CRYP_NAIX-7

View previous topic View next topic Go down

Solved CRYP_NAIX-7

Post by lex514 on 3rd January 2009, 4:31 am

For about 6 or 7 months I've gotten a pop-up everytime a new window opens on my computer. The popup is from my Trend Micro PC-Security program and shows "ADW_ADBAND.C" and "ADW_AGENT.PLX" as being on my computer. I researched these and found that they weren't a big deal, so I've been putting up with the mild nuisance. However, today my Trend Micro program ran a scan and found a "CRYP_NAIX-7" virus. I researched this and found it's a bit more serious so I looked you guys up and I've decided to try and fix this thing. Here's my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:13 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Alex Lemke II\Desktop\Trend-hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-272253597-3270575537-1769193268-1006\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'Katherine Lemke')
O4 - HKUS\S-1-5-21-272253597-3270575537-1769193268-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Katherine Lemke')
O4 - HKUS\S-1-5-21-272253597-3270575537-1769193268-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Katherine Lemke')
O4 - HKUS\S-1-5-21-272253597-3270575537-1769193268-1006\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.] (User 'Katherine Lemke')
O4 - HKUS\S-1-5-21-272253597-3270575537-1769193268-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Katherine Lemke')
O4 - HKUS\S-1-5-21-272253597-3270575537-1769193268-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Katherine Lemke')
O4 - HKUS\S-1-5-21-272253597-3270575537-1769193268-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Katherine Lemke')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12450 bytes

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 3rd January 2009, 4:32 am

And here is my UnInstall List.

ABBYY FineReader 6.0 Sprint
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
AIM 6
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Management Programs
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Conexant HDA D110 MDC V.92 Modem
Consumer Complete Care Services Agreement
Corel Paint Shop Pro X
Corel Photo Album 6
Corel Snapfire Plus
Coupon Printer for Windows
Dell Game Console
Dell Network Assistant
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support 3.2.1
Dell Support Center (Support Software)
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink Setup Files
Games, Music, & Photos Launcher
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Service Offers Launcher
Internet Speed Monitor
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
mCore
mDriver
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Digital Image Standard 2006
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NetZeroInstallers
OutlookAddinSetup
Qualxserve Service Agreement
QuickSet
RealPlayer
SearchAssist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Synaptics Pointing Device Driver
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WildTangent Web Driver
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
Yahoo! Music Jukebox

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 3rd January 2009, 2:36 pm

Hello.
Crypt doesn't mean malware, it means some file is packed or is coded like malware.

I see you have Viewpoint Manager, this is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: [You must be registered and logged in to see this link.]

Additional info: [You must be registered and logged in to see this link.]

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
Now lets make sure that Viewpoint is fully gone from the system.

  • Next, please download ViewpointKiller by Prm753 from [You must be registered and logged in to see this link.].
  • Save it to a permanent folder (such as C:/ViewpointKiller) and unzip it there.
  • Open ViewpointKiller, and press the Start button.
  • A log will be produced in the same folder where you unzipped it to. Please post the contents of that log in your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 4th January 2009, 2:47 am

I followed your instructions. Here is the log:

----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sat Jan 03 21:42:24 2009

Preparing to remove Viewpoint Media Player...



Warning accepted, beginning removal process....



ViewpointKiller determined that "aim.exe" was not running.

ViewpointKiller was able to close "aim6.exe" successfully.

ViewpointKiller was able to close "aolsoftware.exe" successfully.

ViewpointKiller determined that "aol.exe" was not running.

ViewpointKiller determined that "MtsAxInstaller.exe" was not running.



Preparing to close the Viewpoint Manager Service if it is running...

Closing "Viewpoint Manager Service" failed, or the service is not running.





Searching for all known Viewpoint Media Player registry values and keys...

Found and removed: SOFTWARE\Viewpoint

Found and removed: SOFTWARE\Viewpoint

Found and removed: interface\{9dbb28cd-1925-11d3-a498-00104b6eb52e}

Finished searching for and removing all known Viewpoint Media Player registry values and keys.



Searching for all known Viewpoint Media Player files and folders...

Found and removed: C:\Documents and Settings\All Users\Application Data\Viewpoint

Found and removed: C:\Program Files\Viewpoint

Finished searching for and removing all known Viewpoint Media Player files and folders.



Finished reporting.

----------------------------------
----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sat Jan 03 21:42:52 2009

Preparing to remove Viewpoint Manager...



ViewpointKiller determined that "viewmgr.exe" was not running.

Searching for all known Viewpoint Manager registry values and keys...

Found and removed: Software\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

Finished searching for and removing all known Viewpoint Manager registry values and keys.



Searching for all known Viewpoint Manager files and folders...

Finished searching for and removing all known Viewpoint Manager files and folders.



Finished reporting.

----------------------------------
----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sat Jan 03 21:42:56 2009

Preparing to remove Viewpoint Toolbar...



ViewpointKiller determined that "FotomatDeviceConnect.exe" was not running.

ViewpointKiller was able to close "iexplore.exe" successfully.



Searming for all known Viewpoint Toolbar registry values and keys...

Found and removed: CLSID\{1FB895B8-BC8D-4701-9341-30AE0EC17B64}

Found and removed: to

Found and removed: the

Found and removed: runtime

Found and removed: Register

Found and removed: our

Found and removed: folders

Found and removed: files,

Found and removed: ext

Found and removed: checked

Found and removed: be

Found and removed: at

Found and removed: Associate

Found and removed: all

Found and removed: //

Found and removed: with

Found and removed: will

Finished searching for and removing all known Viewpoint Toolbar registry values and keys.



Searching for all known Viewpoint Toolbar files and folders...

Found and removed: C:\Program Files\Common Files\Viewpoint

Finished searching for and removing all known Viewpoint Toolbar files and folders.



Finished reporting.

----------------------------------

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 4th January 2009, 2:51 am

Good, lets see what this finds.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 4th January 2009, 4:01 am

Quick note: After following your last instructions and rebooting, the popup from TrendMicro PC-Cillin that I've been getting for 6 months everytime a new window opens is no longer occuring. hooray!!!!

Here are the contents of the MBAM log:

Malwarebytes' Anti-Malware 1.31
Database version: 1607
Windows 5.1.2600 Service Pack 3

1/3/2009 10:50:27 PM
mbam-log-2009-01-03 (22-50-27).txt

Scan type: Quick Scan
Objects scanned: 78958
Time elapsed: 22 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 47
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\ISM\BndDrive7.dll (Adware.ISM) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\bnddrive.band (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dcd2f298-bfa3-410f-8c21-b422af11f363} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9815da81-2e0c-478c-90e4-06e474e704d0} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9815da81-2e0c-478c-90e4-06e474e704d0} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9815da81-2e0c-478c-90e4-06e474e704d0} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive.band.1 (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive.bho (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive.bho.1 (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12da1bc4-5384-42fd-a119-3c99d2d146a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dbe49762-874f-41ac-9409-ecdd4b3db4a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12da1bc4-5384-42fd-a119-3c99d2d146a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12da1bc4-5384-42fd-a119-3c99d2d146a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8b27cc68-110c-46a9-80d3-f3107de6eb98} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b27cc68-110c-46a9-80d3-f3107de6eb98} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b27cc68-110c-46a9-80d3-f3107de6eb98} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{12b2c1c8-646a-43db-8557-e25edecbc411} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{1f5e0ea2-abea-44c3-95ec-2d1e721fe95e} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{de4476af-4276-44ac-964b-7e2555c3bef2} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1b2588f5-45ce-4322-b755-d79944ad1b17} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1b2588f5-45ce-4322-b755-d79944ad1b17} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c6d5a56-791e-4fe8-9d64-81781fa15d68} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dde3eca1-0352-4602-a719-154678216cc5} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1ed6a320-8af3-4f06-868a-9ba95585712e} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1ed6a320-8af3-4f06-868a-9ba95585712e} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1ed6a320-8af3-4f06-868a-9ba95585712e} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8aba9a9c-8791-4d61-8d5b-bcc9448ea573} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8aba9a9c-8791-4d61-8d5b-bcc9448ea573} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8aba9a9c-8791-4d61-8d5b-bcc9448ea573} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AdBand.DLL (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive2.band (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive2.band.1 (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive2.bho (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive2.bho.1 (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BndDrive (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ISM2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Delete on reboot.
C:\Documents and Settings\Alexander Lemke\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ISM\BndDrive.dll (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Program Files\ISM\BndDrive3.dll (Trojan.Adware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexander Lemke\Local Settings\Temp\ismupd8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\dictionary.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\ISMPack5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\ISMPack7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\targets.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM\anticaupd.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\archupd.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\BndDrive6.dll (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\BndDrive7.dll (Adware.ISM) -> Delete on reboot.
C:\Program Files\ISM\bndloader.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\dictionary.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ISMModule7.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\syncupd.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\targets.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexander Lemke\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexander Lemke\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 4th January 2009, 1:54 pm

Hello.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 5th January 2009, 3:29 am

Two Notepad documents popped up. One is DDS.txt. The other was Attach.txt. Attach.txt said not to post that one in the forum, but to zip it and then attach it to the post?????? If I need to do that, please let me know how, otherwise here is DDS.txt.


DDS (Version 1.1.0) - NTFSx86
Run by Alex Lemke II at 22:23:16.25 on Sun 01/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.236 [GMT -5:00]
AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated)
FW: PC-cillin Internet Security - Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Alex Lemke II\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
============= SERVICES / DRIVERS ===============
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2006-9-25 280392]
R4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2006-9-25 345696]
R4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2006-9-25 923216]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-25 36368]
R4 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2006-9-25 566872]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
=============== Created Last 30 ================
2009-01-03 22:24 --d----- c:\docume~1\alexle~1\applic~1\Malwarebytes
2009-01-03 22:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-03 22:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 22:23 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-03 22:23 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 21:41 --d----- C:\viewpointkiller
2009-01-03 21:39 24,338 a------- C:\viewpointkiller.zip
==================== Find3M ====================
2008-12-20 21:24 6,968 a------- c:\docume~1\alexle~1\applic~1\wklnhst.dat
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-08 19:09 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-09-26 19:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092620080927\index.dat
============= FINISH: 22:23:49.79 ===============

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 5th January 2009, 2:52 pm

Hello.
Looks good now, just delete the Viewpoint killer, these two file/folder:
C:\viewpointkiller.zip


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 5th January 2009, 9:49 pm

I deleted the 2 Viewpointkiller folders. I just ran a Trend Micro PC-Cillin Scan and Cryp_Naix-7 is still there. It shows me the first few characters of the Location of the incident and it is "$INSTDIR\BndDrive3.dll (C:\Documents and Settings........"

What should be my next step?

P.S....Thanks for all your help so far.

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 5th January 2009, 10:03 pm

Please download DirLook by jpshortstuff from one of the following mirrors:
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    Code:
    C:\Documents and Settings /s

  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)
Note: Scanning may take longer for large folders.

If the log is huge, please let me know.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 7th January 2009, 4:54 am

Ran the DirLook scan..........the log is huge. I saved it to my C: drive.

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 7th January 2009, 2:25 pm

Okay.
Please upload it to here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 8th January 2009, 2:43 am

[You must be registered and logged in to see this link.]

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 8th January 2009, 4:59 pm

Nothing there, no $instdrive folder.
Is it possible you can scan again and see if it finds it, and if it does, could you provide a full file path.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 9th January 2009, 5:48 am

yeah i'll run it tomorrow. Takes 90 mins and it's 1am here.

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 10th January 2009, 2:29 am

The Trend Micro scan still detects it.

The "Name/Location" of the CRYP_NAIX-7 is:

$INSTDIR\BndDrive3.dll (C:\Documents and Settings\Alexander Lemke\Local Settings\Temp\bndupd4.exe)

It also has a little symbol at the beginning of that line with the incident: it's a lock with a checkmark next to it. I looked through the help section to see what that symbol means but couldn't pinpoint it. It looks similar to the Quarantine symbol.

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 10th January 2009, 2:15 pm

Ah, it's just a temp file.

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by lex514 on 11th January 2009, 3:32 am

CRYP_NAIX-7 is no longer detected.

Thanks, Belahzur.

I guess this one can go to the "Solved" category.

lex514
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-01-03
OS OS : Windows XP Professional
Points Points : 28994
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Belahzur on 11th January 2009, 1:08 pm

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: CRYP_NAIX-7

Post by Doctor Inferno on 2nd March 2009, 10:06 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum