Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log.


  • This topic is locked This topic is locked
6 replies to this topic

#1 Aphillios

Aphillios

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 09 October 2009 - 01:08 PM

I've been having some problems with my computer lately. Programs that have been working fine just stopped working. I don't really have that much information for you, but I think something's wrong.


DDS (Ver_09-09-29.01) - FAT32x86
Run by morgan at 5:10:36.73 on Sat 10/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.970 [GMT

11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled*

{BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
G:\Program Files\Sygate\SPF\smc.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
G:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
G:\PROGRA~1\AVG\AVG8\avgrsx.exe
G:\PROGRA~1\AVG\AVG8\avgnsx.exe
G:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Program Files\BWMeter\BWMeterConSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
g:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SOUNDMAN.EXE
G:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\WinBar\WinBar.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\Programmer's Notepad\pn.exe
G:\Program Files\WinSCP\WinSCP.exe
G:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HydraIRC\HydraIRC.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\morgan\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\morgan\My Documents\Downloads\RootRepeal.exe
C:\Documents and Settings\morgan\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by vtown
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros

oft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer provided by vtown
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer =

ftp=192.168.0.1:4421;gopher=192.168.0.1:4480;http=192.168.0.1:4480;https=192.168.

0.1:4480
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program

files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program

files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

g:\progra~1\spybot~1\SDHelper.dll
BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} -

c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -

g:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - g:\program

files\avg\avg8\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe"

/background
uRun: [SUPERAntiSpyware] g:\program

files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SystemTray] SysTray.Exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SmcService] g:\progra~1\sygate\spf\smc.exe -startgui
mRun: [AVG8_TRAY] g:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE

c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "g:\program files\malwarebytes'

anti-malware\mbam.exe" /runcleanupscript
mRun: [NvMediaCenter] RUNDLL32.EXE

c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [nwiz] nwiz.exe /install
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\morgan\startm~1\programs\startup\winbar.lnk -

g:\program files\winbar\WinBar.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program

files\google\GoogleToolbar1.dll/cmcache.html
IE: Download ALL with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - g:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - g:\program files\widcomm\bluetooth

software\btsendto_ie_ctx.htm
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - g:\program

files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and

settings\morgan\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} -

g:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

g:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} -

{53707962-6F74-2D53-2644-206D7942484F} - g:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -

hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWeb

Control.cab?1247391804812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

g:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\program

files\avg\avg8\avgpp.dll
Notify: !saswinlogon - g:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd}

- g:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} -

g:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

c:\docume~1\morgan\applic~1\mozilla\firefox\profiles\qx31luiv.default\
FF - prefs.js: browser.search.defaulturl -

hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage -

hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:offic

ial
FF - prefs.js: keyword.URL -

hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-t

b-web_us&p=
FF - component: g:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: g:\program

files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.

dll
FF - component: g:\program

files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.

dll
FF - component: g:\program

files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35

.dll
FF - component: g:\program

files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: g:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: g:\program files\veetle\player\npvlc.dll
FF - plugin: g:\program files\veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - g:\program

files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgldx86;AVG Free AVI Loader Driver

x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-7 335240]
R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-7 27784]
R1 avgtdix;AVG Free8 Network

Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-7 108552]
R1 sasdifsv;SASDIFSV;g:\program files\superantispyware\sasdifsv.sys [2009-9-4

9968]
R1 saskutil;SASKUTIL;g:\program files\superantispyware\SASKUTIL.SYS

[2009-9-4 74480]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2006-6-1

53760]
R2 avg8wd;AVG Free8 WatchDog;g:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-7

297752]
R2 BWMeterConSvc;BWMeter Connections Service;g:\program

files\bwmeter\BWMeterConSvc.exe [2009-7-18 62464]
R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2003-6-24 39880]
R2 GLOGODrv;GLOGODrv;c:\windows\system32\drivers\GLOGODrv.sys

[2003-6-24 13332]
R2 ousbehci;OrangeWare USB Enhanced Host Controller

Service;c:\windows\system32\drivers\ousbehci.sys [2009-7-13 45696]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2009-5-20 24652]
R3 dsnpfdMP;dsnpfdMP;c:\windows\system32\drivers\dsnpfd.sys [2009-7-18

29720]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub

Support;c:\windows\system32\drivers\ousb2hub.sys [2009-7-13 56960]
R3 sasenum;SASENUM;g:\program files\superantispyware\SASENUM.SYS

[2009-9-4 7408]
S1 43a800c;43a800c;c:\windows\system32\drivers\43a800c.sys [2009-8-10 87168]
S3 dsnpfd;Dsnpfd Service;c:\windows\system32\drivers\dsnpfd.sys [2009-7-18

29720]
S3 fsusbexdisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-5-26

36608]
S3 iatmunin;iatmunin;\??\c:\docume~1\morgan\locals~1\temp\iatmunin.sys -->

c:\docume~1\morgan\locals~1\temp\iatmunin.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys

[2005-8-3 32512]
S3 TNET1130;D-Link AirPlus XtremeG+ Wireless

Adapter;c:\windows\system32\drivers\GPlus.sys [2004-8-15 202496]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe

[2009-5-26 233472]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-10-09 18:38 89,134 a------- c:\windows\system32\nvapps.xml
2009-10-04 13:49 <DIR> --d----- c:\program files\Windows Installer

Clean Up
2009-09-20 22:30 <DIR> --d----- c:\program files\Microsoft
2009-09-17 03:08 <DIR> --d----- c:\documents and

settings\morgan\amsn
2009-09-17 02:15 0 a-------

C:\3590F75ABA9E485486C100C1A9D4FF06NEFUSSMUIZXLBOQP
2009-09-17 00:40 <DIR> --d----- c:\program files\Windows Live

SkyDrive

==================== Find3M ====================

2009-09-21 03:05 87,168 a-------

c:\windows\system32\drivers\43a800c.sys
2009-09-10 14:54 38,224 a-------

c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-07 22:37 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-07 22:37 108,552 a-------

c:\windows\system32\drivers\avgtdix.sys
2009-09-07 22:37 335,240 a-------

c:\windows\system32\drivers\avgldx86.sys
2009-07-13 16:38 8 a------- c:\docume~1\morgan\applic~1\usb.dat
2006-12-25 14:38 24,192 a------- c:\documents and

settings\morgan\usbsermptxp.sys
2006-12-25 14:38 22,768 a------- c:\documents and

settings\morgan\usbsermpt.sys
2000-08-21 04:52 266 ---sh--- c:\program files\desktop.ini
2000-08-21 04:52 11,079 ----h--- c:\program files\folder.htt

============= FINISH: 5:10:59.73 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/10 05:12
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7474000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB8E89000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79A3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB04C5000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\3590f75aba9e485486c100c1a9d4ff06nefussmuizxlboqp
Status: Allocation size mismatch (API: 548175872, Raw: 0)

Path: c:\config.msi\1954cf8.rbf
Status: Allocation size mismatch (API: 68198400, Raw: 0)

Path: c:\recycled\dc1.dll
Status: Allocation size mismatch (API: 7462912, Raw: 0)

Path: c:\recycled\dc3.dll
Status: Allocation size mismatch (API: 4169728, Raw: 0)

Path: c:\recycled\dc4.dll
Status: Allocation size mismatch (API: 5455872, Raw: 0)

Path: c:\recycled\dc5.dll
Status: Allocation size mismatch (API: 3538944, Raw: 0)

Path: C:\WINDOWS\SYSTEM32\kbiwkmoxllkosu.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\kbiwkmvnobeowq.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\kbiwkmppxlmnao.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\kbiwkmtfnnxbqp.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\kbiwkmxtstibcj.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\kbiwkmwxnsswul.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\kbiwkmbfhwevxa.dll
Status: Invisible to the Windows API!

Path: c:\recycled\dc7.81_forceware_winxp2k_english\zzzzzzzz
Status: Allocation size mismatch (API: 3489792, Raw: 0)

Path: C:\WINDOWS\SYSTEM32\DRIVERS\43A800C.SYS
Status: Could not get file information (Error 0xc0000102)

Path: C:\WINDOWS\SYSTEM32\DRIVERS\kbiwkmnepkigoi.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\DRIVERS\kbiwkmounmqvqk.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\morgan\recent\terriblescreenbadness.bmp.lnk
Status: Allocation size mismatch (API: 1458176, Raw: 0)

Path: C:\WINDOWS\Temporary Internet Files\Content.IE5\45FBXQ6I\image[10].jpg
Status: Could not get file information (Error 0xc0000102)

Path: c:\windows\temporary internet files\content.ie5\45fbxq6i\imageca7bz5ez.jpg
Status: Allocation size mismatch (API: 4972544, Raw: 0)

Path: c:\program files\common files\windows live\.cache\wlc2f5.tmp
Status: Allocation size mismatch (API: 85573632, Raw: 0)

Path: c:\program files\hydrairc\logs\evo\channel_#othi.public.txt
Status: Allocation size mismatch (API: 598016, Raw: 401408)

Path: c:\program files\hydrairc\logs\evo\channel_#celt.txt
Status: Allocation size mismatch (API: 319488, Raw: 106496)

Path: c:\program files\hydrairc\logs\evo\channel_#evo.txt
Status: Allocation size mismatch (API: 622592, Raw: 442368)

Path: c:\program files\hydrairc\logs\evo\channel_#red.public.txt
Status: Allocation size mismatch (API: 737280, Raw: 565248)

Path: c:\program files\hydrairc\logs\evo\channel_#valheru.private.txt
Status: Allocation size mismatch (API: 737280, Raw: 507904)

Path: c:\program files\hydrairc\logs\evo\channel_#valheru.public.txt
Status: Allocation size mismatch (API: 655360, Raw: 442368)

Path: c:\program files\hydrairc\logs\evo\channel_#evo.soc.txt
Status: Allocation size mismatch (API: 696320, Raw: 507904)

Path: c:\program files\hydrairc\logs\evo\channel_#nod.txt
Status: Allocation size mismatch (API: 638976, Raw: 475136)

Path: c:\documents and settings\morgan\local settings\temp\flacb.tmp
Status: Allocation size mismatch (API: 10756096, Raw: 10592256)

Path: c:\documents and settings\morgan\local settings\temp\37e3e86f-07e6-4758-b656-f7857be63156.tmp
Status: Allocation size mismatch (API: 88547328, Raw: 1114112)

Path: c:\documents and settings\morgan\local settings\temp\fdeac6f6-0721-4ebc-9797-11a3e07b2371.tmp
Status: Allocation size mismatch (API: 106496, Raw: 0)

Path: c:\documents and settings\morgan\my documents\downloads\diana_newstar_-_007.rar
Status: Allocation size mismatch (API: 44605440, Raw: 0)

Path: C:\Documents and Settings\MORGAN\Application Data\Samsung\New PC Studio\ImageViewer.dat
Status: Could not get file information (Error 0xc0000102)

Path: C:\WINDOWS\Profiles\All Users\Application Data\Avg8\Log\avglng.log.7
Status: Could not get file information (Error 0xc0000102)

Path: c:\windows\profiles\all users\application data\avg8\log\avglng.log.6
Status: Allocation size mismatch (API: 3915776, Raw: 1032192)

Path: C:\WINDOWS\Profiles\All Users\Application Data\Avg8\Log\avgcore.log.5
Status: Could not get file information (Error 0xc0000102)

Path: c:\windows\profiles\all users\application data\avg8\log\avgcfg.log.2
Status: Allocation size mismatch (API: 1056768, Raw: 1032192)

Path: c:\windows\profiles\all users\application data\avg8\log\0455e6da-77e5-4efa-9d9f-89efbc03145f
Status: Allocation size mismatch (API: 1286144, Raw: 0)

Path: c:\windows\profiles\all users\application data\avg8\log\3ddc6700-3684-4ae9-9bb8-36ece4a2ac2c
Status: Allocation size mismatch (API: 1802240, Raw: 0)

Path: c:\windows\profiles\all users\application data\avg8\log\a78b893b-13f3-4dc0-9192-24e238b23e5d
Status: Allocation size mismatch (API: 1425408, Raw: 0)

Path: c:\windows\profiles\all users\application data\avg8\log\a3a3bb5b-3045-49f4-b0a4-03257220447e
Status: Allocation size mismatch (API: 15663104, Raw: 0)

Path: c:\windows\profiles\all users\application data\avg8\log\ef7572c3-2667-44af-ac35-4b6c0e8a9fb4
Status: Allocation size mismatch (API: 87318528, Raw: 0)

Path: c:\windows\profiles\all users\application data\avg8\log\avgwd.log.6
Status: Allocation size mismatch (API: 1097728, Raw: 1032192)

Path: c:\windows\profiles\all users\application data\avg8\log\30cdae92-4345-4d1b-93d4-82d9a5fb367b
Status: Allocation size mismatch (API: 3506176, Raw: 0)

Path: c:\documents and settings\morgan\application data\samsung\new pc studio\renderdata\photo029.jpg
Status: Allocation size mismatch (API: 352256, Raw: 106496)

Path: C:\WINDOWS\Profiles\All Users\Application Data\Avg8\UPDATE\DOWNLOAD\u7iavi2368dn.bin
Status: Could not get file information (Error 0xc0000102)

Path: c:\windows\profiles\all users\application data\avg8\update\download\u7avi1687hq.bin
Status: Allocation size mismatch (API: 6725632, Raw: 6619136)

Path: C:\WINDOWS\Profiles\All Users\Application Data\Avg8\UPDATE\DOWNLOAD\u7iavi2371hq.bin
Status: Could not get file information (Error 0xc0000102)

Path: c:\windows\profiles\all users\application data\avg8\update\download\u7iavi2374pd.bin
Status: Allocation size mismatch (API: 90873856, Raw: 41426944)

Path: C:\WINDOWS\Profiles\All Users\Application Data\Avg8\UPDATE\DOWNLOAD\u7iavi23831t.bin
Status: Could not get file information (Error 0xc0000102)

Path: C:\WINDOWS\Profiles\All Users\Application Data\Avg8\UPDATE\PREPARE\incavi.avm.tmp
Status: Could not get file information (Error 0xc0000102)

Path: c:\documents and settings\morgan\desktop\rmit stuff\semester 2 2009\data comm and net-centric\assignment 2\assignment 2.docx
Status: Allocation size mismatch (API: 458752, Raw: 49152)

Path: C:\Documents and Settings\MORGAN\Application Data\Adobe\Acrobat\7.0\Updater\UDSTORE.JS
Status: Could not get file information (Error 0xc0000102)

Path: c:\documents and settings\morgan\application data\mozilla\firefox\profiles\qx31luiv.default\formhistory.sqlite
Status: Allocation size mismatch (API: 278528, Raw: 90112)

Path: c:\documents and settings\morgan\local settings\application data\mozilla\firefox\profiles\qx31luiv.default\urlclassifier3.sqlite
Status: Allocation size mismatch (API: 36659200, Raw: 36536320)

Path: C:\Documents and Settings\MORGAN\Application Data\Macromedia\Flash Player\#SharedObjects\HKQV2B8E\img.livejasmin.com\WMTR.SOL
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\MORGAN\Local Settings\Application Data\Microsoft\Windows Live Contacts\{3e7d05c9-50ae-4ddb-81bf-3f0c3c375225}\Failed\1CA36929F0A1566\LogFiles\edb0023F.log
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\MORGAN\Application Data\Macromedia\Flash Player\macromedia.com\SUPPORT\flashplayer\SYS\#www.sextube.si\<f.1 ~
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\MORGAN\Application Data\Macromedia\Flash Player\macromedia.com\SUPPORT\flashplayer\SYS\#www.sextube.si\;#.F]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\MORGAN\Application Data\Macromedia\Flash Player\macromedia.com\SUPPORT\flashplayer\SYS\#www.dailymotion.com\SETTINGS.SOL
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\MORGAN\Local Settings\Application Data\Mozilla\Firefox\Profiles\qx31luiv.default\Cache.Trash\Trash-1\Cache\_CACHE_003_
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\MORGAN\Local Settings\Application Data\Mozilla\Firefox\Profiles\qx31luiv.default\Cache.Trash\Trash-2\Cache\_CACHE_002_
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\MORGAN\Local Settings\Application Data\Mozilla\Firefox\Profiles\qx31luiv.default\Cache.Trash\Trash-2\Cache\13FF7068d01
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\MORGAN\Local Settings\Application Data\Mozilla\Firefox\Profiles\qx31luiv.default\Cache.Trash\Trash\Cache\193B047Ed01
Status: Could not get file information (Error 0xc0000102)

Path: C:\Documents and Settings\MORGAN\Local Settings\Application Data\Mozilla\Firefox\Profiles\qx31luiv.default\Cache.Trash\Trash\Cache\80E2547Ed01
Status: Could not get file information (Error 0xc0000102)

Path: c:\documents and settings\morgan\application data\macromedia\flash player\#sharedobjects\hkqv2b8e\www.dailymotion.com\flash\dmplayer\dmplayer.swf\dmplayer.sol
Status: Allocation size mismatch (API: 4038656, Raw: 0)

Path: Volume E:\
Status: MBR Rootkit Detected!

Path: Volume E:\, Sector 1
Status: Sector mismatch

Path: Volume E:\, Sector 2
Status: Sector mismatch

Path: Volume E:\, Sector 3
Status: Sector mismatch

Path: Volume E:\, Sector 4
Status: Sector mismatch

Path: Volume E:\, Sector 5
Status: Sector mismatch

Path: Volume E:\, Sector 6
Status: Sector mismatch

Path: Volume E:\, Sector 7
Status: Sector mismatch

Path: Volume E:\, Sector 8
Status: Sector mismatch

Path: Volume E:\, Sector 9
Status: Sector mismatch

Path: Volume E:\, Sector 10
Status: Sector mismatch

Path: Volume E:\, Sector 11
Status: Sector mismatch

Path: Volume E:\, Sector 12
Status: Sector mismatch

Path: Volume E:\, Sector 13
Status: Sector mismatch

Path: Volume E:\, Sector 14
Status: Sector mismatch

Path: Volume E:\, Sector 15
Status: Sector mismatch

Path: Volume E:\, Sector 16
Status: Sector mismatch

Path: Volume E:\, Sector 17
Status: Sector mismatch

Path: Volume E:\, Sector 18
Status: Sector mismatch

Path: Volume E:\, Sector 19
Status: Sector mismatch

Path: Volume E:\, Sector 20
Status: Sector mismatch

Path: Volume E:\, Sector 21
Status: Sector mismatch

Path: Volume E:\, Sector 22
Status: Sector mismatch

Path: Volume E:\, Sector 23
Status: Sector mismatch

Path: Volume E:\, Sector 24
Status: Sector mismatch

Path: Volume E:\, Sector 25
Status: Sector mismatch

Path: Volume E:\, Sector 26
Status: Sector mismatch

Path: Volume E:\, Sector 27
Status: Sector mismatch

Path: Volume E:\, Sector 28
Status: Sector mismatch

Path: Volume E:\, Sector 29
Status: Sector mismatch

Path: Volume E:\, Sector 30
Status: Sector mismatch

Path: Volume E:\, Sector 31
Status: Sector mismatch

Path: Volume E:\, Sector 32
Status: Sector mismatch

Path: Volume E:\, Sector 33
Status: Sector mismatch

Path: Volume E:\, Sector 34
Status: Sector mismatch

Path: Volume E:\, Sector 35
Status: Sector mismatch

Path: Volume E:\, Sector 36
Status: Sector mismatch

Path: Volume E:\, Sector 37
Status: Sector mismatch

Path: Volume E:\, Sector 38
Status: Sector mismatch

Path: Volume E:\, Sector 39
Status: Sector mismatch

Path: Volume E:\, Sector 40
Status: Sector mismatch

Path: Volume E:\, Sector 41
Status: Sector mismatch

Path: Volume E:\, Sector 42
Status: Sector mismatch

Path: Volume E:\, Sector 43
Status: Sector mismatch

Path: Volume E:\, Sector 44
Status: Sector mismatch

Path: Volume E:\, Sector 45
Status: Sector mismatch

Path: Volume E:\, Sector 46
Status: Sector mismatch

Path: Volume E:\, Sector 47
Status: Sector mismatch

Path: Volume E:\, Sector 48
Status: Sector mismatch

Path: Volume E:\, Sector 49
Status: Sector mismatch

Path: Volume E:\, Sector 50
Status: Sector mismatch

Path: Volume E:\, Sector 51
Status: Sector mismatch

Path: Volume E:\, Sector 52
Status: Sector mismatch

Path: Volume E:\, Sector 53
Status: Sector mismatch

Path: Volume E:\, Sector 54
Status: Sector mismatch

Path: Volume E:\, Sector 55
Status: Sector mismatch

Path: Volume E:\, Sector 56
Status: Sector mismatch

Path: Volume E:\, Sector 57
Status: Sector mismatch

Path: Volume E:\, Sector 58
Status: Sector mismatch

Path: Volume E:\, Sector 59
Status: Sector mismatch

Path: Volume E:\, Sector 60
Status: Sector mismatch

Path: Volume E:\, Sector 61
Status: Sector mismatch

Path: Volume E:\, Sector 62
Status: Sector mismatch

Path: E:\._.Trashes
Status: Visible to the Windows API, but not on disk.

Path: E:\.Trashes
Status: Visible to the Windows API, but not on disk.

Path: E:\autorun.inf
Status: Visible to the Windows API, but not on disk.

Path: E:\.Spotlight-V100
Status: Visible to the Windows API, but not on disk.

Path: E:\WD Original
Status: Visible to the Windows API, but not on disk.

Path: E:\System Volume Information
Status: Visible to the Windows API, but not on disk.

Path: E:\TV Shows and Movies
Status: Visible to the Windows API, but not on disk.

Path: E:\Recycled
Status: Visible to the Windows API, but not on disk.

Path: E:\$RECYCLE.BIN
Status: Visible to the Windows API, but not on disk.

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfsȅ敓捁ۀ鷐Ȃః慆湴Cook, IRP_MJ_READ]
Process: System Address: 0x8a283a68 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8a53e7b8 Size: 11

Object: Hidden Code [Driver: pagefile.sy, IRP_MJ_READ]
Process: System Address: 0x8a1bb6b0 Size: 11

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a248650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a245650 Size: 99

Object: Hidden Code [Driver: prodrv06Ѕఅ癁⩧틜룰, IRP_MJ_CREATE]
Process: System Address: 0xe188dc30 Size: 976

Object: Hidden Code [Driver: prodrv06Ѕఅ癁⩧틜룰, IRP_MJ_CLOSE]
Process: System Address: 0xe188dc30 Size: 976

Object: Hidden Code [Driver: prodrv06Ѕఅ癁⩧틜룰, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xe188dc30 Size: 976

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]
Process: System Address: 0x8a20a650 Size: 99

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System Address: 0xe1012cc0 Size: 833

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System Address: 0xe1012cc0 Size: 833

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xe1012cc0 Size: 833

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8a283c80 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a1c3658 Size: 11

Object: Hidden Code [Driver: NpfsЅఊ祓䓨腈, IRP_MJ_READ]
Process: System Address: 0x8a283850 Size: 11

Object: Hidden Code [Driver: MsfsЅ㍖㘸槨Ђఅ扏济Phys, IRP_MJ_READ]
Process: System Address: 0x8a283638 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x8a282fb0 Size: 11

Object: Hidden Code [Driver: , IRP_MJ_READ]
Process: System Address: 0x8a27ac20 Size: 11

Hidden Services
-------------------
Service Name: kbiwkmsmjemppj
Image Path: C:\WINDOWS\system32\drivers\kbiwkmnepkigoi.sys

Service Name: kbiwkmtlsrlnqg
Image Path: C:\WINDOWS\system32\drivers\kbiwkmounmqvqk.sys

==EOF==

---------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:33 AM, on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
G:\PROGRA~1\AVG\AVG8\avgrsx.exe
G:\PROGRA~1\AVG\AVG8\avgnsx.exe
G:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Program Files\BWMeter\BWMeterConSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
g:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SOUNDMAN.EXE
G:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\WinBar\WinBar.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\Programmer's Notepad\pn.exe
G:\Program Files\WinSCP\WinSCP.exe
G:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HydraIRC\HydraIRC.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\morgan\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by vtown
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:4421;gopher=192.168.0.1:4480;http=192.168.0.1:4480;https=192.168.0.1:4480
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - G:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - G:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {a3bc75a2-1f87-4686-aa43-5347d756017c} - G:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - G:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] G:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: WinBar.lnk = G:\Program Files\WinBar\WinBar.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - G:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\morgan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: vtown - {65F2F5E0-771F-11D4-9FB1-D5A949152938} - http://www.vtown.com.au/b.asp?v=1&l=tb (file missing) (HKCU)
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1247391804812
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - G:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - G:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: BWMeter Connections Service (BWMeterConSvc) - Unknown owner - G:\Program Files\BWMeter\BWMeterConSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - g:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Sygate Personal Firewall (smcservice) - Sygate Technologies, Inc. - G:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10623 bytes

Attached Files


Edited by Aphillios, 09 October 2009 - 01:32 PM.


BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 AM

Posted 25 October 2009 - 02:29 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 Aphillios

Aphillios
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 25 October 2009 - 02:40 AM

It's been resolved.

#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 AM

Posted 25 October 2009 - 02:57 AM

Thanks for letting us Know!!!

#5 Aphillios

Aphillios
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 25 October 2009 - 02:58 AM

Thanks for letting me know that I hadn't been forgotten :(

#6 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 AM

Posted 25 October 2009 - 03:02 AM

Hello Aphillios, :(

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.:


Please take the time to read below to secure your machine and take the necessary steps to keep it Clean, some of the following you may already have, So. just disregard them.
  • Make sure that you keep your anti-virus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your anti-virus program to provide you with the best possible protection from malicious software.
    Note: You should only have one anti-virus installed at a time. Having more than one anti-virus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  • Secure Your Software: Update Non-Microsoft Programs:

    Microsoft isn't the only company whose products can contain security vulnerabilities.

    Is your computer really secure? If you have antivirus software, malware scanners and a firewall, you might think you'e safe from hackers, crackers and identity thieves. But chances are, you're missing one critical piece of the security puzzle. Read on to learn how to secure your software and truly lock down your computer:

    What's the Missing Link in Computer Security?

    You may feel safe behind a firewall and anti-virus software. But you're not. Bad guys can still get to your personal information stored on your computer, and even take over your computer and run it as if it was their own. The gap in your armor? It's the application software you use every day. Let's look at just one recent example.

    Do you ever read Adobe PDF files, in your browser or with Adobe Reader after downloading? Tens of millions of people do; PDF is one of the most widely used file formats. In July 2009, hackers found a way to embed malware in PDF files using the equally popular Adobe Flash animation format. Even anti-virus software developers like Symantec were caught off-guard by this obscure vulnerability. New vulnerabilities are discovered in application software every hour, it seems.

    Software developers issue patches and updates that close these doors to hackers in a never-ending game of Whack-A-Mole. Vulnerability pops up here, hit it with a patch. Another pops up over there, hit it with another patch. Developers provide the patches, but it's up to you, the end user, to whack the moles.
    Staying on Top of Application Security

    It's vital to keep all your software up to date with the latest patches and upgrades. But the average computer holds about 80 application programs! How can you keep up with it all?

    _First, concentrate on the programs that are most often targeted by bad guys. They are the most commonly used programs: Microsoft Office, Adobe Reader, Internet Explorer, etc. The more people there are using a program, the more targets there are for a hacker's arrows. Naturally, the hacker goes after the biggest potential "market" for his malware.

    _Second, activate automatic update
    features when they are available. Then your software will check its home site for patches and upgrades every day, or week, or whatever. It can download and install updates without bothering you at all, or tell you when updates are available and give you the choice of when to install them.

    Some security experts tell you to turn off automatic updates because a connection to a server is an open line through which hackers can invade your computer. But turning off auto-update closes one door while leaving untold numbers of others wide open. Who are you kidding? You're not going to remember to check for updates manually on a regular basis. You'll let it slide until your software is so outdated it contains dozens of vulnerabilities. Leave auto-update on and let the software remember for you.

    _Third, you can check all the software on your computer for vulnerabilities using something like the Secunia Personal Software Inspector (PSI). This free program comes from a trusted security site, and scans your software for known vulnerabilities. It will tell you which programs need updating and provide links to sites where you can download patches.

    I ran PSI while researching the issue of software security, and I was very surprised by the results. I have security software in place, and I thought I was keeping up with all my patches. I felt pretty confident about the security of my computer. But PSI flagged Adobe Reader, Flash, Skype, iTunes, QuickTime, Java and a few others as needing updates. At least SIX of the vulnerabilities were marked Critical, meaning that under certain circumstances, an Evil Hacker could exploit them to gain complete control over my computer. Yikes.

    Bottom line... the software you use every day is the biggest source of danger to your personal information. Keeping your software up to date is your best defense. You cannot afford to let vulnerabilities go unpatched.


  • Make Internet Explorer More Secure
    You are using Internet Explorer, Therefore please read and follow the recommendations at this SITE
  • Backup regularly.
    You never know when your PC will become unstable or get infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.
    Alternatively, you can use 3rd-party programs to back up your data. It can be found at Bleeping Computer.

  • To stay secure is to stay updated.
    Calendar of Updates.

=============================***=============================


Recommended Programs:

To help protect your computer in the future I would recommend the download and installation of some or all of the following free programs (if not already present), and the updating of them on a regular basis:.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • McAfee Site Advisor --free version.
    To give you an indication of which sites may contain bad links or suspect downloads. It loads an icon to the taskbar of your browser (versions for IE and Firefox), As you browse, a small button on your browser toolbar changes color based on SiteAdvisor's safety results indicating the trustworthiness of the site you are on. Green for safe and Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site. It also gives the same colour indications in the results page when you do a Google search, making it easier to decide which sites are safe to visit. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Safety ratings from McAfee SiteAdvisor appear next to search results. Works with Google, Yahoo!, Live Search, AOL or ASK.
    This is a utility that can be downloaded and installed it from: HERE
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
  • Posted Image TFC: (Temp File Cleaner) Good temp file cleaner that could do the job safely and without removing files that are crucial to windows.
    TFC will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    (TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
    You can download this utility from: HERE
    NOTE:
    _It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • Posted ImageMalwarebytes' Anti-Malware or SuperAntiSpyware
    These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
    You can download SuperAntiSpyware from HERE.
  • Hosts File - Hosts file is one such file that can be used to replace the Hosts file on your computer and help you to avoid accidentally visiting known nasty web sites.
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:

    Stop and Disable the DNS Client Service
    Go to Start, Run and type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK

    Prevention:
    The Hosts file can be made read only and monitored for changes, or attempted changes. Programs such as >WinPatrol< do this very well.

    Cure:
    If your Hosts file becomes infected, it can be reset by installing >HostsXpert<.
    • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
    • Double-click HostsXpert.exe to run the program.
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click "Restore Microsoft's Hosts file" and then click "OK".
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera
  • ERUNT (Emergency Recovery Utility NT):
    This utility allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    You can get this utility from: HERE and instructions how to Practice "Safe Computer" with regular automated Registry Backups with ERUNT from: HERE
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

Please take your time to read: "Grinler's list in how to Practice Safe Internet":

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

To find out more information about how you got infected in the first place? and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

That's it, happy surfing!

Cheers,
Net_Surfer


Stay clean and be safe :(

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:39 AM

Posted 25 October 2009 - 10:15 AM

Hello Aphillios,

Thank you for posting back. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users