER.zip
  • GMER.exe
  • DDS.scr
Eset online can be removed via add/remove programs if you wish.

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /uninstall


I suggest you keep MBAM. Keep it updated and use it regularly.


Updates and upgrades

If you wish to use Adobe Reader you can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum


The current version of Java can be downloaded from Here[/B]]. Scroll down to "Java Runtime Environment (JRE) 6 Update 17"



Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Add a resident antispyware program and a firewall.

I suggest either
Windows Defender
OR
Winpatrol

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware,IMO)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.


- Keep your antivirus program updated, as well as any other security programs you have.


-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0


-More tips and programs can be found HERE


- You may also want to read this article By Tony Klein
https://www.freedomlist.com/forum/viewtopic.php?t=22879

We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved".

Take care
__________________
oldman960 is offline  
Old 01-04-2010, 03:08 PM   #9
Registered Member
 
Join Date: Jun 2006
Posts: 28
OS: Windows XP



Followed those instructions and installed what was required. Thanks for all the help.
leadrhino is offline  
Old 01-04-2010, 10:30 PM   #10
Security Team
Analyst
 
Join Date: May 2009
Posts: 516
OS: 98,xp



Hi leadrhino,

No problem, happy to have been of assistance.

Take care.
__________________
oldman960 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 04:33 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts