Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijackthis Log

Started by Chiko , Sep 10 2007 09:36 PM

  • Please log in to reply

#1
Chiko
Posted 10 September 2007 - 09:36 PM

Chiko

    New Member

  • Member
  • Pip
  • 3 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:35:32 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\SQ931STI.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\gmer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midrivers.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WebCamSuite2] "C:\Program Files\BestOn\WebCam Suite 2.0\WebCamSuite2.exe" -plugin "E:"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
SNOWHITE
Posted 10 September 2007 - 10:35 PM

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hello Chiko,

Step #1

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Step #2

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Post back with dss scan reports main.txt and extra.txt, GMER scan report.

Regards,
  • 0

#3
Chiko
Posted 10 September 2007 - 11:13 PM

Chiko

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I did not get a Extra.txt or whatever file. And i can not log back into the chat server, i am being denied for some reason. But here is the DSS and The Gmer files

Deckard's System Scanner v20070905.67
Run by Owner on 2007-09-10 22:47:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-10 22:47:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\SQ931STI.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SoundMan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
D:\downloads\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midrivers.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SkyTel] SkyTel.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WebCamSuite2] "C:\Program Files\BestOn\WebCam Suite 2.0\WebCamSuite2.exe" -plugin "E:"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\Ctsvccda.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"


-- Files created between 2007-08-10 and 2007-09-10 -----------------------------

2007-09-10 21:31:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-09-10 21:31:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-10 17:23:50 0 d--hs---- C:\FOUND.012
2007-09-09 21:46:05 0 d-------- C:\Program Files\MSXML 6.0
2007-09-09 21:08:04 0 d--hs---- C:\FOUND.011
2007-09-09 21:04:56 151552 --a------ C:\WINDOWS\SQ931STI.exe <Not Verified; ; SnapTrap Application>
2007-09-09 21:04:55 28764 --a------ C:\WINDOWS\SQ931STI.dll <Not Verified; SQ Technology; >
2007-09-09 21:04:55 57344 --a------ C:\WINDOWS\SQ931Key.dll <Not Verified; SQ; SQ931STI>
2007-09-09 21:04:51 94208 --a------ C:\WINDOWS\PCCam.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2007-09-09 20:36:35 176 -ra------ C:\WINDOWS\system32\drivers\RTHDAEQ0.dat
2007-09-09 20:21:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-09-09 19:58:47 0 d-------- C:\Program Files\MSBuild
2007-09-09 19:53:41 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-09-09 19:52:41 0 d-------- C:\Program Files\Reference Assemblies
2007-09-09 19:50:12 0 d-------- C:\WINDOWS\network diagnostic
2007-09-09 17:07:52 0 d--hs---- C:\FOUND.010
2007-09-09 16:40:18 0 d--hs---- C:\FOUND.009
2007-09-09 15:40:02 0 d--hs---- C:\FOUND.008
2007-09-09 15:36:07 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-09-09 15:20:14 0 d--hs---- C:\FOUND.007
2007-09-09 15:12:16 0 d-------- C:\Program Files\BestOn
2007-09-08 21:05:22 0 d--hs---- C:\FOUND.006
2007-09-08 00:00:55 398416 --a------ C:\WINDOWS\vbrun300.dll <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2007-09-07 21:10:32 0 d--hs---- C:\FOUND.005
2007-09-06 20:06:54 0 d-------- C:\Program Files\Common Files\xing shared
2007-09-06 20:04:43 0 d-------- C:\Program Files\Real
2007-09-06 20:04:38 0 d-------- C:\Program Files\Common Files\Real
2007-09-06 20:04:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-09-02 01:21:26 0 d-------- C:\Program Files\Google
2007-09-02 01:21:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-08-28 21:24:42 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-08-28 21:24:39 0 d-------- C:\Program Files\MySpace
2007-08-27 12:23:44 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-08-17 19:54:00 0 d-------- C:\Program Files\Orban
2007-08-17 19:28:12 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2007-08-17 19:24:39 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-08-17 19:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-17 18:54:23 0 d-------- C:\Program Files\ReadWrite Hiragana
2007-08-10 19:45:48 0 d--hs---- C:\FOUND.004
2007-08-10 17:56:58 0 d--hs---- C:\FOUND.003


-- Find3M Report ---------------------------------------------------------------

2007-09-10 20:56:36 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-09-09 20:13:24 51848 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-07-26 17:06:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 17:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-26 17:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-26 17:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 17:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 17:03:38 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-26 17:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-20 18:50:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2007-07-20 18:49:18 0 d-------- C:\Program Files\SlowBlast
2007-07-20 18:27:30 0 --a------ C:\WINDOWS\olx98NT.sys
2007-07-20 17:56:44 0 d-------- C:\Program Files\webHancer
2007-07-18 21:33:46 556 --a------ C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2007-07-18 21:33:46 374 --a------ C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2007-07-18 21:33:46 18432 --a------ C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2007-07-12 10:39:44 0 d-------- C:\Program Files\Transparent
2007-07-11 11:01:16 1990 --a------ C:\WINDOWS\mozver.dat
2007-07-11 11:01:02 0 d-------- C:\Program Files\DivX
2007-07-10 11:40:06 0 d-------- C:\Program Files\Windows Media Connect 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [08/30/1999 01:55 AM]
"SkyTel"="SkyTel.EXE" [07/19/2006 09:42 AM C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [07/19/2006 09:41 AM]
"SQ931STI"="C:\WINDOWS\SQ931STI.EXE" [01/24/2007 02:24 PM]
"AGRSMMSG"="AGRSMMSG.exe" [12/13/2005 09:50 PM C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [07/19/2006 09:42 AM C:\WINDOWS\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [07/19/2006 09:42 AM C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [07/19/2006 09:41 AM C:\WINDOWS\alcwzrd.exe]
"Alcmtr"="ALCMTR.EXE" [07/19/2006 09:41 AM C:\WINDOWS\Alcmtr.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"WebCamSuite2"="C:\Program Files\BestOn\WebCam Suite 2.0\WebCamSuite2.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMixer]
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]
C:\Program Files\Creative\News\NewsUpd.EXE /q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQ931STI]
C:\WINDOWS\SQ931STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\EZInstaller.exe

*Newly Created Service* - AVG_ANTI-ROOTKIT
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - AVG_CLEAN_DRIVER
*Newly Created Service* - GMER



-- End of Deckard's System Scanner: finished at 2007-09-10 22:48:22 ------------



GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-10 23:12:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT 82847130 ZwAlertResumeThread
SSDT 828831D0 ZwAlertThread
SSDT 828798A0 ZwAllocateVirtualMemory
SSDT 82741218 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT 828C7F50 ZwCreateMutant
SSDT 826ED8A0 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT 82884EF8 ZwFreeVirtualMemory
SSDT 827BA560 ZwImpersonateAnonymousToken
SSDT 82865118 ZwImpersonateThread
SSDT 8289FD40 ZwMapViewOfSection
SSDT 8275CF50 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 8285B0E8 ZwOpenProcessToken
SSDT 825660E8 ZwOpenThreadToken
SSDT 826D0150 ZwQueryValueKey
SSDT 82772B98 ZwResumeThread
SSDT 8256A0E8 ZwSetContextThread
SSDT 8281FEF8 ZwSetInformationProcess
SSDT 8256B0E8 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT 827BFF50 ZwSuspendProcess
SSDT 827B3008 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 827C0008 ZwTerminateThread
SSDT 8289F5F0 ZwUnmapViewOfSection
SSDT 8270FBB0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[2616] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe

Device \FatCdrom IRP_MJ_CREATE [F8275C8A] Fastfat.sys
Device \FatCdrom IRP_MJ_CLOSE [F82727C8] Fastfat.sys
Device \FatCdrom IRP_MJ_READ [F826E60A] Fastfat.sys
Device \FatCdrom IRP_MJ_WRITE [F826EAED] Fastfat.sys
Device \FatCdrom IRP_MJ_QUERY_INFORMATION [F8279958] Fastfat.sys
Device \FatCdrom IRP_MJ_SET_INFORMATION [F827C821] Fastfat.sys
Device \FatCdrom IRP_MJ_QUERY_EA [F828538A] Fastfat.sys
Device \FatCdrom IRP_MJ_SET_EA [F8284D49] Fastfat.sys
Device \FatCdrom IRP_MJ_FLUSH_BUFFERS [F827EBBE] Fastfat.sys
Device \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION [F827F331] Fastfat.sys
Device \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION [F828D4F4] Fastfat.sys
Device \FatCdrom IRP_MJ_DIRECTORY_CONTROL [F8275B37] Fastfat.sys
Device \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL [F8271948] Fastfat.sys
Device \FatCdrom IRP_MJ_DEVICE_CONTROL [F827B46B] Fastfat.sys
Device \FatCdrom IRP_MJ_SHUTDOWN [F828C79D] Fastfat.sys
Device \FatCdrom IRP_MJ_LOCK_CONTROL [F828BC4A] Fastfat.sys
Device \FatCdrom IRP_MJ_CLEANUP [F82722FD] Fastfat.sys
Device \FatCdrom IRP_MJ_PNP [F828C1DB] Fastfat.sys
Device \FatCdrom FastIoCheckIfPossible [F82871F9] Fastfat.sys
Device \FatCdrom FastIoQueryBasicInfo [F8276646] Fastfat.sys
Device \FatCdrom FastIoQueryStandardInfo [F8276405] Fastfat.sys
Device \FatCdrom FastIoLock [F827C9F3] Fastfat.sys
Device \FatCdrom FastIoUnlockSingle [F827F518] Fastfat.sys
Device \FatCdrom FastIoUnlockAll [F828B929] Fastfat.sys
Device \FatCdrom FastIoUnlockAllByKey [F828BA21] Fastfat.sys
Device \FatCdrom FastIoQueryNetworkOpenInfo [F828728E] Fastfat.sys
Device \FatCdrom AcquireForCcFlush [F828C4A6] Fastfat.sys
Device \FatCdrom ReleaseForCcFlush [F828C51F] Fastfat.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [F7D75A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [F7D75A30] SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [A74DC570] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [A74DC570] SYMTDI.SYS

Device \Device\LanmanRedirector IRP_MJ_CREATE [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CLOSE [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_READ [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_WRITE [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_INFORMATION [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_EA [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_EA [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SHUTDOWN [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CLEANUP [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_SECURITY [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_POWER [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_QUOTA [A7384189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_PNP [A7384189] mrxsmb.sys
Device \Fat IRP_MJ_CREATE [F8275C8A] Fastfat.sys
Device \Fat IRP_MJ_CLOSE [F82727C8] Fastfat.sys
Device \Fat IRP_MJ_READ [F826E60A] Fastfat.sys
Device \Fat IRP_MJ_WRITE [F826EAED] Fastfat.sys
Device \Fat IRP_MJ_QUERY_INFORMATION [F8279958] Fastfat.sys
Device \Fat IRP_MJ_SET_INFORMATION [F827C821] Fastfat.sys
Device \Fat IRP_MJ_QUERY_EA [F828538A] Fastfat.sys
Device \Fat IRP_MJ_SET_EA [F8284D49] Fastfat.sys
Device \Fat IRP_MJ_FLUSH_BUFFERS [F827EBBE] Fastfat.sys
Device \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F827F331] Fastfat.sys
Device \Fat IRP_MJ_SET_VOLUME_INFORMATION [F828D4F4] Fastfat.sys
Device \Fat IRP_MJ_DIRECTORY_CONTROL [F8275B37] Fastfat.sys
Device \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F8271948] Fastfat.sys
Device \Fat IRP_MJ_DEVICE_CONTROL [F827B46B] Fastfat.sys
Device \Fat IRP_MJ_SHUTDOWN [F828C79D] Fastfat.sys
Device \Fat IRP_MJ_LOCK_CONTROL [F828BC4A] Fastfat.sys
Device \Fat IRP_MJ_CLEANUP [F82722FD] Fastfat.sys
Device \Fat IRP_MJ_PNP [F828C1DB] Fastfat.sys
Device \Fat FastIoCheckIfPossible [F82871F9] Fastfat.sys
Device \Fat FastIoQueryBasicInfo [F8276646] Fastfat.sys
Device \Fat FastIoQueryStandardInfo [F8276405] Fastfat.sys
Device \Fat FastIoLock [F827C9F3] Fastfat.sys
Device \Fat FastIoUnlockSingle [F827F518] Fastfat.sys
Device \Fat FastIoUnlockAll [F828B929] Fastfat.sys
Device \Fat FastIoUnlockAllByKey
  • 0

#4
SNOWHITE
Posted 11 September 2007 - 06:50 PM

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hello Chiko,

You can fix the next entry with HijackThis:

Re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

webHancer

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\webHancer <- This folder

I did not get a Extra.txt or whatever file. And i can not log back into the chat server, i am being denied for some reason. But here is the DSS and The Gmer files


Click start > Run > copy&paste this into the empty editbox"%userprofile%/desktop/dss.exe" /config
Press OK button, from the dialog box press the Check All button then click on Scan!

