Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTP Tidserve Request.


  • Please log in to reply
10 replies to this topic

#1 yanluo

yanluo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 15 May 2010 - 06:41 AM

I recently was infected by the AntiVirus 2009 virus which I managed to get rid of with a combination of rkill and removing system and startup processes. Now it seems that whenever I use Firefox I am bombarded by Norton informing me of a attempted attack from a localhost in the nature of "HTTP Tidserve Request".



I am not that computer literate and I would like with some help, to be able to remove this annoying notification. It is to my knowledge that these root-kits are dangerous, and as such it is in my best interest to fix my computer ASAP.

For any help that you give me, you will have my greatest thanks.

BC AdBot (Login to Remove)

 


#2 yanluo

yanluo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 15 May 2010 - 09:38 AM

Following the guide of another forum, I have gotten a log from a utility called GMER. It is a rootkit scanner apparently. I will post it here if it is any help. I have a MalwareBytes AM Log coming along too.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 00:30:42
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\fwlcapow.sys


---- System - GMER 1.0.15 ----

SSDT 9096D268 ZwAlertResumeThread
SSDT 9096D328 ZwAlertThread
SSDT 9097EE28 ZwAllocateVirtualMemory
SSDT 908A74F0 ZwAlpcConnectPort
SSDT 90991220 ZwCreateMutant
SSDT 909FFF58 ZwCreateThread
SSDT 90969198 ZwDebugActiveProcess
SSDT 90924430 ZwFreeVirtualMemory
SSDT 909912F0 ZwImpersonateAnonymousToken
SSDT 909913B0 ZwImpersonateThread
SSDT 90973C60 ZwMapViewOfSection
SSDT 909693D8 ZwOpenEvent
SSDT 90E5B910 ZwOpenProcessToken
SSDT 90969258 ZwOpenSection
SSDT 909FF210 ZwOpenThreadToken
SSDT 9099D960 ZwResumeThread
SSDT 909FF150 ZwSetContextThread
SSDT 90924090 ZwSetInformationProcess
SSDT 90972D08 ZwSetInformationThread
SSDT 90969318 ZwSuspendProcess
SSDT 9096D430 ZwSuspendThread
SSDT 90974B80 ZwTerminateProcess
SSDT 90972C48 ZwTerminateThread
SSDT 90924008 ZwUnmapViewOfSection
SSDT 9097ED98 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202FCD0
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202F0E8
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202F3D8
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201BAA4
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201B01C
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202F1C0
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202FB40
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202F6D4
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82030100
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8203036C

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 82103A14 8 Bytes [68, D2, 96, 90, 28, D3, 96, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 82103A28 4 Bytes [28, EE, 97, 90] {SUB DH, CH; XCHG EDI, EAX; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 370 82103A34 4 Bytes [F0, 74, 8A, 90]
.text ntkrnlpa.exe!KeSetTimerEx + 428 82103AEC 4 Bytes [20, 12, 99, 90] {AND [EDX], DL; CDQ ; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 454 82103B18 4 Bytes [58, FF, 9F, 90]
.text ...
.rsrc C:\Windows\system32\DRIVERS\compbatt.sys entry point in ".rsrc" section [0x8071D314]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E80F340, 0x3EE587, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] kernel32.dll!FindResourceExA 768208DD 7 Bytes JMP 2806C4C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] kernel32.dll!FindResourceA 768209A5 5 Bytes JMP 2806C430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] kernel32.dll!CreateEventA 76834AD8 5 Bytes JMP 2806BF90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] kernel32.dll!LockResource 76837F1F 5 Bytes JMP 2806C670 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] kernel32.dll!FindResourceExW 7683813B 7 Bytes JMP 2806C3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] kernel32.dll!LoadResource 76838213 7 Bytes JMP 2806C550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] kernel32.dll!FindResourceW 768397C7 5 Bytes JMP 2806C330 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] kernel32.dll!SizeofResource 768397E5 7 Bytes JMP 2806C600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] ADVAPI32.dll!CryptDeriveKey 76BEE6F6 7 Bytes JMP 2806BAA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] ADVAPI32.dll!CryptDecrypt 76BEE8D9 7 Bytes JMP 2806BB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!SetWindowPlacement 76B479BB 5 Bytes JMP 2806FB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!SetWindowRgn 76B495E2 7 Bytes JMP 2806FBD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!LoadImageW 76B4D61D 5 Bytes JMP 280702E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!LoadIconW 76B4EC94 5 Bytes JMP 28070460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!CreateWindowExW 76B53D67 5 Bytes JMP 2806DB70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!GetWindowLongW 76B5F67F 7 Bytes JMP 28070590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!PeekMessageW 76B5FD9F 5 Bytes JMP 2806E590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!TrackPopupMenuEx 76B70F4D 5 Bytes JMP 2806EC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!CreateDialogParamW 76B71C58 5 Bytes JMP 2806FC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] USER32.dll!MessageBoxIndirectW 76B9D56B 5 Bytes JMP 2806FE80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] SHELL32.dll!Shell_NotifyIconW 75CDC808 5 Bytes JMP 2806D260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] ole32.dll!CoRegisterClassObject 76E945AC 5 Bytes JMP 2806C9D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] ole32.dll!CoInitializeEx 76ECB89A 5 Bytes JMP 2806C8D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] ole32.dll!CoCreateInstance 76ECE188 5 Bytes JMP 2806CC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] WININET.dll!HttpSendRequestA 771A0F35 5 Bytes JMP 280738A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] WININET.dll!HttpOpenRequestA 771A54E6 5 Bytes JMP 280736A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] WININET.dll!InternetCloseHandle 771AAE0B 5 Bytes JMP 28073940 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1008] WININET.dll!InternetReadFile 771AEE5F 5 Bytes JMP 28073800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtProtectVirtualMemory 772C8968 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtWriteVirtualMemory 772C92A8 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!KiUserExceptionDispatcher 772C99E8 5 Bytes JMP 0019000A
.text C:\Windows\Explorer.EXE[2728] ntdll.dll!NtProtectVirtualMemory 772C8968 5 Bytes JMP 007C000A
.text C:\Windows\Explorer.EXE[2728] ntdll.dll!NtWriteVirtualMemory 772C92A8 5 Bytes JMP 007D000A
.text C:\Windows\Explorer.EXE[2728] ntdll.dll!KiUserExceptionDispatcher 772C99E8 5 Bytes JMP 007B000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000081 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000083 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\iaStor \Device\Harddisk0\DR0 85992CEC

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c7cfff
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243c7cfff (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\DRIVERS\compbatt.sys suspicious modification
File C:\Windows\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----




This was run according to the settings posted here:

http://www.geekstogo.com/forum/Malware-Spy...uide-t2852.html

#3 yanluo

yanluo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 15 May 2010 - 10:33 AM

The MBAM scan failed. I ran an OTL scan with the OTL.log included. However, for some reason the Extras.log was not generated. This program was availiable from here: http://www.geekstogo.com/forum/Malware-Spy...uide-t2852.html

I am posting the log here (Or what I can of the log) and I will head off to bed. I hope that the information that I have given can give a headstart into the diagnosis and resolution of my problem. smile.gif

OTL logfile created on: 16/05/2010 1:06:30 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Lukas\Documents\AV
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 166.56 Gb Free Space | 71.52% Space Free | Partition Type: NTFS
Drive D: | 223.11 Gb Total Space | 219.08 Gb Free Space | 98.19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUKAS-PC
Current User Name: Lukas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/16 00:33:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Documents\AV\OTL.exe
PRC - [2010/04/13 08:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 01:23:09 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/02/01 21:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 21:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/14 08:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/11/09 15:17:35 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/09/05 10:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
PRC - [2008/08/27 13:15:14 | 000,200,704 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/08/01 08:00:58 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008/08/01 07:42:26 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/07/30 11:34:34 | 001,845,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/07/30 11:34:34 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/24 20:16:01 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/19 13:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/07/16 05:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008/07/16 05:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/06/25 13:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008/06/24 14:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/20 06:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
PRC - [2008/06/18 16:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/06/04 11:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008/02/10 03:05:59 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
PRC - [2008/02/10 03:05:59 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/02/10 03:05:59 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
PRC - [2008/01/30 23:54:59 | 001,279,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\pifCrawl.exe
PRC - [2008/01/24 04:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/01/12 16:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007/12/01 05:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/05 13:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/03 15:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/16 05:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 18:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/04 06:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/07/06 10:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/02/23 00:32:29 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe
PRC - [2007/01/23 22:15:13 | 000,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2007/01/23 22:00:33 | 000,661,024 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
PRC - [2005/07/07 09:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 00:33:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Documents\AV\OTL.exe
MOD - [2008/07/30 11:33:52 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll
MOD - [2008/01/21 12:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 12:21:54 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 01:23:09 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/04/01 00:48:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/09 13:14:49 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 10:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/10 03:05:59 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/21 12:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 15:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/22 11:20:59 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/08/08 18:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/04 06:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/02/23 00:32:29 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 18:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100514.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 18:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100514.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/26 19:17:59 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/29 07:35:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/29 07:35:30 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/05 18:07:54 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100510.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/03 13:23:58 | 000,015,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/08/06 18:26:07 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/05 04:30:24 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/25 18:30:59 | 007,547,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/24 20:03:45 | 002,158,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/09 19:16:21 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/06/26 08:30:49 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/06/25 15:05:05 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/06/03 16:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/30 04:21:02 | 000,015,416 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2008/05/13 23:02:25 | 000,017,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/05/13 23:02:23 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/05/07 19:40:01 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/01 17:13:57 | 001,807,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/02/16 11:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/02/01 04:50:59 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/02/01 04:50:59 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/02/01 04:50:59 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/31 20:40:09 | 000,443,904 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2008/01/29 12:46:57 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/01/21 12:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 12:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 12:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 12:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 12:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 12:21:34 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/21 12:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 12:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 12:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 12:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 12:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 12:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 12:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 12:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 12:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 12:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 12:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 12:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 12:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 12:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 12:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 12:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 12:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 12:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 12:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 12:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 20:12:47 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/09 03:38:59 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/08/03 14:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/31 05:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/31 04:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/25 05:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/01/23 22:07:29 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/12/14 17:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS
IE - HKLM\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Program Files\WebGoRadio\tbWebG.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wyzostart.com/?cfg=2-47-0-16iB6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Program Files\WebGoRadio\tbWebG.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/24 18:30:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 18:30:56 | 000,000,000 | ---D | M]

[2010/04/01 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mozilla\Extensions
[2010/04/01 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/15 21:41:20 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\extensions
[2010/04/22 18:36:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/05 20:35:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/05 20:32:44 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/04/01 10:46:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/05 20:42:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/13 17:58:30 | 000,001,745 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\searchplugins\ask.uk.xml
[2010/05/14 11:20:51 | 000,002,746 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\searchplugins\ebaycomau.xml
[2010/05/14 21:38:55 | 000,002,018 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\searchplugins\romulation-rom-search.xml
[2010/05/09 19:55:42 | 000,002,057 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\lbiroiku.default\searchplugins\youtube-video-search.xml
[2010/05/15 21:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/01/14 08:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/15 22:02:28 | 000,395,253 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 13650 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (WebGoRadio Toolbar) - {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Program Files\WebGoRadio\tbWebG.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (WebGoRadio Toolbar) - {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Program Files\WebGoRadio\tbWebG.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WebGoRadio Toolbar) - {C434BC3F-1A2A-4E73-98BB-8F99E454897A} - C:\Program Files\WebGoRadio\tbWebG.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [Microsoft Pinyin IME Migration] C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: edu.au ([wlan-bnk.uws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: edu.au ([wlan-pta.uws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {08496B45-6BB1-4F92-A8E6-B9E7978634CB} https://wlan-bnk.uws.edu.au/nortel_cacheable/TrustSite.cab (Trustsite Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} https://wlan-bnk.uws.edu.au/nortel_cacheable/NetDirect.cab (NetDirect)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.195.193 61.9.194.49
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 12:32:53 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/15 23:34:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/15 23:25:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/15 23:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/15 23:14:30 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Documents\TFC.exe
[2010/05/15 23:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/15 21:37:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Virus Fix
[2010/05/15 19:33:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2010/05/15 19:33:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/15 19:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/15 19:33:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/15 19:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/15 19:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/15 19:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/15 19:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/15 19:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/15 19:10:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/15 19:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/15 19:04:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\AV
[2010/05/15 19:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/05/15 19:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/05/15 19:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/05/15 18:33:51 | 000,390,656 | ---- | C] (iS3, Inc.) -- C:\Users\Lukas\Documents\STOPzilla_Setup.exe
[2010/05/15 18:23:00 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\ktsaekyuy
[2010/05/15 18:13:22 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Roaming\ms-drivers
[2010/05/15 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\wc
[2010/05/15 18:13:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Universe Sandbox
[2010/05/15 18:13:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Universe Sandbox
[2010/05/15 18:13:13 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Roaming\wyUpdate AU
[2010/05/15 18:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Universe Sandbox
[2010/05/14 23:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/05/14 23:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
[2010/05/14 23:05:31 | 010,439,100 | ---- | C] (EffectMatrix Inc. ) -- C:\Users\Lukas\Documents\setup.exe
[2010/05/14 23:05:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\crack
[2010/05/14 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\EMULATION
[2010/05/14 21:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/05/14 21:13:35 | 000,000,000 | ---D | C] -- C:\Users\Lukas\dwhelper
[2010/05/14 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/05/14 21:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/05/14 21:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/13 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\FIGHT
[2010/05/13 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Vuze Downloads
[2010/05/13 18:03:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Azureus
[2010/05/13 18:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010/05/13 18:02:20 | 008,462,272 | ---- | C] (Vuze Inc.) -- C:\Users\Lukas\Documents\Vuze_Installer.exe
[2010/05/13 17:58:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Radical Software Ltd
[2010/05/13 17:58:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Radical Software Ltd
[2010/05/13 17:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Wyzo
[2010/05/13 17:54:40 | 011,334,298 | ---- | C] (Radical Software Ltd) -- C:\Users\Lukas\Documents\WyzoSetup-3.5.6.exe
[2010/05/13 17:48:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Zumba het complete Pakket! 3 DVD S
[2010/05/13 16:12:48 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\ILLUSTRATOR
[2010/05/12 22:04:36 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\VIDEOS
[2010/05/11 20:35:51 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Language studies
[2010/05/10 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\New Folder
[2010/05/10 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\bThanks.asp_files
[2010/05/08 17:38:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\ARTICLE
[2010/05/07 11:10:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Warzone 2100 2.2
[2010/05/06 23:59:04 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\ForSachiko
[2010/05/06 23:03:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\ADOBE
[2010/05/06 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\DFH
[2010/05/06 19:17:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2010/05/06 19:17:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2010/05/06 19:17:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2010/05/06 19:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/05/06 19:05:20 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/05/06 19:05:20 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010/05/06 18:59:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\GAMES
[2010/05/06 18:40:22 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\GrabPro
[2010/05/06 18:40:22 | 000,000,000 | ---D | C] -- C:\downloads
[2010/05/06 18:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2010/05/06 18:40:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Orbit
[2010/05/06 18:38:54 | 002,590,584 | ---- | C] (www.orbitdownloader.com ) -- C:\Users\Lukas\Documents\OrbitDownloaderSetup.exe
[2010/05/06 16:29:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Apps
[2010/05/06 16:29:04 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Deployment
[2010/05/05 00:04:12 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\CutePDF Writer
[2010/05/01 00:53:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\MOVIE COVERS
[2010/05/01 00:47:55 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Collectorz.com
[2010/05/01 00:47:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Movie Collector
[2010/05/01 00:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/01 00:43:30 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\uTorrent
[2010/05/01 00:43:17 | 000,321,328 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Lukas\Documents\utorrent.exe
[2010/04/29 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\MARKED
[2010/04/29 12:40:37 | 002,228,534 | ---- | C] ( ) -- C:\Users\Lukas\Documents\audacity-win-1.2.6.exe
[2010/04/27 00:07:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\EndNote
[2010/04/27 00:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2010/04/27 00:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2010/04/27 00:05:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2010/04/27 00:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X3
[2010/04/27 00:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2010/04/26 23:57:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Endnote_Styles_RefTypes
[2010/04/25 02:12:09 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\DivX
[2010/04/25 02:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/04/25 02:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/25 02:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/25 02:00:47 | 001,180,952 | ---- | C] (DivX, Inc. ) -- C:\Users\Lukas\Documents\DivXInstaller.exe
[2010/04/24 18:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/04/24 18:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/04/24 18:30:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Winamp
[2010/04/24 18:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/04/24 18:29:12 | 010,798,496 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Lukas\Documents\winamp5572_full_emusic-7plus_en-us.exe
[2010/04/20 18:10:06 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/04/20 17:17:40 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/03 10:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/04/03 10:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/04/03 10:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/03 10:32:40 | 003,479,328 | ---- | C] (Acro Software Inc. ) -- C:\Users\Lukas\Documents\CuteWriter.exe
[2010/04/03 09:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/04/03 09:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\WebGoRadio
[2010/04/02 21:16:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Shoop
[2010/04/02 19:05:40 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org
[2010/04/02 18:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/02 18:47:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
[2010/04/01 21:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/04/01 20:22:27 | 000,046,592 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2010/04/01 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\ROMS
[2010/04/01 19:10:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\LimeWire
[2010/04/01 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\LimeWire
[2010/04/01 18:37:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\My Received Files
[2010/04/01 18:37:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\My Chat Logs
[2010/04/01 18:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/04/01 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/04/01 18:24:07 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Tracing
[2010/04/01 18:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/01 18:23:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/04/01 18:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/01 18:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/01 18:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/01 14:27:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Microsoft Games
[2010/04/01 10:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/04/01 10:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/04/01 09:31:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2010/04/01 09:16:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Macromedia
[2010/04/01 08:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/01 08:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/01 08:41:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/01 08:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/01 01:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/01 01:27:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Microsoft Help
[2010/04/01 01:05:09 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\CyberLink
[2010/04/01 00:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/04/01 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Mozilla
[2010/04/01 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Mozilla
[2010/04/01 00:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/01 00:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/01 00:51:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Google
[2010/04/01 00:50:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\UNIVERSITY 2010
[2010/04/01 00:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/01 00:47:17 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Adobe
[2010/04/01 00:36:51 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\ASUS
[2010/04/01 00:36:41 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\ASUS
[2010/04/01 00:21:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Bluetooth Software
[2010/04/01 00:21:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Bluetooth Exchange Folder
[2010/04/01 00:21:40 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\My Google Gadgets
[2010/04/01 00:21:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Google
[2010/04/01 00:21:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Power2Go
[2010/04/01 00:21:23 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Protector Suite
[2010/04/01 00:21:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Infineon
[2010/04/01 00:21:09 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Symantec
[2010/04/01 00:20:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/01 00:20:43 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Searches
[2010/04/01 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Identities
[2010/04/01 00:20:35 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Contacts
[2010/04/01 00:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/04/01 00:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/04/01 00:18:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Seven Zip
[2010/04/01 00:17:25 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Adobe
[2010/04/01 00:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/01 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/01 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/01 00:14:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\VirtualStore
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\Temporary Internet Files
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Templates
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Start Menu
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\SendTo
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Recent
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\PrintHood
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\NetHood
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\My Videos
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\My Pictures
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\My Music
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\My Documents
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Local Settings
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\History
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Cookies
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Application Data
[2010/04/01 00:14:08 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\Application Data
[2010/04/01 00:14:07 | 000,000,000 | --SD | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft
[2010/04/01 00:14:07 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Videos
[2010/04/01 00:14:07 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Saved Games
[2010/04/01 00:14:07 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Pictures
[2010/04/01 00:14:07 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Music
[2010/04/01 00:14:07 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Links
[2010/04/01 00:14:07 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Favorites
[2010/04/01 00:14:07 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Downloads
[2010/04/01 00:14:07 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Desktop
[2010/04/01 00:14:07 | 000,000,000 | -H-D | C] -- C:\Users\Lukas\AppData
[2010/04/01 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Temp
[2010/04/01 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Microsoft
[2010/04/01 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Media Center Programs
[2010/04/01 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents
[2010/03/31 11:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/03/09 03:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/02/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\System
[2010/02/20 05:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivX.dll
[2010/02/20 05:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx_xx0c.dll
[2010/02/20 05:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx_xx07.dll
[2010/02/20 05:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx_xx0a.dll
[2010/02/20 05:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx_xx16.dll
[2010/02/20 05:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx_xx11.dll
[2008/06/03 16:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 90 Days ==========

[2010/05/16 01:18:26 | 006,291,456 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT
[2010/05/16 00:55:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 23:39:35 | 001,546,016 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/15 23:39:35 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/15 23:39:35 | 000,344,426 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/05/15 23:39:35 | 000,333,624 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/05/15 23:39:35 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/15 23:39:35 | 000,106,534 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/05/15 23:39:35 | 000,106,528 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/05/15 23:35:17 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/15 23:34:30 | 472,071,614 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/15 23:34:15 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/15 23:33:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/15 23:33:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/15 23:33:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/15 23:33:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/15 23:33:13 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/15 23:24:31 | 000,000,920 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/15 23:24:19 | 000,000,740 | ---- | M] () -- C:\Users\Lukas\Desktop\NTREGOPT.lnk
[2010/05/15 23:24:19 | 000,000,721 | ---- | M] () -- C:\Users\Lukas\Desktop\ERUNT.lnk
[2010/05/15 23:19:59 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/15 23:18:29 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 23:18:29 | 000,065,536 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/05/15 23:18:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/15 23:14:32 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Documents\TFC.exe
[2010/05/15 22:02:28 | 000,395,253 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/15 21:16:18 | 002,058,259 | -H-- | M] () -- C:\Users\Lukas\AppData\Local\IconCache.db
[2010/05/15 20:24:18 | 003,689,229 | ---- | M] () -- C:\Users\Lukas\Desktop\renamed.exe
[2010/05/15 19:58:40 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/05/15 19:33:42 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 19:15:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/15 19:12:00 | 000,001,062 | ---- | M] () -- C:\Users\Lukas\Desktop\Spybot - Search & Destroy.lnk
[2010/05/15 19:04:48 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/05/15 19:02:04 | 000,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/05/15 18:41:00 | 000,363,520 | ---- | M] () -- C:\Users\Lukas\Documents\rkill.exe
[2010/05/15 18:34:25 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Users\Lukas\Documents\STOPzilla_Setup.exe
[2010/05/15 18:12:39 | 000,001,805 | ---- | M] () -- C:\Users\Lukas\Desktop\Universe Sandbox.lnk
[2010/05/15 18:06:33 | 032,014,834 | ---- | M] () -- C:\Users\Lukas\Documents\universe-sandbox-setup.exe
[2010/05/15 13:10:07 | 000,038,912 | ---- | M] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 09:27:34 | 003,988,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/15 09:25:56 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/05/15 09:25:56 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/05/15 01:08:26 | 000,394,710 | ---- | M] () -- C:\Users\Lukas\Documents\Kiss an Angel.docx
[2010/05/14 23:30:02 | 000,113,264 | ---- | M] () -- C:\Users\Lukas\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/14 21:16:54 | 000,000,791 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100515-220228.backup
[2010/05/13 23:23:35 | 040,183,918 | ---- | M] () -- C:\Users\Lukas\Documents\doom A4 poster.psd
[2010/05/13 18:03:55 | 000,001,640 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/05/13 18:02:34 | 008,462,272 | ---- | M] (Vuze Inc.) -- C:\Users\Lukas\Documents\Vuze_Installer.exe
[2010/05/13 17:58:50 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/05/13 17:58:30 | 000,001,605 | ---- | M] () -- C:\Users\Lukas\Desktop\Wyzo.lnk
[2010/05/13 17:55:38 | 011,334,298 | ---- | M] (Radical Software Ltd) -- C:\Users\Lukas\Documents\WyzoSetup-3.5.6.exe
[2010/05/13 17:46:58 | 000,100,024 | ---- | M] () -- C:\Users\Lukas\Documents\Zumba_the_complete_package_3xDVD5_Retail_DD5.1.5414793.TPB.torrent
[2010/05/11 20:03:44 | 000,013,863 | ---- | M] () -- C:\Users\Lukas\Documents\Contract.docx
[2010/05/10 20:17:21 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Lukas.job
[2010/05/10 12:09:54 | 000,018,228 | ---- | M] () -- C:\Users\Lukas\Desktop\bThanks.asp.htm
[2010/05/10 12:06:29 | 000,560,910 | ---- | M] () -- C:\Users\Lukas\Desktop\Trip plan for the mostwonderful day.pdf
[2010/05/09 19:09:06 | 000,000,377 | ---- | M] () -- C:\Users\Lukas\Documents\Pictures - Shortcut.lnk
[2010/05/09 14:05:31 | 000,011,273 | ---- | M] () -- C:\Users\Lukas\Documents\CH1.docx
[2010/05/06 19:17:24 | 000,002,601 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2010/05/06 19:17:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys2.bmp
[2010/05/06 19:17:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys1.bmp
[2010/05/06 19:05:21 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/05/06 19:05:20 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010/05/06 19:05:20 | 000,000,663 | ---- | M] () -- C:\Users\Lukas\Desktop\Warzone 2100.lnk
[2010/05/06 18:56:33 | 000,000,647 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2010/05/06 18:55:55 | 004,998,707 | ---- | M] () -- C:\Users\Lukas\Documents\flvplayer_setup.exe
[2010/05/06 18:40:21 | 000,000,855 | ---- | M] () -- C:\Users\Lukas\Desktop\Orbit.lnk
[2010/05/06 18:39:06 | 002,590,584 | ---- | M] (www.orbitdownloader.com ) -- C:\Users\Lukas\Documents\OrbitDownloaderSetup.exe
[2010/05/06 12:49:01 | 000,022,207 | ---- | M] () -- C:\Users\Lukas\Documents\FRUSTRATION.docx
[2010/05/05 20:47:36 | 000,001,699 | ---- | M] () -- C:\Users\Lukas\Desktop\Notepad.lnk
[2010/05/05 00:04:15 | 000,109,531 | ---- | M] () -- C:\Users\Lukas\Documents\Checkout - Lulu.pdf
[2010/05/01 00:43:47 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/05/01 00:43:19 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Lukas\Documents\utorrent.exe
[2010/05/01 00:41:53 | 000,720,896 | ---- | M] () -- C:\Users\Lukas\Documents\DVD.accdb
[2010/05/01 00:35:52 | 000,202,693 | ---- | M] () -- C:\Users\Lukas\Documents\HomeInventory.accdt
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 12:42:13 | 002,228,534 | ---- | M] ( ) -- C:\Users\Lukas\Documents\audacity-win-1.2.6.exe
[2010/04/27 22:14:50 | 000,053,000 | ---- | M] () -- C:\Lazo Contracts Essay.docx
[2010/04/27 00:01:45 | 060,804,294 | ---- | M] () -- C:\Users\Lukas\Documents\EndNoteX3.zip
[2010/04/26 23:57:32 | 000,009,638 | ---- | M] () -- C:\Users\Lukas\Documents\Endnote_Styles_RefTypes.zip
[2010/04/26 19:17:59 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/04/26 19:17:59 | 000,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/04/26 19:17:59 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/04/25 21:51:53 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/25 02:12:28 | 000,001,401 | ---- | M] () -- C:\Users\Lukas\Desktop\DivX Movies.lnk
[2010/04/25 02:12:07 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/04/25 02:11:55 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/04/25 02:01:04 | 001,180,952 | ---- | M] (DivX, Inc. ) -- C:\Users\Lukas\Documents\DivXInstaller.exe
[2010/04/24 18:29:30 | 010,798,496 | ---- | M] (Nullsoft, Inc.) -- C:\Users\Lukas\Documents\winamp5572_full_emusic-7plus_en-us.exe
[2010/04/24 18:15:58 | 000,170,189 | ---- | M] () -- C:\Users\Lukas\Documents\comma.jpg
[2010/04/20 18:09:50 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/04/10 11:34:46 | 000,000,120 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\d59a3092.dat
[2010/04/03 10:32:55 | 003,479,328 | ---- | M] (Acro Software Inc. ) -- C:\Users\Lukas\Documents\CuteWriter.exe
[2010/04/03 09:47:49 | 000,005,136 | ---- | M] () -- C:\Users\Lukas\Documents\webgoradio.xpi.part
[2010/04/03 09:42:38 | 000,000,000 | ---- | M] () -- C:\Users\Lukas\Documents\webgoradio.xpi
[2010/04/02 19:07:54 | 000,001,035 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/02 18:48:28 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/02 18:46:42 | 134,710,024 | ---- | M] () -- C:\Users\Lukas\Documents\OOo_3.2.0_Win32Intel_install_en-GB.exe
[2010/04/02 09:03:12 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/04/01 19:10:38 | 000,000,790 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/04/01 19:09:11 | 000,000,742 | ---- | M] () -- C:\Users\Lukas\Desktop\LimeWire 5.5.8.lnk
[2010/04/01 00:59:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/04/01 00:54:31 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/01 00:40:38 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/04/01 00:19:11 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2010/04/01 00:17:16 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/01 00:14:08 | 000,000,020 | -HS- | M] () -- C:\Users\Lukas\ntuser.ini
[2010/03/31 11:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/03/09 03:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/02/20 05:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivX.dll
[2010/02/20 05:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\divx_xx0c.dll
[2010/02/20 05:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\divx_xx07.dll
[2010/02/20 05:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\divx_xx0a.dll
[2010/02/20 05:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\divx_xx16.dll
[2010/02/20 05:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\divx_xx11.dll

========== Files Created - No Company Name ==========

[2010/05/15 23:33:23 | 472,071,614 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/15 23:24:31 | 000,000,920 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/15 23:24:19 | 000,000,740 | ---- | C] () -- C:\Users\Lukas\Desktop\NTREGOPT.lnk
[2010/05/15 23:24:19 | 000,000,721 | ---- | C] () -- C:\Users\Lukas\Desktop\ERUNT.lnk
[2010/05/15 20:24:29 | 003,689,229 | ---- | C] () -- C:\Users\Lukas\Desktop\renamed.exe
[2010/05/15 19:33:42 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 19:12:00 | 000,001,062 | ---- | C] () -- C:\Users\Lukas\Desktop\Spybot - Search & Destroy.lnk
[2010/05/15 19:04:48 | 000,000,136 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010/05/15 19:02:04 | 000,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/05/15 18:54:38 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/15 18:40:41 | 000,363,520 | ---- | C] () -- C:\Users\Lukas\Documents\rkill.exe
[2010/05/15 18:12:39 | 000,001,805 | ---- | C] () -- C:\Users\Lukas\Desktop\Universe Sandbox.lnk
[2010/05/15 18:01:56 | 032,014,834 | ---- | C] () -- C:\Users\Lukas\Documents\universe-sandbox-setup.exe
[2010/05/15 00:42:52 | 000,394,710 | ---- | C] () -- C:\Users\Lukas\Documents\Kiss an Angel.docx
[2010/05/14 23:05:26 | 010,938,106 | ---- | C] () -- C:\Users\Lukas\Documents\Total Video Converter v3.50 Final - Mr1000 + Crack.rar
[2010/05/14 21:10:58 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/05/14 21:10:18 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/05/13 23:23:34 | 040,183,918 | ---- | C] () -- C:\Users\Lukas\Documents\doom A4 poster.psd
[2010/05/13 18:03:55 | 000,001,640 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/05/13 17:58:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/13 17:58:30 | 000,001,605 | ---- | C] () -- C:\Users\Lukas\Desktop\Wyzo.lnk
[2010/05/13 17:46:57 | 000,100,024 | ---- | C] () -- C:\Users\Lukas\Documents\Zumba_the_complete_package_3xDVD5_Retail_DD5.1.5414793.TPB.torrent
[2010/05/11 20:03:43 | 000,013,863 | ---- | C] () -- C:\Users\Lukas\Documents\Contract.docx
[2010/05/10 12:09:54 | 000,018,228 | ---- | C] () -- C:\Users\Lukas\Desktop\bThanks.asp.htm
[2010/05/10 12:06:50 | 000,560,910 | ---- | C] () -- C:\Users\Lukas\Desktop\Trip plan for the mostwonderful day.pdf
[2010/05/09 19:09:06 | 000,000,377 | ---- | C] () -- C:\Users\Lukas\Documents\Pictures - Shortcut.lnk
[2010/05/09 14:05:30 | 000,011,273 | ---- | C] () -- C:\Users\Lukas\Documents\CH1.docx
[2010/05/06 19:17:15 | 000,002,601 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2010/05/06 19:17:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys2.bmp
[2010/05/06 19:17:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys1.bmp
[2010/05/06 19:05:20 | 000,000,663 | ---- | C] () -- C:\Users\Lukas\Desktop\Warzone 2100.lnk
[2010/05/06 18:56:33 | 000,000,647 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2010/05/06 18:55:41 | 004,998,707 | ---- | C] () -- C:\Users\Lukas\Documents\flvplayer_setup.exe
[2010/05/06 18:40:21 | 000,000,855 | ---- | C] () -- C:\Users\Lukas\Desktop\Orbit.lnk
[2010/05/05 20:47:36 | 000,001,699 | ---- | C] () -- C:\Users\Lukas\Desktop\Notepad.lnk
[2010/05/05 20:04:35 | 000,022,207 | ---- | C] () -- C:\Users\Lukas\Documents\FRUSTRATION.docx
[2010/05/05 00:04:19 | 000,109,531 | ---- | C] () -- C:\Users\Lukas\Documents\Checkout - Lulu.pdf
[2010/05/01 00:43:47 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/05/01 00:35:52 | 000,202,693 | ---- | C] () -- C:\Users\Lukas\Documents\HomeInventory.accdt
[2010/05/01 00:35:50 | 000,720,896 | ---- | C] () -- C:\Users\Lukas\Documents\DVD.accdb
[2010/04/27 22:14:50 | 000,053,000 | ---- | C] () -- C:\Lazo Contracts Essay.docx
[2010/04/27 00:04:08 | 062,487,040 | ---- | C] () -- C:\Users\Lukas\Documents\ENX3Inst.msi
[2010/04/27 00:04:08 | 000,000,808 | ---- | C] () -- C:\Users\Lukas\Documents\License.dat
[2010/04/27 00:00:52 | 060,804,294 | ---- | C] () -- C:\Users\Lukas\Documents\EndNoteX3.zip
[2010/04/26 23:57:32 | 000,009,638 | ---- | C] () -- C:\Users\Lukas\Documents\Endnote_Styles_RefTypes.zip
[2010/04/25 21:51:53 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/25 21:50:22 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 21:50:21 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 02:12:28 | 000,001,401 | ---- | C] () -- C:\Users\Lukas\Desktop\DivX Movies.lnk
[2010/04/25 02:12:07 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/04/25 02:11:55 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/04/24 18:15:50 | 000,170,189 | ---- | C] () -- C:\Users\Lukas\Documents\comma.jpg
[2010/04/10 11:34:46 | 000,000,120 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\d59a3092.dat
[2010/04/03 10:33:40 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/04/03 09:42:38 | 000,000,000 | ---- | C] () -- C:\Users\Lukas\Documents\webgoradio.xpi
[2010/04/03 09:42:36 | 000,005,136 | ---- | C] () -- C:\Users\Lukas\Documents\webgoradio.xpi.part
[2010/04/02 19:07:54 | 000,001,035 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/02 18:48:28 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/02 18:38:54 | 134,710,024 | ---- | C] () -- C:\Users\Lukas\Documents\OOo_3.2.0_Win32Intel_install_en-GB.exe
[2010/04/01 21:13:21 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/04/01 20:48:09 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2010/04/01 20:22:27 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010/04/01 19:10:38 | 000,000,790 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/04/01 19:09:11 | 000,000,742 | ---- | C] () -- C:\Users\Lukas\Desktop\LimeWire 5.5.8.lnk
[2010/04/01 08:33:39 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/01 08:33:33 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/01 00:59:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/04/01 00:54:31 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/01 00:47:14 | 000,038,912 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 00:24:19 | 000,000,546 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Lukas.job
[2010/04/01 00:19:11 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2010/04/01 00:17:16 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/01 00:14:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010/04/01 00:14:08 | 000,000,020 | -HS- | C] () -- C:\Users\Lukas\ntuser.ini
[2010/04/01 00:14:07 | 006,291,456 | -HS- | C] () -- C:\Users\Lukas\NTUSER.DAT
[2010/04/01 00:14:07 | 000,524,288 | -HS- | C] () -- C:\Users\Lukas\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/04/01 00:14:07 | 000,524,288 | -HS- | C] () -- C:\Users\Lukas\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/04/01 00:14:07 | 000,262,144 | -H-- | C] () -- C:\Users\Lukas\ntuser.dat.LOG1
[2010/04/01 00:14:07 | 000,065,536 | -HS- | C] () -- C:\Users\Lukas\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/04/01 00:14:07 | 000,000,000 | -H-- | C] () -- C:\Users\Lukas\ntuser.dat.LOG2
[2008/07/30 11:33:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008/04/24 02:48:58 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/01 17:13:57 | 001,807,744 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/01/21 12:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/05/09 17:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 22:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/15 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/14 23:31:57 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Azureus
[2010/04/27 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\EndNote
[2010/05/06 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\GrabPro
[2010/04/01 00:21:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Infineon
[2010/05/15 23:36:26 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LimeWire
[2010/05/15 18:13:22 | 000,000,000 | -HSD | M] -- C:\Users\Lukas\AppData\Roaming\ms-drivers
[2010/04/02 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org
[2010/05/07 23:50:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Orbit
[2010/04/01 00:21:23 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Protector Suite
[2010/05/13 17:58:46 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Radical Software Ltd
[2010/02/27 22:53:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\System
[2010/05/15 01:08:55 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\uTorrent
[2010/05/15 18:13:30 | 000,000,000 | -HSD | M] -- C:\Users\Lukas\AppData\Roaming\wyUpdate AU
[2010/05/15 09:25:56 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/05/15 09:25:56 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/05/15 23:18:10 | 000,031,790 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 12:22:49 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/04/23 19:19:29 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/11/09 15:17:45 | 000,023,353 | ---- | M] () -- C:\devlist.txt
[2008/11/09 15:17:41 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2007/06/22 23:46:10 | 000,000,018 | ---- | M] () -- C:\GC21.txt
[2010/05/15 23:33:13 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/09 14:01:33 | 000,000,481 | ---- | M] () -- C:\igoogle_log.txt
[2010/04/27 22:14:50 | 000,053,000 | ---- | M] () -- C:\Lazo Contracts Essay.docx
[2008/10/06 13:46:41 | 000,000,021 | ---- | M] () -- C:\msapp2.LOG
[2008/08/21 12:00:11 | 001,048,576 | RH-- | M] () -- C:\N50V.BIN
[2008/09/17 12:31:35 | 000,000,014 | ---- | M] () -- C:\N50VN_N50VC_VISTA.20
[2008/08/08 17:22:19 | 000,000,030 | ---- | M] () -- C:\NERO.LOG
[2008/07/04 14:35:34 | 000,000,021 | ---- | M] () -- C:\NIS2008.TXT
[2007/03/16 09:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_C.TXT
[2010/05/15 23:33:12 | 3533,873,152 | -HS- | M] () -- C:\pagefile.sys
[2008/11/09 00:03:46 | 000,000,105 | ---- | M] () -- C:\Pass.txt
[2008/09/24 12:22:03 | 000,002,666 | ---- | M] () -- C:\Patch.LOG
[2008/04/30 00:30:30 | 000,000,020 | ---- | M] () -- C:\READER_C.TXT
[2008/09/17 12:31:35 | 000,000,014 | ---- | M] () -- C:\RECOVERY.DAT
[2008/11/09 14:43:04 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2010/05/15 18:57:59 | 000,000,387 | ---- | M] () -- C:\rkill.log
[2008/11/09 15:12:52 | 000,000,163 | ---- | M] () -- C:\setup.log
[2008/11/09 13:35:22 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2008/11/09 13:34:32 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2008/08/01 08:40:18 | 000,000,021 | ---- | M] () -- C:\V552.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 12:22:35 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/21 12:22:35 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/21 12:22:49 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 12:22:45 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/21 07:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 21:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 21:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 21:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/04/26 19:17:59 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/02/19 00:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 21:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
< End of report >

Edited by Orange Blossom, 15 May 2010 - 10:41 PM.
Moving to log forum. ~ OB


#4 yanluo

yanluo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 15 May 2010 - 09:47 PM

Got my MalwareBytes AM Quicklog here.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4103

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

16/05/2010 12:45:22 PM
mbam-log-2010-05-16 (12-45-22).txt

Scan type: Quick scan
Objects scanned: 123648
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 yanluo

yanluo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 15 May 2010 - 10:40 PM

I have just run a Spybot Search and Destroy scan with "No immediate threats found". This was using the latest version of Spybot SD.

#6 yanluo

yanluo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 16 May 2010 - 02:22 AM

I ran a Norton Scan, here is the log. I do hope I am providing relevant information. smile.gif

Scan Stats:
Scan Time: 68 seconds
Scan Options:
Scan Targets:
Counts:
Total items scanned: 7,894
- Files & Directories: 1,264
- Registry Entries: 262
- Processes & Start-up Items: 6,142
- Network & Browser Items: 217
- Other: 4

Total security risks detected: 1
Total items resolved: 0
Total items that require attention: 1

Resolved Threats:


Unresolved Threats:
Tracking Cookies
Virus ID: 4294909925
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Cookie
State: Not Attempted
-----------
3 Tracking Cookies
Cookie:lukas@msnportal.112.2o7.net/ - No action taken
Cookie:lukas@atdmt.com/ - No action taken
- No action taken


I removed the tracking cookies. But I don't think they are that dangerous.

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:23 PM

Posted 16 May 2010 - 07:24 AM

Hello yanluo

Welcome to BleepingComputer
======================
One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 yanluo

yanluo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 16 May 2010 - 07:28 AM

What if I do a recovery of Windows, will that do anything?

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:23 PM

Posted 16 May 2010 - 07:33 AM

If you do a full destructive recovery then it is a reinstall of Windows but you will lose everything.
If you do a non destructive recovery then it is only a repair install and will do nothing.

If you plan on doing that then I suggest backing up docs,pics,favorites before proceeding.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 yanluo

yanluo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 16 May 2010 - 07:41 AM

What about a recovery via a recovery partition? I think that there is a way I can boot off a recovery parition and then reinstall the OS via that method? I am using an Asus N50 notebook. I have recovered my laptop once, but I would require some assistance to do it again. smile.gif

Btw thankyou very much for your assistance so far!

EDIT: I have backed everything up. Therefore I am ready to proceed with formatting. I guess that is the SAFEST thing to do. BTW What degree of safety could you say I had if we went for a non-destructive means of recovery.

EDIT EDIT: Well I have, after much trouble and searching, begun to recover my PC from an OEM recovery disk. I would like to give my biggest thanks to kadah for all his help. If I might ask, for my sake and any other forum goers, what do you think is the best way to prevent a root-kit like this in the future? I did have an Anti-virus program, as well as the Windows Firewall.

I don't know if the typical anti-malware programs are enough these days! I will certainly change my AV to Avast, and have Spybot SD with Malwarebytes AM scans done regularly to ensure it is clean. But is there any surefire tips (or relatively good if that is the case) to prevent this in the future. Thanks again!! smile.gif

Edited by yanluo, 16 May 2010 - 08:51 AM.


#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:23 PM

Posted 20 May 2010 - 01:07 PM

Hi sorry didn't get a notification of your reply.

Yes using any antivirus would typically suffice but rootkit use hidden techniques and cannot always be detected.
Avast is ok but I prefer a better protection such as Kaspersky but that is paid for so for a free alternative would be better than Avast is
Microsoft Security Essentials this actually will detect and remove this rootkit.

Prevention methods will be given now.
The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users