Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde?, Pmkjh.exe,suchost.exe Problem


  • This topic is locked This topic is locked
14 replies to this topic

#1 ibdan61

ibdan61

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 02 February 2008 - 04:00 AM

Hello again Grinler,
I have tried everything and just can'y seem to get rid of these 2 executables, "pmkjh.exe" and "suchost.exe". Also I get random pop ups, anything from ebay all the way to singles sites. Any suggestions?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:46 AM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch .exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dan.IWANTITA-D1CF00\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkjh.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C9B7947C-7854-4208-864B-EC2E39778FBC} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1201408217250
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201399403046
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 4487 bytes

BC AdBot (Login to Remove)

 


#2 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 02 February 2008 - 05:39 PM

Hello and Welcome to Bleeping Computer.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions ASAP.


Posted Image


#3 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 02 February 2008 - 08:04 PM

Hello ibdan61,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


Posted Image


#4 ibdan61

ibdan61
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 04 February 2008 - 07:31 AM

ComboFix 08-02.03.1 - Dan 2008-02-04 4:04:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.547 [GMT -8:00]
Running from: C:\Documents and Settings\Dan.IWANTITA-D1CF00\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AIM6\services\bfts\ver2_14_6_6\resources\en-US\Desktop_.ini
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Desktop_.ini
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\My Playlists\Desktop_.ini
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Sample Music\Desktop_.ini
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Sample Playlists\000EC09C\Desktop_.ini
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures\Sample Pictures\Desktop_.ini
C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos\Desktop_.ini
C:\found.000\Desktop_.ini
C:\Program Files\a376\a376\Ap\Desktop_.ini
C:\Program Files\a376\a376\config\Desktop_.ini
C:\Program Files\a376\a376\Desktop_.ini
C:\Program Files\a376\a376\WDM\Desktop_.ini
C:\Program Files\a376\a376\Win95\Desktop_.ini
C:\Program Files\a376\a376\WinNT4\Desktop_.ini
C:\Program Files\a376\Desktop_.ini
C:\Program Files\AIM\Desktop_.ini
C:\Program Files\AIM\Resources\Desktop_.ini
C:\Program Files\AIM\Sounds\Desktop_.ini
C:\Program Files\AIM\Sysfiles\Desktop_.ini
C:\Program Files\AIM6\Desktop_.ini
C:\Program Files\AIM6\services\addressBook\Desktop_.ini
C:\Program Files\AIM6\services\addressBook\ver1_10_1_1\Desktop_.ini
C:\Program Files\AIM6\services\addressBook\ver1_10_1_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\addressBook\ver1_10_1_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\content\addressCard\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\content\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\content\dialogs\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\content\gadgets\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\content\people_picker\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\resources\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\theme\Desktop_.ini
C:\Program Files\AIM6\services\addressBookApp\ver1_1_6_3\theme\images\Desktop_.ini
C:\Program Files\AIM6\services\addressBookPrint\Desktop_.ini
C:\Program Files\AIM6\services\addressBookPrint\ver1_4_5_1\Desktop_.ini
C:\Program Files\AIM6\services\addressBookPrint\ver1_4_5_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\addressBookPrint\ver1_4_5_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\aolHelpBox\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\core\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\dialog\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\editorPack\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\extrasPack\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\inputPack\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\listPack\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\menuPack\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\tabPack\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\content\windowingPack\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\theme\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\DarkTwisty\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\FontToolbar\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\InputFields\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\SuperTwisty\Desktop_.ini
C:\Program Files\AIM6\services\aimToolkit\ver6_5_9_1\theme\images\TabScroll\Desktop_.ini
C:\Program Files\AIM6\services\bfts\Desktop_.ini
C:\Program Files\AIM6\services\bfts\ver2_14_6_6\Desktop_.ini
C:\Program Files\AIM6\services\bfts\ver2_14_6_6\resources\Desktop_.ini
C:\Program Files\AIM6\services\bfts\ver2_14_6_6\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\boxelyrenderer\Desktop_.ini
C:\Program Files\AIM6\services\boxelyrenderer\ver2_5_5_1\Desktop_.ini
C:\Program Files\AIM6\services\boxelyrenderer\ver2_5_5_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\boxelyrenderer\ver2_5_5_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\aolHelpBox\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\core\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\dialog\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\editorPack\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\extrasPack\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\inputPack\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\listPack\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\menuPack\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\tabPack\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\content\windowingPack\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\resources\de-DE\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\resources\he-IL\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\DarkTwisty\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\FontToolbar\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\InputFields\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\SuperTwisty\Desktop_.ini
C:\Program Files\AIM6\services\boxelyToolkit\ver2_5_5_1\theme\images\TabScroll\Desktop_.ini
C:\Program Files\AIM6\services\compression\Desktop_.ini
C:\Program Files\AIM6\services\compression\ver3_1_2_1\Desktop_.ini
C:\Program Files\AIM6\services\Desktop_.ini
C:\Program Files\AIM6\services\htmlRenderer\Desktop_.ini
C:\Program Files\AIM6\services\htmlRenderer\ver2_0_6_1\Desktop_.ini
C:\Program Files\AIM6\services\http\Desktop_.ini
C:\Program Files\AIM6\services\http\ver2_8_8_1\Desktop_.ini
C:\Program Files\AIM6\services\imApp\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\ab\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\about\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\bl\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\gadgets\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\im\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\imSpam\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\logViewer\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\picshare\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\plaxo\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\plugin\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\prefs\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\signon\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\content\toaster\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\blackChrome\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\blackChrome\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\chocolate\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\chocolate\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\gold\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\gold\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\gray\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\gray\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\green\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\green\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\images\plaxo\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\lightBlue\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\lightBlue\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\navy\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\navy\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\olive\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\olive\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\pink\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\pink\images\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\purple\Desktop_.ini
C:\Program Files\AIM6\services\imApp\ver6_5_9_1\theme\purple\images\Desktop_.ini
C:\Program Files\AIM6\services\localStorage\Desktop_.ini
C:\Program Files\AIM6\services\localStorage\ver7_3_2_1\Desktop_.ini
C:\Program Files\AIM6\services\miniXML\Desktop_.ini
C:\Program Files\AIM6\services\miniXML\ver1_6_1_2\Desktop_.ini
C:\Program Files\AIM6\services\notification\Desktop_.ini
C:\Program Files\AIM6\services\notification\ver6_4_1_1\Desktop_.ini
C:\Program Files\AIM6\services\os\Desktop_.ini
C:\Program Files\AIM6\services\os\ver5_2_1_1\Desktop_.ini
C:\Program Files\AIM6\services\osInfo\Desktop_.ini
C:\Program Files\AIM6\services\osInfo\ver1_2_2_1\Desktop_.ini
C:\Program Files\AIM6\services\plaxo\Desktop_.ini
C:\Program Files\AIM6\services\plaxo\ver2_7_11_1\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\content\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\content\gadget\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\content\import\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\content\util\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\content\wizard\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\theme\Desktop_.ini
C:\Program Files\AIM6\services\plaxoApp\ver0_7_29_1\theme\images\Desktop_.ini
C:\Program Files\AIM6\services\preferences\Desktop_.ini
C:\Program Files\AIM6\services\preferences\ver5_2_1_1\Desktop_.ini
C:\Program Files\AIM6\services\security\Desktop_.ini
C:\Program Files\AIM6\services\security\ver4_0_5_1\Desktop_.ini
C:\Program Files\AIM6\services\softwareUpdate\Desktop_.ini
C:\Program Files\AIM6\services\softwareUpdate\ver2_14_11_12\Desktop_.ini
C:\Program Files\AIM6\services\softwareUpdate\ver2_14_11_12\resources\Desktop_.ini
C:\Program Files\AIM6\services\softwareUpdate\ver2_14_11_12\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\sync\Desktop_.ini
C:\Program Files\AIM6\services\sync\ver4_1_2_1\Desktop_.ini
C:\Program Files\AIM6\services\sync\ver4_1_2_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\sync\ver4_1_2_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\toaster\Desktop_.ini
C:\Program Files\AIM6\services\toaster\ver4_3_1_1\content\Desktop_.ini
C:\Program Files\AIM6\services\toaster\ver4_3_1_1\Desktop_.ini
C:\Program Files\AIM6\services\toaster\ver4_3_1_1\resources\Desktop_.ini
C:\Program Files\AIM6\services\toaster\ver4_3_1_1\resources\en-US\Desktop_.ini
C:\Program Files\AIM6\services\toaster\ver4_3_1_1\theme\Desktop_.ini
C:\Program Files\AIM6\services\urlData\Desktop_.ini
C:\Program Files\AIM6\services\urlData\ver1_6_1_1\Desktop_.ini
C:\Program Files\AIM6\services\urlDispatcher\Desktop_.ini
C:\Program Files\AIM6\services\urlDispatcher\ver4_3_4_1\Desktop_.ini
C:\Program Files\AOD\aol\Desktop_.ini
C:\Program Files\AOD\Desktop_.ini
C:\Program Files\AOL Search\Desktop_.ini
C:\Program Files\AOL\Desktop_.ini
C:\Program Files\Application Compatibility Toolkit\applications\Desktop_.ini
C:\Program Files\Application Compatibility Toolkit\demoapp\Desktop_.ini
C:\Program Files\Application Compatibility Toolkit\Desktop_.ini
C:\Program Files\Application Compatibility Toolkit\documents\Desktop_.ini
C:\Program Files\Application Compatibility Toolkit\images\Desktop_.ini
C:\Program Files\ATI Multimedia\CDA\Desktop_.ini
C:\Program Files\ATI Multimedia\Desktop_.ini
C:\Program Files\ATI Multimedia\dsvcd\Desktop_.ini
C:\Program Files\ATI Multimedia\dvd\Desktop_.ini
C:\Program Files\ATI Multimedia\gallery\Desktop_.ini
C:\Program Files\ATI Multimedia\help\Desktop_.ini
C:\Program Files\ATI Multimedia\homestead\Desktop_.ini
C:\Program Files\ATI Multimedia\main\Desktop_.ini
C:\Program Files\ATI Multimedia\mfplay\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Components\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Components\Tables\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\SonicResources\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Allegro\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Berry\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Birthday Kid\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Cache\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Celebration\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Cork Board\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Default Styles\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Fake Snake\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Flower Power\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Genuine Leather\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Globetrotting\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Grape\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Halloween 01\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Hollyday\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Lemon\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Nature Trail\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\On Television\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Parchment\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Picture Frames\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Rainy Day\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Red Alert\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\School Pictures\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Slate\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Sports 01\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Summer Fun\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Sunburst\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Tiki Hut\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Wedding\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Default Styles\Whiteboard\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\NTSC\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Allegro\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Berry\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Birthday Kid\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Cache\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Celebration\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Cork Board\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Fake Snake\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Flower Power\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Genuine Leather\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Globetrotting\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Grape\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Halloween 01\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Hollyday\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Lemon\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Nature Trail\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\On Television\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Parchment\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Picture Frames\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Rainy Day\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Red Alert\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\School Pictures\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Slate\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Sports 01\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Summer Fun\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Sunburst\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Test Background\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Tiki Hut\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Wedding\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Default Styles\Whiteboard\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\Styles\PAL\Desktop_.ini
C:\Program Files\ATI Multimedia\mlibrary\TranscoderPlugins\Desktop_.ini
C:\Program Files\ATI Multimedia\RemCtrl\Desktop_.ini
C:\Program Files\ATI Multimedia\RemCtrl\drivers\Desktop_.ini
C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\Desktop_.ini
C:\Program Files\ATI Multimedia\remotetv\Desktop_.ini
C:\Program Files\ATI Multimedia\tv\Desktop_.ini
C:\Program Files\ATI Technologies\Desktop_.ini
C:\Program Files\ATI Technologies\UninstallAll\Desktop_.ini
C:\Program Files\Desktop_.ini
C:\Program Files\Gemstar\Desktop_.ini
C:\Program Files\Gemstar\GUIDE PLUS+™\ATI\db\Desktop_.ini
C:\Program Files\Gemstar\GUIDE PLUS+™\ATI\Desktop_.ini
C:\Program Files\Gemstar\GUIDE PLUS+™\ATI\download\Desktop_.ini
C:\Program Files\Gemstar\GUIDE PLUS+™\ATI\image\Desktop_.ini
C:\Program Files\Gemstar\GUIDE PLUS+™\ATI\panelad\default\Desktop_.ini
C:\Program Files\Gemstar\GUIDE PLUS+™\ATI\panelad\Desktop_.ini
C:\Program Files\Gemstar\GUIDE PLUS+™\Desktop_.ini
C:\Program Files\Java\Desktop_.ini
C:\Program Files\Java\jre1.5.0_12\Desktop_.ini
C:\Program Files\Java\jre1.5.0_12\lib\Desktop_.ini
C:\Program Files\Java\jre1.5.0_12\lib\ext\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\bin\client\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\bin\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\applet\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\cmm\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\deploy\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\ext\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\fonts\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\i386\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\im\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\images\cursors\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\images\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\management\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\security\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Africa\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Argentina\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Indiana\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\Kentucky\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\America\North_Dakota\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Antarctica\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Asia\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Atlantic\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Australia\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Etc\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Europe\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Indian\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\Pacific\Desktop_.ini
C:\Program Files\Java\jre1.6.0_03\lib\zi\SystemV\Desktop_.ini
C:\Program Files\K-Lite Codec Pack\Desktop_.ini
C:\Program Files\K-Lite Codec Pack\Filters\Desktop_.ini
C:\Program Files\K-Lite Codec Pack\Icons\Desktop_.ini
C:\Program Files\K-Lite Codec Pack\Info\Desktop_.ini
C:\Program Files\K-Lite Codec Pack\Tools\Desktop_.ini
C:\Program Files\K-Lite Codec Pack\Tools\gspot\Desktop_.ini
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Desktop_.ini
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Lang\Desktop_.ini
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Plugins\Desktop_.ini
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Desktop_.ini
C:\Program Files\Lavasoft\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Install\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Plugins\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\EN\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\GenFlash\1\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\GenFlash\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Scripts\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Scripts\RuleExec\Desktop_.ini
C:\Program Files\Logitech\Desktop Messenger\Desktop_.ini
C:\Program Files\Logitech\Desktop_.ini
C:\Program Files\Logitech\iTouch\Desktop_.ini
C:\Program Files\Logitech\iTouch\Drivers\Clean\Desktop_.ini
C:\Program Files\Logitech\iTouch\Drivers\Desktop_.ini
C:\Program Files\Logitech\iTouch\First_Button_Use\Desktop_.ini
C:\Program Files\Logitech\iTouch\First_Button_Use\HTML\Desktop_.ini
C:\Program Files\Logitech\iTouch\First_Button_Use\Images\Desktop_.ini
C:\Program Files\Logitech\MouseWare\Desktop_.ini
C:\Program Files\Logitech\MouseWare\Drivers\Desktop_.ini
C:\Program Files\Logitech\MouseWare\Drivers\Win2k_XP\Desktop_.ini
C:\Program Files\Logitech\MouseWare\help\Desktop_.ini
C:\Program Files\Logitech\MouseWare\pointers\Desktop_.ini
C:\Program Files\Logitech\MouseWare\system\Desktop_.ini
C:\Program Files\msaccrt\Access 97\Desktop_.ini
C:\Program Files\msaccrt\Desktop_.ini
C:\Program Files\MSN Gaming Zone\Desktop_.ini
C:\Program Files\MySpace\Desktop_.ini
C:\Program Files\MySpace\IM\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Config\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Emoticons\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Images\Animations\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Images\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Images\Skype\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Images\Zaps\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Locale\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Pages\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Sounds\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\_Common\Sounds\Skype\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\BlueNick\Config\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\BlueNick\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\BlueNick\Images\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\ClassicXP\Common\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\ClassicXP\Config\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\ClassicXP\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\ClassicXP\Images\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\NewBlue\Common\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\NewBlue\Config\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\NewBlue\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\NewBlue\Images\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\StealthNick\Config\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\StealthNick\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Animations\Desktop_.ini
C:\Program Files\MySpace\IM\Skins\StealthNick\Images\Desktop_.ini
C:\Program Files\Online Services\Desktop_.ini
C:\Program Files\Paltalk Messenger\Desktop_.ini
C:\Program Files\Paltalk Messenger\ReceivedFiles\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Dummies\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Help\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Includes\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Languages\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Plugins\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Skins\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Updates\Desktop_.ini
C:\Program Files\Support Tools\Desktop_.ini
C:\Program Files\TitanTV\Desktop_.ini
C:\Program Files\Uninstall Information\Desktop_.ini
C:\Program Files\ViCAM\Desktop_.ini
C:\Program Files\ViCAM\Images\Desktop_.ini
C:\Program Files\Viewpoint\Common\Desktop_.ini
C:\Program Files\Viewpoint\Desktop_.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Desktop_.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Desktop_.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\Desktop_.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Desktop_.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9\Desktop_.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus\Desktop_.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\Desktop_.ini
C:\Program Files\Windows Media Components\Desktop_.ini
C:\Program Files\Windows Media Components\Encoder\1033\Desktop_.ini
C:\Program Files\Windows Media Components\Encoder\Desktop_.ini
C:\Program Files\Windows Media Components\Encoder\Profiles\Desktop_.ini
C:\Program Files\Windows Media Components\Encoder\Settings\Desktop_.ini
C:\Program Files\Windows Media Components\Encoder\Templates\Desktop_.ini
C:\Program Files\xerox\Desktop_.ini
C:\Program Files\xerox\nwwia\Desktop_.ini
C:\Program Files\Yahoo!\Common\Desktop_.ini
C:\Program Files\Yahoo!\Desktop_.ini
C:\Program Files\Yahoo!\Installs\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Indigo\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Maverick\Desktop_.ini
C:\RECYCLER\Desktop_.ini
C:\RECYCLER\S-1-5-21-1801674531-1770027372-725345543-1003\Desktop_.ini
C:\RECYCLER\S-1-5-21-2000478354-573735546-682003330-1003\Dc1\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\Desktop_.ini
C:\RECYCLER\S-1-5-21-2000478354-573735546-682003330-1003\Dc1\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Desktop_.ini
C:\RECYCLER\S-1-5-21-2000478354-573735546-682003330-1003\Dc1\Desktop_.ini
C:\RECYCLER\S-1-5-21-2000478354-573735546-682003330-1003\Dc2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Desktop_.ini
C:\RECYCLER\S-1-5-21-2000478354-573735546-682003330-1003\Dc2\Desktop_.ini
C:\RECYCLER\S-1-5-21-2000478354-573735546-682003330-1003\Desktop_.ini
C:\RECYCLER\S-1-5-21-299502267-1482476501-1801674531-1003\Desktop_.ini
C:\WINDOWS\system32\ahwqnngx.ini
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\olebcgsy.ini
C:\WINDOWS\system32\tmtigbac.ini
C:\WINDOWS\system32\vxrnxvuf.ini
C:\WINDOWS\system32\ysgcbelo.dll
D:\RECYCLER\Desktop_.ini
E:\RECYCLER\Desktop_.ini

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-01 23:38 . 2008-02-02 00:18 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\.housecall6.6
2008-02-01 21:51 . 2008-02-01 23:35 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-01 19:31 . 2008-02-01 19:31 340,480 --a------ C:\WINDOWS\system32\pmkjh.dll_old
2008-02-01 18:15 . 2008-02-04 04:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-01 18:15 . 2008-02-01 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-01 13:38 . 2008-02-04 04:11 <DIR> d--hs---- C:\found.000
2008-02-01 11:55 . 2008-02-01 11:55 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\Application Data\AdobeUM
2008-02-01 11:54 . 2008-02-01 11:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-01 07:52 . 2008-02-01 07:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI MMC
2008-02-01 07:39 . 2008-02-04 04:12 <DIR> d-------- C:\Program Files\ATI Technologies
2008-02-01 06:45 . 2008-02-01 06:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-01 02:50 . 2008-02-01 02:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap
2008-01-31 21:29 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-27 12:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-27 12:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-27 07:14 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-27 04:46 . 2008-01-27 04:46 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\Application Data\Aim
2008-01-27 04:45 . 2008-02-04 04:11 <DIR> d-------- C:\Program Files\AOD
2008-01-27 04:45 . 2008-02-04 04:11 <DIR> d-------- C:\Program Files\AIM
2008-01-27 04:45 . 2008-01-27 04:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-01-27 02:06 . 2008-01-27 02:06 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\WINDOWS
2008-01-27 01:56 . 2008-02-04 04:11 <DIR> d-------- C:\Program Files\a376
2008-01-27 00:50 . 2008-01-27 00:50 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\Application Data\Lavasoft
2008-01-27 00:48 . 2008-02-04 04:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-27 00:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-27 00:39 . 2008-01-27 00:39 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\jmeeting
2008-01-26 21:20 . 2007-02-28 01:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-26 21:20 . 2007-02-28 01:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-01-26 21:20 . 2007-02-28 00:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-01-26 21:20 . 2007-02-28 00:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-01-26 20:52 . 2006-03-16 16:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-01-26 19:03 . 2008-02-04 04:12 <DIR> d-------- C:\Program Files\Java
2008-01-26 18:53 . 2008-01-26 18:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-01-26 17:59 . 2006-02-21 20:30 2,636,672 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-01-26 17:59 . 2006-02-21 20:46 1,505,792 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-26 17:59 . 2006-02-21 20:46 1,505,792 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-26 17:59 . 2006-02-21 20:24 860,480 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-01-26 17:59 . 2006-02-21 20:04 258,048 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-01-26 17:59 . 2006-02-21 20:46 256,512 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-01-26 17:51 . 2008-02-01 21:49 359 --a------ C:\WINDOWS\WININIT.INI
2008-01-26 17:40 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\bdeadmin.cpl
2008-01-26 17:28 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-26 17:28 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-26 17:25 . 2008-01-26 17:25 <DIR> d---s---- C:\WINDOWS\%systemroot%
2008-01-26 17:21 . 2008-02-01 21:21 51 --a------ C:\WINDOWS\iTouch.ini
2008-01-26 17:14 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-26 17:14 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-26 17:14 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\Msvcr71.dll
2008-01-26 17:14 . 2002-01-05 04:38 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2008-01-26 17:14 . 2003-11-07 01:50 37,884 --------- C:\WINDOWS\system32\drivers\Lhidusb.sys
2008-01-26 17:14 . 2003-11-07 01:50 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-01-26 17:10 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-26 17:06 . 2008-01-26 17:06 <DIR> d--hs---- C:\Documents and Settings\Dan.IWANTITA-D1CF00\UserData
2008-01-26 16:52 . 2008-01-26 16:52 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-26 16:51 . 2004-08-03 22:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2008-01-26 16:51 . 2001-08-23 11:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-01-26 16:49 . 2001-08-23 11:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-26 16:48 . 2004-08-03 23:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-26 16:47 . 2008-02-01 07:41 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-26 16:47 . 2008-01-26 16:47 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-26 16:47 . 2008-01-26 16:47 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-26 16:47 . 2008-01-26 16:47 2,577 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-01-26 16:47 . 2008-01-26 16:47 0 --a------ C:\WINDOWS\control.ini
2008-01-26 16:46 . 2008-01-26 16:47 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-01-26 16:45 . 2001-08-23 11:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-01-26 16:45 . 2008-01-26 16:45 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-01-26 16:45 . 2008-01-26 16:45 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-26 16:30 . 2008-01-26 16:43 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-26 16:30 . 2001-08-23 11:00 5,632 --a------ C:\WINDOWS\system32\write.exe
2008-01-26 16:30 . 2001-08-23 11:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\write.exe
2008-01-26 16:30 . 2008-01-26 16:30 37 --a------ C:\WINDOWS\vbaddin.ini
2008-01-26 16:30 . 2008-01-26 16:30 36 --a------ C:\WINDOWS\vb.ini
2008-01-26 08:32 . 2008-02-01 22:00 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-01-26 08:32 . 2004-08-04 00:57 1,086,058 -ra------ C:\WINDOWS\SET1F.tmp
2008-01-26 08:32 . 2004-08-04 01:03 1,042,903 -ra------ C:\WINDOWS\SET1C.tmp
2008-01-26 08:32 . 2004-08-04 00:58 13,753 -ra------ C:\WINDOWS\SET2B.tmp
2008-01-26 08:23 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-01-26 08:23 . 2004-08-03 23:15 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-01-26 08:23 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-01-26 08:23 . 2004-08-04 00:56 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-01-26 08:23 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-01-26 08:23 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-01-26 08:23 . 2004-08-03 14:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-26 08:23 . 2004-08-03 15:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-26 08:23 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-01-26 08:23 . 2004-08-04 00:56 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-01-26 08:23 . 2001-08-17 06:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2008-01-26 08:22 . 2004-08-03 16:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-26 08:22 . 2004-08-03 15:07 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2008-01-26 08:22 . 2004-08-03 14:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-01-26 08:22 . 2004-08-03 14:59 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-01-26 08:19 . 2004-08-04 00:58 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-01-26 08:18 . 2008-01-26 16:51 532 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-01-17 15:14 . 2008-01-17 16:30 <DIR> d-------- C:\WINDOWS\system32\svcd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 12:12 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:12 --------- d-----w C:\Program Files\ViCAM
2008-02-04 12:12 --------- d-----w C:\Program Files\Paltalk Messenger
2008-02-04 12:12 --------- d-----w C:\Program Files\MySpace
2008-02-04 12:12 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:11 --------- d-----w C:\Program Files\AOL Search
2008-02-04 12:11 --------- d-----w C:\Program Files\AIM6
2008-02-02 04:18 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-02-01 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 09:57 90,112 ----a-w C:\WINDOWS\SOUNDMAN.EXE
2008-01-27 09:57 3,644,800 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-01-10 08:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-31 10:48 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-31 09:45 --------- d-----w C:\Program Files\Common Files\Java
2007-12-31 08:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-31 08:30 --------- d-----w C:\Program Files\microsoft frontpage
2004-09-10 11:36 24,841 ---ha-r C:\Program Files\Deutsch - BWF - SCORPiON.awl
.
<pre>
----a-w			53,248 2008-02-01 16:59:21  C:\Program Files\ATI Multimedia\main\ATIDtct .EXE
----a-w		   102,400 2008-02-01 15:49:06  C:\Program Files\ATI Multimedia\main\launchpd .exe
----a-w		 1,482,752 2008-02-02 05:21:34  C:\Program Files\ATI Multimedia\RemCtrl\ATIRW .exe
----a-w		   132,496 2008-02-02 05:21:28  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		   538,112 2008-02-02 05:21:33  C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch .exe
----a-w		   892,928 2008-02-02 05:21:34  C:\Program Files\Logitech\iTouch\iTouch .exe
----a-w		 1,667,584 2008-01-26 21:29:22  C:\Program Files\Messenger\msmsgs .exe
----a-w		   158,208 2008-02-02 04:18:19  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B7947C-7854-4208-864B-EC2E39778FBC}]
C:\WINDOWS\system32\pmkjh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2008-01-27 01:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 01:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [ ]

R2 ViCAM;ViCAM;C:\WINDOWS\system32\drivers\ViCAM.sys [1999-10-12 05:04]
R3 VICAMUSB;3Com HomeConnect USB Camera;C:\WINDOWS\system32\drivers\vicamusb.sys [1999-10-12 12:23]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 06:22]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 06:22]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 06:22]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 04:14:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-04 4:16:01 - machine was rebooted [Dan]
ComboFix-quarantined-files.txt 2008-02-04 12:15:45



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:27 AM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dan.IWANTITA-D1CF00\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C9B7947C-7854-4208-864B-EC2E39778FBC} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1201408217250
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201399403046
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 4057 bytes

#5 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 07 February 2008 - 09:17 PM

Hello again,

Sorry for the delay.

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.




Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log




1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\pmkjh.dll_old
C:\WINDOWS\SET1F.tmp
C:\WINDOWS\SET1C.tmp
C:\WINDOWS\SET2B.tmp
C:\WINDOWS\system32\pmkjh.dll

Folder::
C:\WINDOWS\system32\svcd

DirLook::
C:\Program Files\a376

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9B7947C-7854-4208-864B-EC2E39778FBC}]

RENV::
----a-w 53,248 2008-02-01 16:59:21 C:\Program Files\ATI Multimedia\main\ATIDtct .EXE
----a-w 102,400 2008-02-01 15:49:06 C:\Program Files\ATI Multimedia\main\launchpd .exe
----a-w 1,482,752 2008-02-02 05:21:34 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW .exe
----a-w 132,496 2008-02-02 05:21:28 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 538,112 2008-02-02 05:21:33 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch .exe
----a-w 892,928 2008-02-02 05:21:34 C:\Program Files\Logitech\iTouch\iTouch .exe
----a-w 1,667,584 2008-01-26 21:29:22 C:\Program Files\Messenger\msmsgs .exe
----a-w 158,208 2008-02-02 04:18:19 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log
  • Report.txt


Posted Image


#6 ibdan61

ibdan61
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 07 February 2008 - 11:12 PM

SDFix: Version 1.138

Run by Dan on Thu 02/07/2008 at 07:52 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Folder C:\WINDOWS\system32\svcd - Removed


Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 19:57:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaCategories\{185FEDM5-9905-11D1-95A!-00C04FB925D3}]
"Name"="Wave \x1056olume"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 26 Jan 2008 96 A..H. --- "C:\Program Files\ATI Multimedia\RemCtrl\x10prod.sys"
Sat 26 Jan 2008 797,088 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\379c3e87f4016899bd06cdf1184d31ce\BIT25.tmp"
Sat 26 Jan 2008 7,531,128 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\631bea423a2590540110f7e11fcbd692\BIT21.tmp"
Sat 26 Jan 2008 3,109,928 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab9217b6e5750f9481b4ee261d21b730\BIT37.tmp"
Sat 26 Jan 2008 516,286 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00766461b1b00d8469999536d8f8d6e4\download\BIT31.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\download\BIT95.tmp"
Sat 26 Jan 2008 87,210 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\BIT38.tmp"
Sat 26 Jan 2008 6,362 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05dc5f0b39a115d1962503e7297cdba7\download\BIT37.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\download\BIT68.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a120212db9f8797932f46def01672fc\download\BITA0.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\BITA3.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\download\BIT43.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\download\BIT4E.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\download\BIT62.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\download\BIT66.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1fb659e25c21839251d560da33cbcfad\download\BIT1B.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\download\BIT9E.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\BIT99.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2abaeb659824de5967ddf7181c6befdb\download\BIT9F.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d7809720343ee9223ce4d88d99bf3c2\download\BITA1.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30afadc4c35db2f5d8b4c076a49edc7b\download\BIT53.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\download\BIT97.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\download\BIT6C.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\download\BIT5C.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\download\BIT3F.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\download\BIT5E.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\download\BIT17.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\download\BIT45.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b6ccd5ccf72ffca11e7f7e0165f2082\download\BIT78.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4bc27de79804b640a2e67eda87fe6cda\download\BIT6B.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\download\BIT41.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\download\BIT42.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\download\BIT2E.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\download\BIT98.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\download\BIT4D.tmp"
Sat 26 Jan 2008 1,577,695 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\download\BIT25.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b94d041c29d0b8d724c97ae0005e71b\download\BIT96.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\86c1313b3b7233a513215d577f5db5c4\download\BIT16.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\download\BIT40.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\download\BIT61.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a37f70e90784c333642cb76a8881df8\download\BIT64.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\download\BITA4.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a0d1667f129d439fad31a81898b17830\download\BIT9A.tmp"
Wed 19 Apr 2006 1,053,663 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\BIT4C.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\download\BIT70.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\download\BIT67.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\download\BIT62.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\download\BIT23.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\download\BIT94.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\download\BIT9D.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\download\BIT5F.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\download\BITA2.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\download\BIT19.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\download\BIT46.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\download\BIT4F.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\download\BIT66.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\download\BIT3D.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\download\BITA5.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\download\BIT63.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\download\BIT8A.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\download\BIT65.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\download\BIT44.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\download\BIT1A.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1717a50ad70787e0b2e37537d202992\download\BIT18.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\download\BIT8E.tmp"
Sat 26 Jan 2008 115,734 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\download\BIT32.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:21 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dan.IWANTITA-D1CF00\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1201408217250
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201399403046
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 3782 bytes

ComboFix 08-02.03.1 - Dan 2008-02-07 20:03:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.531 [GMT -8:00]
Running from: C:\Documents and Settings\Dan.IWANTITA-D1CF00\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dan.IWANTITA-D1CF00\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\SET1C.tmp
C:\WINDOWS\SET1F.tmp
C:\WINDOWS\SET2B.tmp
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll_old
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SET1C.tmp
C:\WINDOWS\SET1F.tmp
C:\WINDOWS\SET2B.tmp
C:\WINDOWS\system32\pmkjh.dll_old

.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 19:50 . 2008-02-07 19:50 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-07 19:44 . 2008-02-07 20:00 <DIR> d-------- C:\SDFix
2008-02-06 16:53 . 2008-02-06 16:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-02-04 17:15 . 2008-02-04 17:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-02-04 17:14 . 2008-02-04 17:14 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\Application Data\acccore
2008-02-04 04:40 . 2008-02-04 04:40 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-02-04 04:40 . 2008-02-04 04:40 335 --a------ C:\WINDOWS\nsreg.dat
2008-02-04 04:35 . 2008-02-04 04:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-02-04 04:35 . 2008-02-04 04:35 29 --a------ C:\WINDOWS\atid.ini
2008-02-01 23:38 . 2008-02-02 00:18 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\.housecall6.6
2008-02-01 21:51 . 2008-02-01 23:35 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-01 20:18 . 2008-02-01 20:18 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-02-01 18:15 . 2008-02-04 04:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-01 18:15 . 2008-02-01 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-01 13:38 . 2008-02-04 04:11 <DIR> d--hs---- C:\found.000
2008-02-01 11:55 . 2008-02-01 11:55 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\Application Data\AdobeUM
2008-02-01 11:54 . 2008-02-01 11:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-01 07:52 . 2008-02-01 07:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI MMC
2008-02-01 07:39 . 2008-02-04 04:12 <DIR> d-------- C:\Program Files\ATI Technologies
2008-02-01 06:45 . 2008-02-01 06:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-01 02:50 . 2008-02-01 02:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap
2008-01-31 21:29 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-27 12:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-27 12:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-27 07:14 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-27 04:46 . 2008-02-04 05:24 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\Application Data\Aim
2008-01-27 04:45 . 2008-02-04 04:11 <DIR> d-------- C:\Program Files\AOD
2008-01-27 04:45 . 2008-02-04 05:24 <DIR> d-------- C:\Program Files\AIM
2008-01-27 04:45 . 2008-01-27 04:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-01-27 02:06 . 2008-01-27 02:06 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\WINDOWS
2008-01-27 01:56 . 2008-02-04 04:11 <DIR> d-------- C:\Program Files\a376
2008-01-27 00:50 . 2008-01-27 00:50 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\Application Data\Lavasoft
2008-01-27 00:48 . 2008-02-04 04:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-27 00:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-27 00:39 . 2008-01-27 00:39 <DIR> d-------- C:\Documents and Settings\Dan.IWANTITA-D1CF00\jmeeting
2008-01-26 21:20 . 2007-02-28 01:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-26 21:20 . 2007-02-28 01:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-01-26 21:20 . 2007-02-28 00:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-01-26 21:20 . 2007-02-28 00:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-01-26 20:52 . 2006-03-16 16:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-01-26 19:03 . 2008-02-04 04:12 <DIR> d-------- C:\Program Files\Java
2008-01-26 18:53 . 2008-01-26 18:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-01-26 17:59 . 2006-02-21 20:30 2,636,672 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-01-26 17:59 . 2006-02-21 20:46 1,505,792 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-26 17:59 . 2006-02-21 20:46 1,505,792 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-26 17:59 . 2006-02-21 20:24 860,480 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-01-26 17:59 . 2006-02-21 20:04 258,048 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-01-26 17:59 . 2006-02-21 20:46 256,512 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-01-26 17:51 . 2008-02-01 21:49 359 --a------ C:\WINDOWS\WININIT.INI
2008-01-26 17:40 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\bdeadmin.cpl
2008-01-26 17:28 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-26 17:28 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-26 17:25 . 2008-01-26 17:25 <DIR> d---s---- C:\WINDOWS\%systemroot%
2008-01-26 17:21 . 2008-02-01 21:21 51 --a------ C:\WINDOWS\iTouch.ini
2008-01-26 17:14 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-26 17:14 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-26 17:14 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\Msvcr71.dll
2008-01-26 17:14 . 2002-01-05 04:38 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2008-01-26 17:14 . 2003-11-07 01:50 37,884 --------- C:\WINDOWS\system32\drivers\Lhidusb.sys
2008-01-26 17:14 . 2003-11-07 01:50 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-01-26 17:10 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-26 17:06 . 2008-01-26 17:06 <DIR> d--hs---- C:\Documents and Settings\Dan.IWANTITA-D1CF00\UserData
2008-01-26 16:52 . 2008-01-26 16:52 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-26 16:51 . 2004-08-03 22:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2008-01-26 16:51 . 2001-08-23 11:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-01-26 16:49 . 2001-08-23 11:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-26 16:48 . 2004-08-03 23:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-26 16:47 . 2008-02-01 07:41 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-26 16:47 . 2008-01-26 16:47 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-26 16:47 . 2008-01-26 16:47 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-26 16:47 . 2008-01-26 16:47 2,577 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-01-26 16:47 . 2008-01-26 16:47 0 --a------ C:\WINDOWS\control.ini
2008-01-26 16:46 . 2008-01-26 16:47 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-01-26 16:45 . 2001-08-23 11:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-26 16:45 . 2008-01-26 16:45 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-01-26 16:45 . 2008-01-26 16:45 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-01-26 16:45 . 2008-01-26 16:45 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-26 16:30 . 2008-01-26 16:43 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-26 16:30 . 2001-08-23 11:00 5,632 --a------ C:\WINDOWS\system32\write.exe
2008-01-26 16:30 . 2001-08-23 11:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\write.exe
2008-01-26 16:30 . 2008-01-26 16:30 37 --a------ C:\WINDOWS\vbaddin.ini
2008-01-26 16:30 . 2008-01-26 16:30 36 --a------ C:\WINDOWS\vb.ini
2008-01-26 08:32 . 2008-02-01 22:00 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-01-26 08:24 . 2006-06-14 00:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-01-26 08:23 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-01-26 08:23 . 2004-08-03 23:15 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-01-26 08:23 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-01-26 08:23 . 2004-08-04 00:56 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-01-26 08:23 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-01-26 08:23 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-01-26 08:23 . 2004-08-03 14:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-26 08:23 . 2004-08-03 15:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-26 08:23 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-01-26 08:23 . 2004-08-04 00:56 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-01-26 08:23 . 2001-08-17 06:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 00:31 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-04 12:40 --------- d-----w C:\Program Files\AIM6
2008-02-04 12:12 --------- d-----w C:\Program Files\Yahoo!
2008-02-04 12:12 --------- d-----w C:\Program Files\ViCAM
2008-02-04 12:12 --------- d-----w C:\Program Files\Paltalk Messenger
2008-02-04 12:12 --------- d-----w C:\Program Files\MySpace
2008-02-04 12:12 --------- d-----w C:\Program Files\Logitech
2008-02-04 12:11 --------- d-----w C:\Program Files\AOL Search
2008-02-02 04:18 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-02-01 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 09:57 90,112 ----a-w C:\WINDOWS\SOUNDMAN.EXE
2008-01-27 09:57 3,644,800 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-01-27 09:57 156,672 ----a-w C:\WINDOWS\system32\RTLCPAPI.dll
2008-01-27 09:57 10,458,112 ----a-w C:\WINDOWS\system32\RTLCPL.EXE
2008-01-10 08:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-31 09:45 --------- d-----w C:\Program Files\Common Files\Java
2007-12-31 08:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-31 08:30 --------- d-----w C:\Program Files\microsoft frontpage
2004-09-10 11:36 24,841 ---ha-r C:\Program Files\Deutsch - BWF - SCORPiON.awl
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\a376 ----

2008-01-27 01:57 97457 --a------ C:\Program Files\a376\a376\Win95\VALCX95.VXD
2008-01-27 01:57 90112 --a------ C:\Program Files\a376\a376\WDM\SoundMan.exe
2008-01-27 01:57 86864 --a------ C:\Program Files\a376\a376\Win95\ALSWWT16.DLL
2008-01-27 01:57 794624 --a------ C:\Program Files\a376\a376\Ap\AvRack2.exe
2008-01-27 01:57 640 --a------ C:\Program Files\a376\a376\WinNT4\Oemsetup.inf
2008-01-27 01:57 63406 --a------ C:\Program Files\a376\a376\WDM\Alcwdm2.inf
2008-01-27 01:57 62642 --a------ C:\Program Files\a376\a376\WDM\Alcxau2.inf
2008-01-27 01:57 62538 --a------ C:\Program Files\a376\a376\WDM\Alcwdm0.inf
2008-01-27 01:57 62232 --a------ C:\Program Files\a376\a376\WDM\Alcwdm1.inf
2008-01-27 01:57 61798 --a------ C:\Program Files\a376\a376\WDM\Alcxau0.inf
2008-01-27 01:57 61090 --a------ C:\Program Files\a376\a376\WDM\Alcxau1.inf
2008-01-27 01:57 6037 --a------ C:\Program Files\a376\a376\Win95\VALCX95.INF
2008-01-27 01:57 543481 --a------ C:\Program Files\a376\a376\engine32.cab
2008-01-27 01:57 534 --a------ C:\Program Files\a376\a376\setup.iss
2008-01-27 01:57 512 --a------ C:\Program Files\a376\a376\data2.cab
2008-01-27 01:57 50328 --a------ C:\Program Files\a376\a376\WDM\Alcxau13.inf
2008-01-27 01:57 50058 --a------ C:\Program Files\a376\a376\WDM\Alcwdm13.inf
2008-01-27 01:57 49499 --a------ C:\Program Files\a376\a376\WDM\Alcwdm18.inf
2008-01-27 01:57 48740 --a------ C:\Program Files\a376\a376\WDM\Alcxau4.inf
2008-01-27 01:57 47945 --a------ C:\Program Files\a376\a376\WDM\Alcwdm12.inf
2008-01-27 01:57 47555 --a------ C:\Program Files\a376\a376\WDM\Alcxau12.inf
2008-01-27 01:57 473 --a------ C:\Program Files\a376\a376\layout.bin
2008-01-27 01:57 468056 --a------ C:\Program Files\a376\a376\Ap\Wooden.bmp
2008-01-27 01:57 468056 --a------ C:\Program Files\a376\a376\Ap\Magenta.bmp
2008-01-27 01:57 468056 --a------ C:\Program Files\a376\a376\Ap\Grass.bmp
2008-01-27 01:57 468056 --a------ C:\Program Files\a376\a376\Ap\Cool.bmp
2008-01-27 01:57 465408 --a------ C:\Program Files\a376\a376\AlcUpd64.exe
2008-01-27 01:57 456313 --a------ C:\Program Files\a376\a376\setup.ibt
2008-01-27 01:57 447688 --a------ C:\Program Files\a376\a376\WDM\Alcxwdm.cat
2008-01-27 01:57 43128 --a------ C:\Program Files\a376\a376\WinNT4\ALCXNT.DLL
2008-01-27 01:57 41303 --a------ C:\Program Files\a376\a376\WDM\Alcwdm9.inf
2008-01-27 01:57 40960 --a------ C:\Program Files\a376\a376\ChCfg.exe
2008-01-27 01:57 40547 --a------ C:\Program Files\a376\a376\WDM\Alcxau22.inf
2008-01-27 01:57 40448 --a------ C:\Program Files\a376\a376\GETDXVER.EXE
2008-01-27 01:57 39506 --a------ C:\Program Files\a376\a376\WDM\Alcwdm16.inf
2008-01-27 01:57 38744 --a------ C:\Program Files\a376\a376\WDM\Alcxau26.inf
2008-01-27 01:57 38728 --a------ C:\Program Files\a376\a376\WDM\Alcxau10.inf
2008-01-27 01:57 3812120 --a------ C:\Program Files\a376\a376\Ap\Mpstd.exe
2008-01-27 01:57 3645952 --a------ C:\Program Files\a376\a376\Ap\RtlRack.exe
2008-01-27 01:57 3644800 --a------ C:\Program Files\a376\a376\WDM\alcxwdm.sys
2008-01-27 01:57 344923 --a------ C:\Program Files\a376\a376\ikernel.ex_
2008-01-27 01:57 334690 --a------ C:\Program Files\a376\a376\WDM\Alcwdm.cat
2008-01-27 01:57 32898 --a------ C:\Program Files\a376\a376\WDM\Alcwdm4.inf
2008-01-27 01:57 327077 --a------ C:\Program Files\a376\a376\setup.inx
2008-01-27 01:57 3262 --a------ C:\Program Files\a376\a376\CPLIcon.ico
2008-01-27 01:57 32139 --a------ C:\Program Files\a376\a376\WDM\Alcxau24.inf
2008-01-27 01:57 31388 --a------ C:\Program Files\a376\a376\ALCXDEV.EXE
2008-01-27 01:57 31205 --a------ C:\Program Files\a376\a376\WDM\Alcwdm3.inf
2008-01-27 01:57 3101546 --a------ C:\Program Files\a376\a376\WinNT4\ALSWWTNT.TON
2008-01-27 01:57 3101546 --a------ C:\Program Files\a376\a376\Win95\SWWTAC97.TON
2008-01-27 01:57 30942 --a------ C:\Program Files\a376\a376\WDM\Alcxau27.inf
2008-01-27 01:57 30822 --a------ C:\Program Files\a376\a376\WDM\Alcxau6.inf
2008-01-27 01:57 307200 --a------ C:\Program Files\a376\a376\alcupd.exe
2008-01-27 01:57 30695 --a------ C:\Program Files\a376\a376\WDM\Alcwdm8.inf
2008-01-27 01:57 306176 --a------ C:\Program Files\a376\a376\alcrmv64.exe
2008-01-27 01:57 30581 --a------ C:\Program Files\a376\a376\WDM\Alcwdm11.inf
2008-01-27 01:57 30544 --a------ C:\Program Files\a376\a376\WDM\Alcxau8.inf
2008-01-27 01:57 30446 --a------ C:\Program Files\a376\a376\WDM\Alcxau25.inf
2008-01-27 01:57 30403 --a------ C:\Program Files\a376\a376\WDM\Alcwdm6.inf
2008-01-27 01:57 30246 --a------ C:\Program Files\a376\a376\WDM\Alcxau9.inf
2008-01-27 01:57 29936 --a------ C:\Program Files\a376\a376\WDM\Alcxau23.inf
2008-01-27 01:57 29821 --a------ C:\Program Files\a376\a376\WDM\Alcxau16.inf
2008-01-27 01:57 29765 --a------ C:\Program Files\a376\a376\WDM\Alcwdm10.inf
2008-01-27 01:57 2939392 --a------ C:\Program Files\a376\a376\WDM\alcwdm64.sys
2008-01-27 01:57 29068 --a------ C:\Program Files\a376\a376\WDM\Alcxau14.inf
2008-01-27 01:57 28634 --a------ C:\Program Files\a376\a376\WDM\Alcxau15.inf
2008-01-27 01:57 28447 --a------ C:\Program Files\a376\a376\WDM\Alcxau20.inf
2008-01-27 01:57 2777 --a------ C:\Program Files\a376\a376\setup.ini
2008-01-27 01:57 27586 --a------ C:\Program Files\a376\a376\WDM\Alcwdm17.inf
2008-01-27 01:57 27393 --a------ C:\Program Files\a376\a376\WDM\Alcxau3.inf
2008-01-27 01:57 27161 --a------ C:\Program Files\a376\a376\WDM\Alcwdm.inf
2008-01-27 01:57 27063 --a------ C:\Program Files\a376\a376\data1.hdr
2008-01-27 01:57 26825 --a------ C:\Program Files\a376\a376\WDM\Alcxau5.inf
2008-01-27 01:57 26394 --a------ C:\Program Files\a376\a376\WDM\Alcxau.inf
2008-01-27 01:57 26016 --a------ C:\Program Files\a376\a376\WDM\Alcxau11.inf
2008-01-27 01:57 25853 --a------ C:\Program Files\a376\a376\WDM\Alcwdm5.inf
2008-01-27 01:57 25433 --a------ C:\Program Files\a376\a376\WDM\Alcwdm14.inf
2008-01-27 01:57 25275 --a------ C:\Program Files\a376\a376\WDM\Alcxau21.inf
2008-01-27 01:57 25089 --a------ C:\Program Files\a376\a376\WDM\Alcxau19.inf
2008-01-27 01:57 250296 --a------ C:\Program Files\a376\a376\setup.isn
2008-01-27 01:57 247244 --a------ C:\Program Files\a376\a376\WinNT4\ALSWWTNT.DAT
2008-01-27 01:57 247244 --a------ C:\Program Files\a376\a376\Win95\SWWTAC97.DAT
2008-01-27 01:57 24667 --a------ C:\Program Files\a376\a376\WDM\Alcxau17.inf
2008-01-27 01:57 24151 --a------ C:\Program Files\a376\a376\WDM\Alcwdm7.inf
2008-01-27 01:57 23552 --a------ C:\Program Files\a376\a376\SetCDfmt.exe
2008-01-27 01:57 23369 --a------ C:\Program Files\a376\a376\WDM\Alcwdm15.inf
2008-01-27 01:57 23332 --a------ C:\Program Files\a376\a376\WDM\Alcxau7.inf
2008-01-27 01:57 2311591 --a------ C:\Program Files\a376\a376\data1.cab
2008-01-27 01:57 23040 --a------ C:\Program Files\a376\a376\WinNT4\Alswwtnt.dll
2008-01-27 01:57 22609 --a------ C:\Program Files\a376\a376\WDM\Alcxau18.inf
2008-01-27 01:57 22482 --a------ C:\Program Files\a376\a376\README.TXT
2008-01-27 01:57 212992 --a------ C:\Program Files\a376\a376\alcrmv.exe
2008-01-27 01:57 209656 --a------ C:\Program Files\a376\a376\WinNT4\ALCXNT.SYS
2008-01-27 01:57 203868 --a------ C:\Program Files\a376\a376\WDM\Alcxwdm0.cat
2008-01-27 01:57 18771968 --a------ C:\Program Files\a376\a376\WDM\ALSndMgr.cpl
2008-01-27 01:57 187059 --a------ C:\Program Files\a376\a376\WDM\Alcwdm0.cat
2008-01-27 01:57 1833984 --a------ C:\Program Files\a376\a376\Ap\Classic.dll
2008-01-27 01:57 17396 --a------ C:\Program Files\a376\a376\WinNT4\MMDRV.DLL
2008-01-27 01:57 164 --a------ C:\Program Files\a376\a376\Ap\AVRACK.INI
2008-01-27 01:57 1602328 --a------ C:\Program Files\a376\a376\Ap\MPIE4STD.EXE
2008-01-27 01:57 157080 --a------ C:\Program Files\a376\a376\Ap\GrayScale.bmp
2008-01-27 01:57 156672 --a------ C:\Program Files\a376\a376\WDM\RtlCPAPI.dll
2008-01-27 01:57 155136 --a------ C:\Program Files\a376\a376\WinNT4\SoundMan.exe
2008-01-27 01:57 14928 --a------ C:\Program Files\a376\a376\Win95\ALSWWT.DRV
2008-01-27 01:57 142080 --a------ C:\Program Files\a376\a376\Win95\ALCX95.DRV
2008-01-27 01:57 141016 --a------ C:\Program Files\a376\a376\WDM\ALSNDMGR.WAV
2008-01-27 01:57 136 --a------ C:\Program Files\a376\a376\SetupEx.ini
2008-01-27 01:57 126976 --a------ C:\Program Files\a376\a376\alcrmv9x.exe
2008-01-27 01:57 121064 --a------ C:\Program Files\a376\a376\setup.exe
2008-01-27 01:57 115168 --a------ C:\Program Files\a376\a376\WinNT4\Alswwtnt.sys
2008-01-27 01:57 1127 --a------ C:\Program Files\a376\a376\Win95\ALCX95.INI
2008-01-27 01:57 111616 --a------ C:\Program Files\a376\a376\WDM\CPLUtl64.exe
2008-01-27 01:57 110592 --a------ C:\Program Files\a376\a376\alcchkid.exe
2008-01-27 01:57 1078 --a------ C:\Program Files\a376\a376\SOUNDMAN.ICO
2008-01-27 01:57 10458112 --a------ C:\Program Files\a376\a376\WDM\RTLCPL.EXE