When the scan is done, a notepad will open post the contents of it back here the name of it its main.txt , also another notepad will be minimized post the contents of it back here -> extra.txt.

The Gmer report is missing part, can you please post the whole report? You might need to post the reports in more replies if they don't fit in one.

Regards,
  • 0

#5
Chiko
Posted 11 September 2007 - 11:29 PM

Chiko

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Snowhite! Thank you so much for all youve done! I decided to buckle down and call tech support, they told me how to complreatly reinstall my computer - which i did. And it fixed everything. Me being stupid decided to try once more to install that webcam to see if indeed it was that causeing the problems. It was. My compute ris now totally crashed again and i must re-reinstall everything AGAIN. I sent th webcam people a email tonight. i hope to head back from them. The Webcam was the MI Zoom 2.0 Webcam for notebooks. Grr. Again, thank you for your time Snowhite, i much appriciate it!
  • 0

#6
SNOWHITE
Posted 12 September 2007 - 11:11 AM

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts

Hi Snowhite! Thank you so much for all youve done! I decided to buckle down and call tech support, they told me how to complreatly reinstall my computer - which i did. And it fixed everything. Me being stupid decided to try once more to install that webcam to see if indeed it was that causeing the problems. It was. My compute ris now totally crashed again and i must re-reinstall everything AGAIN. I sent th webcam people a email tonight. i hope to head back from them. The Webcam was the MI Zoom 2.0 Webcam for notebooks. Grr. Again, thank you for your time Snowhite, i much appriciate it!


Hello Chiko,

Thanks for letting us know that you have resolved the problem :help:

I will keep your thread open for a couple of days, should you have any questions, please feel free to ask. :blink:
  • SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Select the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Select Custom Level .
  • Change 'Download signed ActiveX controls' to Prompt
  • Change 'Download unsigned ActiveX controls' to Disable
  • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
  • Change 'Installation of desktop items' to Prompt
  • Change 'Launching programs and files in an IFRAME' to Prompt
  • Change 'Navigate sub-frames across different domains' to Prompt
  • When all these changes have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
[*] Select OK to exit the Internet Properties page.
[/list]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see this link:
Understanding and Using Firewalls



SPYWAREBLASTER
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here:
http://www.bleepingcomputer.com/forums/tutorial49.html


IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here:
http://www.spywarewarrior.com/uiuc/resource.htm


COMODO BOClean
BOClean runs automatically in the background without interfering with your work and kills malwares INSTANTLY the moment they activate without giving them the chance to invade your machine. A tutorial on installing this product can be found here:
http://www.comodo.com/boclean/boclean.html


WINPATROL
Download and install the free version of Winpatrol. A tutorial for this product is located here:
http://www.winpatrol.com/features.html

A-SQUARED Anti-Dialer
This is a free program that provides defense against Dialers, scans the harddisk and provides a permanent background guard protection against new Dialer infections.
"Dialers are small programs that change the Internet access number of a modem-equipped computer to a much more expensive number"
To understand this treat better read this article The Dialer-Problem in Detail. a-squared Anti-Dialer can be downloaded at the following link:
http://download5.emsisoft.com/a2AntiDialerSetup.exe

A-SQUARED Free
This program is completely free of charge for private use, it removes infections of Trojans, Spyware, Adware, Worms, Keyloggers, Rootkits, Dialers and other malicious programs. It can be downloaded at the following link:
http://www.emsisoft.com/en/software/free

SUPERAntiSpyware Home Edition
Another effective program for helping remove some of the more difficult infections.
http://www.superantispyware.com/downloadfile.html
  • More Secure Browser - Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, and Opera
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

See these links for more information:

Foistware & How To Avoid It
Browser Hijacking & How to Stop It
Rogue/Suspect Anti-Spyware Products & Web Sites
So how did I get infected in the first place?


Happy surfing and stay clean! :whistling:


Best regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP