Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GENERIC HOSTS WINXP SYSTEM32


  • This topic is locked This topic is locked
14 replies to this topic

#1 dai

dai

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cwm Cynon
  • Local time:10:01 AM

Posted 06 January 2009 - 03:37 PM

Running from: c:\documents and settings\Banda\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Banda\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe
c:\documents and settings\Banda\Application Data\inst.exe
c:\recycler\ADAPT_Installer.exe
c:\windows\system32\_004447_.tmp.dll
c:\windows\system32\_004448_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004450_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004452_.tmp.dll
c:\windows\system32\_004453_.tmp.dll
c:\windows\system32\_004454_.tmp.dll
c:\windows\system32\_004457_.tmp.dll
c:\windows\system32\_004458_.tmp.dll
c:\windows\system32\_004459_.tmp.dll
c:\windows\system32\_004460_.tmp.dll
c:\windows\system32\_004461_.tmp.dll
c:\windows\system32\_004462_.tmp.dll
c:\windows\system32\_004463_.tmp.dll
c:\windows\system32\_004464_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004469_.tmp.dll
c:\windows\system32\_004470_.tmp.dll
c:\windows\system32\_004471_.tmp.dll
c:\windows\system32\_004473_.tmp.dll
c:\windows\system32\_004476_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004479_.tmp.dll
c:\windows\system32\_004480_.tmp.dll
c:\windows\system32\_004481_.tmp.dll
c:\windows\system32\_004482_.tmp.dll
c:\windows\system32\_004483_.tmp.dll
c:\windows\system32\_004484_.tmp.dll
c:\windows\system32\_004485_.tmp.dll
c:\windows\system32\_004486_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004489_.tmp.dll
c:\windows\system32\_004490_.tmp.dll
c:\windows\system32\_004491_.tmp.dll
c:\windows\system32\_004492_.tmp.dll
c:\windows\system32\_004493_.tmp.dll
c:\windows\system32\_004494_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004496_.tmp.dll
c:\windows\system32\_004497_.tmp.dll
c:\windows\system32\_004498_.tmp.dll
c:\windows\system32\_004499_.tmp.dll
c:\windows\system32\_004500_.tmp.dll
c:\windows\system32\_004502_.tmp.dll
c:\windows\system32\_004503_.tmp.dll
c:\windows\system32\_004504_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004507_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004509_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004513_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004517_.tmp.dll
c:\windows\system32\_004518_.tmp.dll
c:\windows\system32\_004520_.tmp.dll
c:\windows\system32\_004521_.tmp.dll
c:\windows\system32\_004522_.tmp.dll
c:\windows\system32\_004523_.tmp.dll
c:\windows\system32\_004524_.tmp.dll
c:\windows\system32\_004525_.tmp.dll
c:\windows\system32\_004527_.tmp.dll
c:\windows\system32\_004528_.tmp.dll
c:\windows\system32\_004529_.tmp.dll
c:\windows\system32\_004530_.tmp.dll
c:\windows\system32\_004531_.tmp.dll
c:\windows\system32\_004532_.tmp.dll
c:\windows\system32\_004535_.tmp.dll
c:\windows\system32\_004536_.tmp.dll
c:\windows\system32\_004537_.tmp.dll
c:\windows\system32\_004538_.tmp.dll
c:\windows\system32\_004539_.tmp.dll
c:\windows\system32\_004540_.tmp.dll
c:\windows\system32\_004541_.tmp.dll
c:\windows\system32\_004544_.tmp.dll
c:\windows\system32\_004546_.tmp.dll
c:\windows\system32\_004547_.tmp.dll
c:\windows\system32\_004548_.tmp.dll
c:\windows\system32\_004549_.tmp.dll
c:\windows\system32\_004551_.tmp.dll
c:\windows\system32\_004554_.tmp.dll
c:\windows\system32\_004556_.tmp.dll
c:\windows\system32\_004557_.tmp.dll
c:\windows\system32\_004558_.tmp.dll
c:\windows\system32\_004559_.tmp.dll
c:\windows\system32\_004562_.tmp.dll
c:\windows\system32\_004563_.tmp.dll
c:\windows\system32\_004564_.tmp.dll
c:\windows\system32\_004565_.tmp.dll
c:\windows\system32\_004566_.tmp.dll
c:\windows\system32\_004571_.tmp.dll
c:\windows\system32\_004573_.tmp.dll
c:\windows\system32\_004574_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 21:26 . 2009-01-06 21:26 <DIR> d-------- C:\CNYSELPHYCP
2009-01-06 17:27 . 2007-04-24 15:40 57,344 --a------ c:\windows\system32\vsnpx32.dll
2009-01-06 17:17 . 2009-01-06 17:27 <DIR> d-------- c:\program files\Common Files\snp325
2009-01-06 17:17 . 2007-05-07 18:38 10,343,168 --a------ c:\windows\system32\drivers\snp325.sys
2009-01-06 17:17 . 2007-05-09 10:46 835,584 --a------ c:\windows\vsnp325.exe
2009-01-06 17:17 . 2007-04-21 09:30 270,336 --a------ c:\windows\tsnp325.exe
2009-01-06 17:17 . 2006-04-12 12:11 147,456 --a------ c:\windows\system32\rsnp325.dll
2009-01-06 17:17 . 2006-07-03 10:31 94,208 --a------ c:\windows\amcap.exe
2009-01-06 17:17 . 2007-04-24 15:40 57,344 --a------ c:\windows\system32\vsnp325.dll
2009-01-06 17:17 . 2005-11-23 13:55 53,248 --a------ c:\windows\system32\csnp325.dll
2009-01-06 17:17 . 2007-02-12 14:50 20,480 --a------ c:\windows\FixCamera.exe
2009-01-06 17:17 . 2004-02-27 17:36 15,498 --a------ c:\windows\snp325.ini
2009-01-06 17:17 . 2004-02-27 17:36 13,023 --a------ c:\windows\snp325.src
2009-01-06 17:16 . 2009-01-06 17:16 <DIR> d-------- c:\documents and settings\Banda\Application Data\InstallShield
2009-01-06 17:03 . 2009-01-06 17:03 <DIR> d-------- c:\windows\CatRoot
2009-01-06 17:03 . 2009-01-06 17:03 <DIR> d-------- c:\program files\Vimicro
2009-01-06 17:03 . 2000-10-31 12:00 307,200 --a------ c:\windows\vidcap32.Exe
2009-01-06 17:03 . 2004-12-01 10:30 217,160 --a------ c:\windows\system32\VM31bPrp.Ax
2009-01-06 17:03 . 2002-08-22 16:34 147,456 --a------ c:\windows\VMCap.exe
2009-01-06 17:03 . 2004-12-01 09:54 93,632 --a------ c:\windows\system32\drivers\usbVM31b.sys
2009-01-06 17:03 . 2003-05-15 17:17 61,440 --a------ c:\windows\system32\VM31bSTI.dll
2009-01-06 17:03 . 2004-10-29 15:51 57,344 --a------ c:\windows\StillCap.exe
2009-01-06 17:03 . 2002-10-16 09:29 49,152 --a------ c:\windows\system32\amcap.exe
2009-01-06 17:03 . 2004-12-02 11:46 40,960 --a------ c:\windows\Vm_sti.exe
2009-01-06 16:55 . 2009-01-06 16:55 8,576 --a------ c:\windows\system32\drivers\lwbkpunbtyrb.sys
2009-01-06 16:49 . 2006-09-06 09:58 <DIR> d-------- C:\Installshield
2009-01-06 11:57 . 2009-01-06 11:57 <DIR> d-------- c:\documents and settings\Banda\Pavark
2009-01-06 11:57 . 2009-01-06 11:57 744,853 --a------ C:\PAVARK.exe
2009-01-06 11:57 . 2009-01-06 11:57 8,576 --a------ c:\windows\system32\drivers\rdxddglhhigb.sys
2009-01-06 11:29 . 2009-01-06 11:29 8,704 --a------ c:\windows\system32\drivers\nxgbrdcyobas.sys
2009-01-06 08:03 . 2009-01-06 08:03 8,704 --a------ c:\windows\system32\drivers\haftmjpoxaud.sys
2009-01-06 08:01 . 2009-01-06 08:01 8,704 --a------ c:\windows\system32\drivers\ghdngyyomaiy.sys
2009-01-06 07:53 . 2009-01-06 07:51 8,576 --a------ c:\windows\system32\drivers\fvuufccsdqmi.sys
2009-01-06 00:24 . 2009-01-06 00:24 8,576 --a------ c:\windows\system32\drivers\ninrasodunyd.sys
2009-01-06 00:24 . 2009-01-06 00:23 8,576 --a------ c:\windows\system32\drivers\nfshlxtrqbec.sys
2009-01-05 19:39 . 2009-01-06 12:01 <DIR> d-------- c:\program files\a-squared Free
2009-01-05 19:11 . 2009-01-06 00:20 <DIR> d-------- c:\program files\a-squared Anti-Malware
2009-01-02 18:15 . 2009-01-02 18:15 <DIR> d-------- C:\symbols
2009-01-02 18:13 . 2008-12-27 21:10 2,925,296 --a------ C:\WindowsXP-KB894194-x86-Symbols-ENU.exe
2009-01-02 18:13 . 2008-12-27 21:10 1,766,640 --a------ C:\WindowsXP-KB894194-x86-ENU.exe
2008-12-30 03:17 . 2008-12-30 03:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-27 14:27 . 2008-12-27 14:27 <DIR> d-------- c:\documents and settings\Banda\Application Data\Windows Search
2008-12-27 09:34 . 2009-01-07 10:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 11:40 . 2008-12-26 11:40 <DIR> d-------- c:\program files\Multimedia Keyboard & Mouse Driver
2008-12-26 11:39 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-26 11:39 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-26 11:39 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-26 11:39 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-12-25 01:41 . 2008-12-25 01:41 435 --a------ c:\windows\system32\1230169293.(null)
2008-12-25 00:32 . 2009-01-06 19:40 <DIR> d-------- c:\program files\foobar2000
2008-12-25 00:32 . 2008-12-25 16:00 <DIR> d-------- c:\documents and settings\Banda\Application Data\foobar2000
2008-12-23 01:26 . 2008-12-23 01:26 <DIR> d-------- c:\documents and settings\Banda\System
2008-12-23 01:26 . 2008-12-23 01:28 <DIR> d-------- c:\documents and settings\Banda\Application Data\SmartDraw
2008-12-22 12:25 . 2009-01-06 00:35 <DIR> d-------- c:\documents and settings\Banda\Application Data\Skype
2008-12-22 03:01 . 2008-12-22 03:01 <DIR> d-------- c:\windows\ie8updates
2008-12-21 08:56 . 2008-12-21 08:56 <DIR> d-------- c:\program files\Skype
2008-12-21 08:56 . 2008-12-21 08:56 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-21 08:55 . 2009-01-07 10:18 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-21 08:55 . 2008-12-21 09:21 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-21 08:55 . 2008-12-21 09:21 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-21 08:55 . 2008-12-21 09:21 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-21 08:55 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-21 00:26 . 2008-12-27 09:17 <DIR> d-------- c:\program files\C-Media
2008-12-20 21:14 . 2008-12-20 21:14 <DIR> d-------- c:\program files\Motorola Tools
2008-12-20 20:38 . 2008-12-20 20:38 <DIR> d-------- c:\program files\Motorola
2008-12-20 20:38 . 2008-12-20 20:38 <DIR> d-------- c:\program files\Common Files\Motorola Shared
2008-12-20 19:29 . 2003-10-14 11:52 2,301,952 --a------ c:\windows\system\cmicnfg.cpl
2008-12-20 19:29 . 2003-10-15 16:26 1,454,080 --a------ c:\windows\system\SmWizard.exe
2008-12-20 19:29 . 2002-04-29 15:04 917,504 --a------ c:\windows\system\cmids3d.dll
2008-12-20 19:29 . 2003-10-17 11:52 754,560 --a------ c:\windows\system32\drivers\cmuda.sys
2008-12-20 19:29 . 2001-11-23 04:08 712,704 -ra------ c:\windows\system32\Audio3D.dll
2008-12-20 19:29 . 2003-08-20 18:46 233,472 --a------ c:\windows\system32\cmirmdrv.exe
2008-12-20 19:29 . 2003-10-15 18:37 114,688 --a------ c:\windows\system32\cmuda.dll
2008-12-20 19:29 . 2003-04-24 13:29 32,768 --a------ c:\windows\system32\udaprop.dll
2008-12-20 19:29 . 2003-02-18 18:26 28,672 --a------ c:\windows\system32\cmirmdrv.dll
2008-12-20 19:29 . 2008-12-20 19:29 171 --a------ c:\windows\system\CmiCnfg.ini
2008-12-19 19:23 . 2007-02-13 12:29 36,096 --a------ c:\windows\system32\drivers\ip_fw.sys
2008-12-19 19:23 . 2006-12-25 16:05 31,744 --a------ c:\windows\system32\ipfw.exe
2008-12-19 19:20 . 2008-12-27 09:08 <DIR> d-------- c:\program files\WIPFW
2008-12-18 02:05 . 2008-12-18 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-17 12:09 . 2008-12-17 12:09 <DIR> d-------- c:\program files\Common Files\aolback
2008-12-17 12:09 . 2008-12-17 12:09 715 --a------ c:\windows\aolback.exe.lnk
2008-12-17 12:08 . 2008-12-17 12:09 <DIR> d-------- c:\documents and settings\Banda\Application Data\AOL
2008-12-17 12:06 . 2008-12-17 12:08 <DIR> d-------- c:\program files\Common Files\aolshare
2008-12-17 12:06 . 2008-12-18 02:10 <DIR> d-------- c:\program files\Common Files\aol
2008-12-17 12:06 . 2008-12-17 19:16 <DIR> d-------- c:\program files\AOL 9.0 VR
2008-12-17 12:06 . 2008-12-23 02:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2008-12-16 10:03 . 2005-05-12 12:36 153,088 --a------ c:\windows\system32\jgdwmie.dll
2008-12-13 01:02 . 2008-12-20 19:29 <DIR> d-------- c:\program files\C-Media 3D Audio
2008-12-13 01:02 . 2003-08-05 14:23 266,240 --a------ c:\windows\CMIUninstall.exe
2008-12-13 01:02 . 2003-07-22 11:15 225,280 --a------ c:\windows\CmiRmRedundDir.exe
2008-12-13 01:02 . 2002-10-18 15:56 28,672 --a------ c:\windows\CMIRmDriver.dll
2008-12-13 01:02 . 2008-12-20 19:29 92 --a------ c:\windows\CMISETUP.INI
2008-12-13 01:02 . 2008-12-20 19:29 26 --a------ c:\windows\CMCDPLAY.INI
2008-12-12 22:46 . 2008-12-27 09:17 <DIR> d-------- c:\documents and settings\Banda\Application Data\AVGTOOLBAR
2008-12-12 22:44 . 2008-12-12 22:47 8,192 --a------ c:\documents and settings\ADMINI~1
2008-12-12 20:28 . 2008-12-26 01:06 <DIR> d--h----- c:\windows\msdownld.tmp
2008-12-12 20:28 . 2008-12-12 20:28 <DIR> d-------- c:\windows\Logs
2008-12-12 03:15 . 2008-12-12 03:15 <DIR> d-------- c:\documents and settings\Banda\Application Data\Viewpoint
2008-12-11 13:52 . 2008-12-27 09:19 <DIR> d-------- c:\windows\_ISTMP1.DIR
2008-12-10 15:23 . 2008-12-10 15:23 <DIR> d-------- c:\documents and settings\Banda\Application Data\vlc
2008-12-10 10:19 . 2002-07-12 08:33 1,581,056 -ra------ c:\windows\mixer.exe
2008-12-10 10:19 . 2000-10-20 10:28 765,952 -ra------ c:\windows\system\crlds3d.dll
2008-12-10 10:19 . 2002-07-16 02:58 379,726 -ra------ c:\windows\system32\drivers\cmaudio.sys
2008-12-10 10:19 . 2002-07-11 03:24 139,264 -ra------ c:\windows\cmuninst.exe
2008-12-10 10:19 . 2002-07-11 04:13 135,168 -ra------ c:\windows\cmuninst.dat
2008-12-10 10:19 . 2002-07-16 13:47 36,924 -ra------ c:\windows\cmijack.dat
2008-12-10 10:19 . 2002-03-29 06:52 32,768 -ra------ c:\windows\system32\cmnprop.dll
2008-12-10 10:19 . 2002-07-16 12:33 20,333 -ra------ c:\windows\cmaudio.dat
2008-12-09 11:05 . 2008-12-09 11:05 <DIR> d-------- C:\PCIAUD
2008-12-09 10:41 . 1998-11-12 17:14 306,688 --a------ c:\windows\IsUn0412.exe
2008-12-08 12:57 . 2008-12-08 20:02 298 --a------ c:\documents and settings\Banda\jobq.dat
2008-12-08 12:53 . 2008-12-08 20:02 <DIR> d-------- c:\documents and settings\Banda\iArchives
2008-12-07 15:24 . 2008-12-07 15:24 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-07 03:06 . 2008-12-27 09:17 <DIR> d-------- c:\program files\Torrent Harv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 17:17 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 14:48 --------- d-----w c:\program files\Common Files\Webroot Shared
2009-01-06 00:35 --------- d-----w c:\documents and settings\Banda\Application Data\skypePM
2009-01-05 15:39 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-05 01:08 --------- d-----w c:\documents and settings\Banda\Application Data\dvdcss
2008-12-30 20:03 --------- d-----w c:\documents and settings\Banda\Application Data\Vso
2008-12-29 12:48 --------- d-----w c:\program files\DC++
2008-12-29 01:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 14:07 --------- d-----w c:\program files\EPSON Print CD
2008-12-27 18:18 --------- d-----w c:\documents and settings\Banda\Application Data\tor
2008-12-27 09:59 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-27 09:51 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-12-27 09:48 --------- d-----w c:\program files\QuickTime
2008-12-27 09:47 --------- d-----w c:\program files\PCPitstop
2008-12-27 09:47 --------- d-----w c:\program files\NetMeter
2008-12-27 09:43 --------- d-----w c:\program files\Google
2008-12-27 09:41 --------- d-----w c:\program files\Lavasoft
2008-12-27 09:36 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-12-27 09:17 --------- d-----w c:\program files\Torrent Harvester
2008-12-27 09:17 --------- d-----w c:\program files\CDBurnerXP
2008-12-27 09:17 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-27 09:17 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-27 09:17 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-23 16:34 --------- d-----w c:\documents and settings\Banda\Application Data\StarOffice8
2008-12-23 11:02 --------- d-----w c:\program files\PCI Audio Applications
2008-12-21 08:56 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-19 00:57 --------- d-----w c:\program files\Opera
2008-12-18 01:42 265 ----a-w c:\program files\wipfw.conf
2008-12-17 11:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-13 00:28 --------- d-----w c:\documents and settings\Banda\Application Data\Uniblue
2008-12-12 20:43 --------- d-----w c:\program files\SiSoftware
2008-12-10 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-09 23:53 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 00:54 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-08 00:54 --------- d-----w c:\program files\Java
2008-12-06 15:27 --------- d-----w c:\documents and settings\Banda\Application Data\Canon
2008-12-06 15:21 --------- d-----w c:\program files\Canon
2008-12-06 15:09 --------- d-----w c:\program files\ScanSoft
2008-12-06 15:05 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-12-06 15:04 --------- d--h--w c:\program files\CanonBJ
2008-12-04 10:29 --------- d-----w c:\program files\DAMN NFO Viewer
2008-12-01 16:48 --------- d-----w c:\program files\Microsoft Research
2008-11-30 03:45 --------- d-----w c:\program files\ViviCam 7380u Camera Manual
2008-11-27 11:39 --------- d-----w c:\program files\Secunia
2008-11-26 15:46 --------- d-----w c:\program files\EasySearch
2008-11-23 04:02 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2008-11-22 01:58 --------- d-----w c:\program files\MpcStar
2008-11-22 01:56 --------- d-----w c:\program files\Roxio
2008-11-22 01:56 --------- d-----w c:\documents and settings\Banda\Application Data\iolo
2008-11-22 01:56 --------- d-----w c:\documents and settings\Banda\Application Data\DivX
2008-11-22 01:52 --------- d-----w c:\program files\Lexmark Fax Solutions
2008-11-22 01:50 --------- d-----w c:\program files\NVIDIA nTune Performance Application
2008-11-20 20:01 --------- d-----w c:\program files\Lx_cats
2008-11-19 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-11-19 20:21 --------- d-----w c:\program files\SmartSound Software
2008-11-18 13:36 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2008-11-15 13:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 11:47 --------- d-----w c:\program files\Defraggler
2008-11-15 11:38 --------- d-----w c:\program files\Yahoo!
2008-11-08 01:16 --------- d-----w c:\program files\Belarc
2008-11-07 20:32 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys.ORIGINAL.000
2008-10-27 10:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 10:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-20 17:27 74,703 ----a-w c:\windows\system32\mfc45.dll
2008-10-18 01:42 382 ----a-w c:\program files\Shortcut to Program Files.lnk
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-10 04:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 04:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-09-01 13:44 47,360 ----a-w c:\documents and settings\Banda\Application Data\pcouffin.sys
2008-08-17 15:26 17,430 ----a-w c:\program files\Banda 001 (512 x 240).jpg
2008-08-06 22:50 87,608 ----a-w c:\documents and settings\Banda\Application Data\ezpinst.exe
2008-08-05 08:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-01 18:02 668 ----a-w c:\program files\CDFE.log
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
2008-10-19 09:58 49,152 ----a-w c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-13 1261336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"HostManager"="c:\program files\Common Files\AOL\1229515613\ee\AOLSoftware.exe" [2006-11-14 50736]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-12-14 2782352]
"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Banda^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Banda^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Banda^Start Menu^Programs^Startup^StarOffice 8.lnk]
backup=c:\windows\pss\StarOffice 8.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Banda^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D3DOverrider
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStatisticsServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UTV

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2008-04-14 04:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-08-14 02:44 113136 c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
--a------ 2002-04-10 03:04 74240 c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-12-22 23:03 916240 c:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
--a------ 2008-03-05 09:23 92160 c:\program files\Glary Utilities\memdefrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2008-06-10 11:56 1406024 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-12-21 09:21 1168264 c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMConfig]
--a------ 2007-03-06 14:51 212992 c:\program files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
--a------ 2008-09-04 01:38 2577120 c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCKeyRecorder]
--a------ 2003-05-31 03:01 180224 c:\pkrb\PCKeyRecorderK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2002-09-18 17:52 36864 c:\windows\system32\spool\drivers\w32x86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-02 14:02 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-24 14:52 240112 c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteVacuum]
--a------ 2008-11-26 15:46 417869 c:\program files\EasySearch\SiteVacuumClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 20:10 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-08 00:54 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-04 13:16 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2007-08-09 12:56 1261384 c:\program files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2002-07-12 08:33 1581056 c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" /P30 "EPSON Stylus Photo R220 Series" /O6 "USB003" /M "Stylus Photo R220"
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"LXCCCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\1229515613\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"60001:TCP"= 60001:TCP:BitComet 60001 TCP
"60001:UDP"= 60001:UDP:BitComet 60001 UDP
"21452:TCP"= 21452:TCP:BitComet 21452 TCP(ED2K)
"21452:UDP"= 21452:UDP:BitComet 21452 UDP(ED2K)
"6000:TCP"= 6000:TCP:BitComet 6000 TCP
"6000:UDP"= 6000:UDP:BitComet 6000 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)


--- Other Services/Drivers In Memory ---

*Deregistered* - 6to4
*Deregistered* - a2AntiMalware
*Deregistered* - a2free
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AOL ACS
*Deregistered* - Arp1394
*Deregistered* - ASCTRM
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - AvgTdiX
*Deregistered* - BANTExt
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - EPSONStatusAgent2
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - hotcore3
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ip_fw
*Deregistered* - Ip6Fw
*Deregistered* - IpFilterDriver
*Deregistered* - ipfw
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - Kbdclass
*Deregistered* - KMWDSERVICE
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - LanmanWorkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - O&O Defrag
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - Roxio Upnp Server 10
*Deregistered* - RoxLiveShare10
*Deregistered* - RoxWatch10
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisidex
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Tcpip6
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - tunmp
*Deregistered* - Uim_IM
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - wanatw
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WSearch
*Deregistered* - wuauserv
*Deregistered* - wwEngineSvc
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-01-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-17 15:35]

2009-01-07 c:\windows\Tasks\User_Feed_Synchronization-{3E83EF35-2EF0-4256-B115-40E06D09DFAF}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -

BHO-{ee5bc3fa-8b10-d81d-f26a-8bb7feef3273} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-eMuleAutoStart - c:\program files\BitComet\plugin_emule\plugin_eMule.exe
MSConfigStartUp-onwssozdifvada - c:\windows\system32\ejcpqcnrooeoa.dll
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.bitcomet.com/
uInternet Settings,ProxyServer = 192.168.0.3:40001
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
Trusted Zone: *.download.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: download.windowsupdate.com

c:\windows\Downloaded Program Files\pcpitstopAntiVirus.dll - O16 -: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}
hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Banda\Application Data\Mozilla\Firefox\Profiles\adxuoj12.default\
FF - prefs.js: network.proxy.ftp - 192.168.0.3
FF - prefs.js: network.proxy.ftp_port - 40001
FF - prefs.js: network.proxy.gopher - 192.168.0.3
FF - prefs.js: network.proxy.gopher_port - 40001
FF - prefs.js: network.proxy.http - 192.168.0.3
FF - prefs.js: network.proxy.http_port - 40001
FF - prefs.js: network.proxy.socks - 192.168.0.3
FF - prefs.js: network.proxy.socks_port - 40001
FF - prefs.js: network.proxy.ssl - 192.168.0.3
FF - prefs.js: network.proxy.ssl_port - 40001
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 12:12:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\.Default\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Ding.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\AppGPFault\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\CCSelect\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\Close\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Critical.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Insert.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Remove.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Fail.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Low.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\MailBeep\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Notify.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\Maximize\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\MenuCommand\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\MenuPopup\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\Minimize\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\Open\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\RestoreDown\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\RestoreUp\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\ShowBand\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Error.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Exclamation.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\SystemExit\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Shutdown.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\SystemHand\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Critical Stop.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Balloon.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\SystemQuestion\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\SystemStart\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Startup.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logoff Sound.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logon Sound.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\Alert\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0\\aolshare\\sounds\\UK\\Default\\alert.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\BuddyIn\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\buddyin.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\BuddyOut\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\buddyout.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\Drop\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\drop.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\File's Done\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\filedone.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\Goodbye\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\goodbye.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\IM\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\im.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\Inactivity45\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\inactive.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\More Mail\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\moremail.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\OCW\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\phonecall.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\PanelIn\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\panelin.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\PanelOut\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\panelout.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\popupblock\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\popupblock.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\rmblock\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\rmblock.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\Slide\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\slider.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\TalkRing\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0\\aolshare\\sounds\\UK\\Default\\TalkRing.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\Urgent\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\urgent.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\Welcome\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\welcome.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\ygp\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\gotpics.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\Ygvm\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0\\aolshare\\sounds\\UK\\Default\\ygvm.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\AOL_UK(Default Sounds)\You've Got Mail\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Documents and Settings\\All Users\\Application Data\\AOL\\C_AOL 9.0 VR\\aolshare\\sounds\\UK\\Default\\gotmail.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Conf\Person Joins\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Conf\Person Leaves\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Conf\Receive Call\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="RingIn.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Conf\Receive Request to Join\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="RingIn.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="Windows XP Pop-up Blocked.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Recycle.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="Windows Feed Discovered.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Explorer\Navigating\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Start.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Explorer\SearchProviderDiscovered\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@=""

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="Windows XP Information Bar.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Program Files\\Messenger\\online.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Program Files\\Messenger\\newalert.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Program Files\\Messenger\\newemail.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@="c:\\Program Files\\Messenger\\type.wav"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\AppEvents\Schemes\Names\s*NULL*a*NULL*v*NULL*e*NULL*0*NULL*w]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="save"

[HKEY_USERS\S-1-5-21-299502267-1078081533-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
"OODEFRAG10.00.00.01WORKSTATION"="4445E3C5BC3F09DDA4B6EE4A76920AF27BC5E6C469F10B2B50C04138E47C95B628C4939571EC71DDD65AC4308AF97A75979D0CB99F4E4DE57BFCBF4F6A06BC42A6FE789813409CECD81F037A24C7D74F51389C4D4EBF5BA270FE07357F674D40410DE578C56E9310BAF7707103D731776281F60C73686AE5B74CA858FE2C3FE7EE2DBFA1E10C334F7EFBE8231E68E767FD0988C4C151FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D67945D575E7D6A3B980892DCFE0DCDA77C76F471305221592D4196EB98C150776C6D2EACEF24AEF77CCD0443F973912530D5019D5EC2885FAB5098D6DCBD75677AA009093F2CE9C1F517DA33301454A0764FBDB3525E85665CA6B0CB2D9581305D3E7736E8AC9B77300AEA4E5FDB68C07E7986C5730B81562924DAEE3F4B911ADA8DBE0C10613763EF7ADC3AB660366E2A510A6B1DD67759310D6BE63A0455AF6F3DF5DF49A64392AD1E2D21D6573AD98CB5473FA0EE775FC70988603E0793C44BDE87121F00D9D4968E2E31599B81F3F1E915DEC02AA71B73A5AD0A594325E951E6B4801091A8C0894C031A472BAFF2D5941FED367E3F846C53281892487678183091908D27732E1DB62592A1AA7DD06B4260122D870A56A3651DC161CB8A0DECF505AB7DAD0F3B9817E155D9DFB4CB96E1ACF6C586680F3A950143B426F407CDDBCB3EBAB6E5487895D79D57B736E6F2C6A94B925FCFF2070020DCEB54608CEE65F3B79277F6FBED42FE30F4BD73E64B28CEC09C194708162498D0DC788902B87DE28E474CD43E5D8F9D5082A674D6A3A2EC8DE0DF6B9AA3665C674F55C1174571CFB90EB1A33C5E5251C742495404303424ED4E046D38241134EB82D46EBAE3F1C63792499FE6BE460BE46BA143025A40EAA0C9F88F363CCD39AEA58308201994A787F1D917757E890FF92A4C83A6418F8AE62A562C29C7AE5B82DD141C419CD2252EBE4C6B5DD11E775B9B8D6C0BB4CBA0883CD8AEEFD5A85CBFC558CC59590AC8347DAE93DF216A2FE3D3CCE90E3A869ECEBEE01625A613D2C2E84C4F686F7B6C27A9331A7B0A3978EF5A937BD10DB14C8AE7EFF92FB2A9AB69480B6CB132CC4197B1B09BF45CB867622912B23C19A3410D5E30FE34240F2397D95580402887CA19751FCB571C7B659F2F9A3978801A6CAC3E6DE31FD9C54D3786117FDC8D995F454D1EF06F03F8AD92D02448F218330FC39816F79F653711B02AC6EB19D2D2AC3903ED654DFC8952A8E348305E6A72BF33EFBF9F298D2F29F616A3DF4A1A6A3314527616472BEB3952B3485432B43F67DABC21D271CD5E23FA11F788873B77447A6FC087F460449707FE06AA27E865C3A3EB161EF352D8E33552B8A8ACC2F90896"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\aol\Loader\aolload.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\a-squared Anti-Malware\a2wizard.exe
c:\program files\Webroot\Washer\WasherSvc.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\program files\WIPFW\bin\ipfw.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-01-07 12:15:47 - machine was rebooted [Banda]
ComboFix-quarantined-files.txt 2009-01-07 12:15:40

Pre-Run: 106,112,397,312 bytes free
Post-Run: 106,016,337,920 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /pae /fastdetect

897 --- E O F --- 2009-01-02 05:03:04

BC AdBot (Login to Remove)

 


#2 dai

dai
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cwm Cynon
  • Local time:10:01 AM

Posted 07 January 2009 - 09:18 PM

hi there, I had a prob with "generic hosts win system32 has a prob and must shut down" it also ko'd the sound system.happened every boot up. i read tutorial and ran combo fix which appears to have solved the problem, and as instructed i have made a log and would like it to be checked please,to make sure it's ok, thank you,Regards, dai

Edited by Orange Blossom, 07 January 2009 - 09:30 PM.
Merged topics. ~ OB


#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:01 AM

Posted 20 January 2009 - 09:33 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 dai

dai
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cwm Cynon
  • Local time:10:01 AM

Posted 20 January 2009 - 09:42 PM

hello there i cannot run the prog, i get this autolt error ...line-1: error: incorrect number of parameters in function call.
regards, dai

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:01 AM

Posted 21 January 2009 - 08:28 AM

  • Please download Trend Micro - HijackThis.
  • Double click HJTInstall.exe to begin installation.
  • Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  • Click Install.
  • A shortcut will be created on your Desktop and HijackThis will run automatically.
  • You will need to accept the EULA, if it appears, to be able to use the tool.
  • When HijackThis opens, click on the Do a system scan and save a log file button.
  • When HijackThis has finished scanning, a window entitled hijackthis.log will open. When you close this window, the log will be saved into the HijackThis folder.
  • If needed, see TrendMicro HijackThis Quick Start Guide
  • Copy and paste this log into your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 dai

dai
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cwm Cynon
  • Local time:10:01 AM

Posted 21 January 2009 - 09:10 AM

hello, thanks for your time

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:14, on 22/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\AOL\1229515613\ee\AOLSoftware.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\tsnp325.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\WIPFW\bin\ipfw.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Banda\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.3:40001
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\KGB\MPK.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AOL Broadband Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229515613\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1225404931000
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219418337921
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\WIPFW\bin\ipfw.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: RoxMediaDB10 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12728 bytes

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:01 AM

Posted 21 January 2009 - 02:29 PM

Step 1

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\KGB\MPK.exe

The entry above indicates that you have KGB Keylogger installed on your computer. KGB Keylogger invisibly monitors and records all of your computer activity. This information is then automatically emailed to an anonymous user. Did you install this program yourself?

Step 2

The item(s) below indicate(s) you have installed BitComet.

C:\Program Files\BitComet\BitComet.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)


Since the nature of P2P programs are counter productive to restoring your PC to a healthy state, we ask that you remove P2P file sharing programs prior to our providing you with malware removal assistance. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer.

The people who design and distribute malware will use any method to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular method is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
To remove the P2P program:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight , click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
  • Using Windows Explorer (Windows key+e), search for the folder. If the program folder is still there, select/highlight . DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
  • Close Windows Explorer.
There is a Video showing how to uninstall a program (Grinler) detailing how to add or remove program in Windows for those who find a visual aid appealing. NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

I am not asking you to do remove the P2P program(s) without giving you good reasons for doing so.
  • P2P programs form a direct conduit on to your computer.
  • P2P security measures are easily circumvented.
  • Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize.
  • There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
  • P2P programs have always been a target of malware writers. There are more Viruses, Worms and Trojans being distributed with the downloaded files.
  • P2P programs connected to a network can be used to spread malware, share private documents, or use the file server to both store and forward malware.
  • Many of the files in P2P networks are copyrighted and legal action could result.
  • Pedophiles can use P2P communities to distribute child porn materials or attempt to make contact with children.
  • This article from InfoWorld, Seattle Man Arrested For P To P ID Theft, illustrates perfectly the dangers of a poorly configured P2P program.
  • Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
  • When you use them, you are downloading software from an unknown source directly onto your computer bypassing your Firewall and Anti-Virus software. Many of these Downloads are being targeted to carry infections.
For more information, please read Malware Removal Forum's Policy regarding P2P programs. P2P (peer to peer) file sharing programs must be removed.

References for the risk of these programs are:If you continue to use P2P programs, you will probably get infected again.

Please uninstall all P2P programs and post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 dai

dai
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cwm Cynon
  • Local time:10:01 AM

Posted 21 January 2009 - 05:01 PM

hello there, i installed the kgb prog, my nephew & son are using the puter and a lot of "unusual"stuff is occuring ,and i wanted to know who to give a boot up the backside to!LOL!

Thanks once again

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:54, on 22/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\AOL\1229515613\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\tsnp325.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\WIPFW\bin\ipfw.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Banda\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.3:40001
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\KGB\MPK.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AOL Broadband Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229515613\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1225404931000
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219418337921
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\WIPFW\bin\ipfw.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: RoxMediaDB10 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12267 bytes

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:01 AM

Posted 22 January 2009 - 08:22 PM

You still have the P2P, BitTorrent DNA, installed. Please uninstall it. Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 dai

dai
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cwm Cynon
  • Local time:10:01 AM

Posted 23 January 2009 - 07:07 AM

hello there, i'm sorry about that my mistake,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:58, on 24/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\AOL\1229515613\ee\AOLSoftware.exe
C:\WINDOWS\tsnp325.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\WIPFW\bin\ipfw.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Banda\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.3:40001
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Program Files\KGB\MPK.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AOL Broadband Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229515613\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-299502267-1078081533-1801674531-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1225404931000
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219418337921
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\WIPFW\bin\ipfw.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: RoxMediaDB10 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10841 bytes

#11 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:01 AM

Posted 23 January 2009 - 05:12 PM

I have some bad news for you.

O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\WIPFW\bin\ipfw.exe

The entries above indicate your computer may be infected with backdoor trojans. These trojans leave a backdoor open on the system that can allow hacker total and complete access to your computer. Hackers can operate your computer just as if he were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs. Backdoor trojans send your identity information to a third party who may use that information for their own purposes such as identity theft, stolen bank funds, stealing credit card information etc.

Before deciding whether your computer needs cleaning or reformatting, you need to ask yourself some very serious questions.

Do you use your computer for any of the following?
  • Online banking/Business purposes
  • storing sensitive or very personal information
If you answered yes to any of those questions, you should disconnect your computer from the Internet and do a complete format and reinstall. If you use online banking, then you should contact your bank and arrange to have your password changed immediately. You should change any other passwords you use as these may have been compromised.

David Bach's Six Ways to Avoid Identity Theft

Here are six things you need to know to fight back against identity theft:

1. Keep your private information private.

Half of all identity theft in which the thief is identified is committed by a friend, coworker, neighbor, in-home employee, or relative of the victim. So make it a habit not to leave things lying around at home or in the office -- specifically your wallet, checkbook, or anything else containing private or financial information, including your mail.

Also, before you toss anything in the trash containing your private information, be sure to shred it. This isn't new advice, but I'd be remiss not to mention it.

2. Get a copy of your credit reports.

Often, victims of identity theft have no idea their credit is being used or destroyed until they apply for a loan and pull their credit score. So pull your credit report now, and make a plan to check it regularly.

By law, you're entitled to a free credit report from each of the three major credit bureaus -- Equifax, Experian, and TransUnion -- once every year. Go to AnnualCreditReport.com and stagger your requests so that you'll receive one report from each credit bureau every four months. Put the dates on your calendar so you don't forget. Keep in mind that this is for your free credit report only, not your credit score.

For your credit score, you'll need to go to myFICO. While you're there, you may want to check out their Identity Theft Security Deluxe product, which monitors your credit score and credit report automatically for $49.95 a year.

3. Find out if your state has a credit freeze law.

Here's a virtually foolproof way to prevent a thief from stealing your identity and using your personal data to get approved for credit. With this new law you're able to block ("freeze") all access to your credit report and credit score.

It's not necessarily the most convenient solution to protect yourself from fraud. Anytime you need to have your credit checked -- for instance, if you're buying a car or cell phone or even interviewing for a job -- you'll need to lift the block ("thaw" your record), which takes about three days. But if you have real concerns about identity theft or perhaps are already a victim, this is an option you may want to consider.

Some states will only grant a credit freeze if you're already a victim of identity theft. Find out if your state has a credit freeze law, including what it costs, by visiting FinancialPrivacyNow.org.

4. Check your bank statements weekly.

One of the great things about online banking is that you can log on and check your account at any time. Make a point of checking your bank statement weekly to be sure there aren't any red flags.

The same goes for your credit card statements. In fact, you may want to consider canceling your paper statements altogether and opting for online statements. After all, you're more likely to have personal information stolen from your mail than from the Internet.

That said, be sure to always use a secure computer. Using a public computer, like one at your local library, is risky due to tracking software that thieves can use to steal your passwords.

5. Be computer savvy.

Even though a relatively small percentage of identity theft occurs online, you should still take necessary precautions.

In addition to being careful about surfing the web on public computers, you should also be aware of the risks involved when using a wireless connection. Wi-Fi and Bluetooth are becoming increasingly popular, and as a result, there is bound to be an increase in wireless hacking.

Wireless connectivity is the perfect platform for thieves to get your personal data. If you have a wireless network at home or work, make sure you are incorporating password-protection and encryption. When accessing public hotspots, use a personal firewall.

Also, keep your computer safe by updating your antivirus and anti-spyware programs regularly. Use passwords so that others can't log on to your computer, laptop, or even your PDA, and be sure to change your passwords often.

Be smart about phishing scams, too. That's when you're sent an email that requests your personal or financial information, or that prompts you to click a link to provide your personal or financial information. If you're unsure of the legitimacy of such a request, call the company that it was supposedly sent from. If an email seems suspicious, it usually is.

6. Be aware of "deleted" data.

The Washington Post recently ran an article on mobile phones -- specifically "smartphones" like the Palm Treo and BlackBerry -- that was quite an eye-opener.

According to the story, resetting your phone to wipe out personal data doesn't exactly delete information. It turns out that your phone's operating system never actually deletes data, only the pointers to where the data is located. Anyone with the right software can recover information that was stored on your phone once you sell or discard it

You need to do is contact the device manufacturer for complete instructions on what to do to wipe your data clean. You can also visit WirelessRecycling.com for instructions. And think twice about what information you store on your device in case it's ever lost or stolen.

If Your Identity Is Stolen

Take the above steps and -- should you ever find yourself in the unfortunate position of having had your identity stolen -- you'll commend yourself for being proactive enough to identify a problem before too much damage was done.

Don't waste a minute once you've discovered suspicious activity -- go directly to the website of the Federal Trade Commission to file a complaint and access their comprehensive guide on the steps you'll need to follow to resolve the situation.

I recommend backing up your important files and reinstalling everything from scratch. There are so many changes that could have been done if that backdoor was used. Even if we cleaned the infections, it would not help to recover the information that has been compromised and there is no guarantee that your computer would be safe to use. It is dangerous and incorrect to assume that simply because one backdoor trojan has been removed from your computer that your computer is now secure.

If you only use your computer for music/games etc, your better option would be to clean it of infections rather than do a reformat. The decision must be made by you.

Here are some informative links to use to help you make a decision:

Danger: Remote Access Trojans

Consumers Identity Theft

When should I re-format? How should I reinstall?

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Rootkits: The Obscure Hacker Attack

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

Microsoft Says Recovery from Malware Becoming Impossible

How to report ID theft, fraud, drive-by installs, hijacking and malware? (#10451)

However, if you do not have the resources to reformat your computer and reinstall your operating system and programs, I will be happy to attempt to clean it.

Should you have any questions, please feel free to ask.

Please let me know what you have decided to do in your next post.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#12 dai

dai
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cwm Cynon
  • Local time:10:01 AM

Posted 23 January 2009 - 10:11 PM

suebaby, your offer to try and clean my pc, is greatfully accepted. thank you. could you tell me what i have to do please? many thanks, dai

Edited by dai, 23 January 2009 - 10:17 PM.


#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:01 AM

Posted 24 January 2009 - 11:47 AM

OK, we will try to clean your computer as long as you realize that there is no guarantee that your computer is safe even after cleaning. Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 dai

dai
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cwm Cynon
  • Local time:10:01 AM

Posted 25 January 2009 - 06:52 AM

SB41,sorry to mess you about, , but after reading your reply ,i have now decided to reformat and re insall thank you for your time and effort , Regards,Dai

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:01 AM

Posted 25 January 2009 - 09:41 AM

I think you have made a wise decision. Thank you for letting me know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users