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2008-02-01 21:21 1482752]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2008-02-01 21:21 892928]
"SoundMan"="SOUNDMAN.EXE" [2008-01-27 01:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 01:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-02-01 21:21 132496]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2008-02-01 21:21 538112]

R2 ViCAM;ViCAM;C:\WINDOWS\system32\drivers\ViCAM.sys [1999-10-12 05:04]
R3 VICAMUSB;3Com HomeConnect USB Camera;C:\WINDOWS\system32\drivers\vicamusb.sys [1999-10-12 12:23]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 06:22]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 06:22]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 06:22]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 20:04:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 20:04:48
ComboFix-quarantined-files.txt 2008-02-08 04:04:34
ComboFix2.txt 2008-02-04 12:16:01

#7 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 15 February 2008 - 10:48 AM

Hi and Im very sorry for the delay.

I never got an email saying you responded. I will get back to you ASAP.


Posted Image


#8 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 16 February 2008 - 06:52 PM

Hello again,

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select XP Professional for your Operating System.
Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

Next...

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Posted Image


#9 ibdan61

ibdan61
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 17 February 2008 - 04:51 PM

Hi MonsterenergyY22,
I did as instructed and when I drug the downloaded file to ComboFix it began to start then sent a message saying that Combofix was out of date and that I needed to download a new version then it closed and the icon disappeared from my desktop. I thoought I had better inform you of this before trying to download a newer version. Please let me know how to proceed.

Dan

#10 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 18 February 2008 - 12:54 PM

Hi,

You can downloaded the lastest version from the link below.
http://subs.geekstogo.com/ComboFix.exe


Posted Image


#11 ibdan61

ibdan61
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 22 February 2008 - 04:04 AM

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

I have ran the Kaspersky Scanner twice and both times it has found12 viruses with 19 files infected but just as it is donr I get a the windows error message that windows has encountered a problem with Interent explorer and needs to close before the scanner gets to the part where I can save it. Am I doing something wrong? I have still yet to reboot my computer.

#12 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 23 February 2008 - 11:13 AM

Hello again,

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient


Posted Image


#13 ibdan61

ibdan61
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 23 February 2008 - 02:41 PM

Scanning Report
Saturday, February 23, 2008 10:54:38 - 11:38:25
Computer name: IWANTITA-D1CF00
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\


--------------------------------------------------------------------------------

Result: 11 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 45042
System: 3735
Not scanned: 14
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 10
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{404AE91C-7322-4E45-814E-78D63173FE17}.BIN
C:\RECYCLER\S-1-5-21-2000478354-573735546-682003330-1003\DC3.EXE
C:\DOCUMENTS AND SETTINGS\DAN.IWANTITA-D1CF00\LOCAL SETTINGS\TEMP\HSPERFDATA_DAN\2676
D:\WINDOWS\PREFETCH\LAYOUT.INI
D:\RECYCLER\S-1-5-21-1060284298-1935655697-682003330-1003\DC53.LNK
D:\DOCUMENTS AND SETTINGS\DANNO\DESKTOP\ATF-CLEANER.EXE
D:\DOCUMENTS AND SETTINGS\DANNO\DESKTOP\FREE IPOD NANO.LNK
D:\DOCUMENTS AND SETTINGS\DANNO\DESKTOP\LPT347.ZIP
D:\DOCUMENTS AND SETTINGS\DANNO\DESKTOP\SPYBOT - SEARCH & DESTROY.LNK
D:\DOCUMENTS AND SETTINGS\DANNO\DESKTOP\WATCHER.LNK
D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13BB11BEA29A3D7C420E18EA01E7FD21_E227293F-1768-4F19-AE0F-98CEF674F396
D:\4D28902AAD35FCF487374D0DB585\LEGITCHECKCONTROL.DLL

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-02-21
F-Secure AVP: 7.0.171, 2008-02-22
F-Secure Orion: 1.2.37, 2008-02-22
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.20.0, 2008-01-20
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#14 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 29 February 2008 - 01:35 AM

Hello,

Nice job your log looks clean!
How is it running?
Please use the following suggestion to help prevent reinfection.

Also, you may delete any tools I had you download during the cleaning process.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following
  • Click Start, Settings, Control Panel
  • Double-click the System icon
  • Click the Performance tab, File System, Troubleshooting tab
  • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  • Then uncheck "Turn off System Restore" which will create a new System Restore point
  • Click OK
I highly recommend downloading the following programs, to keep malware of your computer to begin with.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.
**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.
DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Online Armor, or Outpost.
**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little Posted Image How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :thumbsup:


Posted Image


#15 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:10:42 PM

Posted 03 March 2008 - 02:16 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users