Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bootkit - Iexplorer running in background + hijacking google


  • Please log in to reply
13 replies to this topic

#1 Troubled Virus

Troubled Virus

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 19 January 2012 - 01:45 PM

Hello,

I was advised to create a new topic here from forum member boopme.

You can see the previous discussion here: Multiple iexplorer processes running, hidden files, empty start menu

Malware, ESET Online Scan, MiniToolBox, restore point, and disk clean up all helped remove some of the spyware / viruses but the main issue is still here.

iexplorer.exe processes are still running in the background and playing audio ads. They are initiated by SYSTEM and don't appear in programs running in task manager.

Also, once in a while google search link is redirected to another page.

I run Windows XP Pro 64 bit so DDS and GMER applications do not work.

But I read somewhere i should use RSIT and post the logs so I have decided to be proactive and do that.

Below is the info.txt file generated:

info.txt logfile of random's system information tool 1.09 2012-01-19 14:10:10

======Uninstall list======

-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files (x86)\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
µTorrent-->"C:\Program Files\uninstall.exe"
7-Zip 4.65-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Acrobat.com-->msiexec /qb /x {F8131A35-47FD-27AD-116D-0E79AF5DE5EE}
Acrobat.com-->MsiExec.exe /I{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}
Adobe Acrobat 8 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C79312BD-3E76-4474-A10C-1435D1856A4B}"
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 2-->C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS3 Professional-->C:\Program Files (x86)\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\1710d324011afc3e7658e969025f4ba\Setup.exe --uninstall=1
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Photoshop Lightroom 2.6-->MsiExec.exe /I{81CB77FF-9789-4337-A46E-185F7876AC40}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Alamoon Watermark v1.4-->"C:\Program Files (x86)\Alamoon Watermark\unins000.exe"
AMD Processor Driver-->C:\Program Files (x86)\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
aMSN 0.98.1-->C:\Program Files (x86)\aMSN\uninstall.exe
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
ATI - Software Uninstall Utility-->C:\Program Files (x86)\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
Audacity 1.3.13 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
Belkin Wireless USB Utility-->C:\Program Files (x86)\InstallShield Installation Information\{A6359CCF-215D-43D9-8366-479D231F2A72}\setup.exe -runfromtemp -l0x0409
BSR Screen Recorder 4-->C:\Program Files\BSR Screen Recorder 4\Uninstall Screen Recorder 4.exe
CardRecovery 5.30-->"C:\Program Files (x86)\CardRecovery\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}
CoffeeCup Free DHTML Menu Builder-->C:\PROGRA~2\COFFEE~1\DHTMLM~1\UNWISE.EXE C:\PROGRA~2\COFFEE~1\DHTMLM~1\sitemapper.log
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CuteFTP 8 Home-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Sweeper version 3.2.0-->"C:\Program Files (x86)\Phyxion.net\Driver Sweeper\unins000.exe"
Easy DVD Player 2.0-->"C:\Program Files (x86)\Easy DVD Player\unins000.exe"
Emsisoft Anti-Malware-->"C:\Program Files (x86)\Emsisoft Anti-Malware\unins000.exe"
EnhanceMovie 3-->MsiExec.exe /I{73C97DA1-E158-4516-B18D-26DEFE92447B}
erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Express Gate-->MsiExec.exe /X{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Facebook Video Calling 1.0.0.8953-->MsiExec.exe /X{1D7CE340-70C3-4848-BCCF-215950328A4C}
FileMaker Pro 11 Advanced-->C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\Setup\Uninstall.exe {C53BECC0-C579-44F8-A995-E97FACB04DFC} "FileMaker Pro 11 Advanced"
FileMaker Pro 11 Advanced-->MsiExec.exe /I{C53BECC0-C579-44F8-A995-E97FACB04DFC}
FileZilla Client 3.3.5.1-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Free Audio CD Burner version 1.2-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free DVD Creator version 2.0-->"C:\Program Files (x86)\Free DVD Creator\unins000.exe"
Free Games Offer, Desktop Shortcut-->MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Free M4a to MP3 Converter 6.2-->"C:\Program Files (x86)\Free M4a to MP3 Converter\unins000.exe"
Free software Gooofull toolbar-->regsvr32 /u /s "C:\Program Files (x86)\Outlook Express 14.0.8089.0726\tbunswBB.tmp\tbcore3.dll"
Google Talk Plugin-->MsiExec.exe /I{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files (x86)\Common Files\GTK\2.0\uninst.exe
High-Logic FontCreator 6.5-->"C:\Program Files (x86)\High-Logic FontCreator\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
K-Lite Mega Codec Pack 7.7.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LAME v3.98.3 for Audacity-->"C:\Program Files (x86)\Lame For Audacity\unins000.exe"
Logitech QuickCam Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech SetPoint-->"C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l1033 -removeonly
Logitech® Camera Driver-->"C:\Program Files (x86)\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes Anti-Malware version 1.60.0.1800-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Market Samurai-->msiexec /qb /x {0163A4C9-2C8F-1A43-098C-058542EB2693}
Market Samurai-->MsiExec.exe /I{0163A4C9-2C8F-1A43-098C-058542EB2693}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Expression Blend 3 SDK-->MsiExec.exe /X{0E837AF0-4C92-4077-83F0-D022073F17C0}
Microsoft Expression Blend 3-->"C:\Program Files (x86)\Microsoft Expression\Blend 3\XSetup.exe" -x -AppLangId:1033 "-manifest:BlendManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Blend 3\Setup;C:\Documents and Settings\Aleco\My Documents\Downloads\EXPRESSION\Setup"
Microsoft Expression Blend 3-->MsiExec.exe /X{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}
Microsoft Expression Design 3-->"C:\Program Files (x86)\Microsoft Expression\Design 3\XSetup.exe" -x -AppLangId:1033 "-manifest:DesignManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Design 3\Setup;C:\Documents and Settings\Aleco\My Documents\Downloads\EXPRESSION\Setup"
Microsoft Expression Design 3-->MsiExec.exe /X{E9980014-BE11-4891-A5F4-0F2917B856BC}
Microsoft Expression Encoder 3-->"C:\Program Files (x86)\Microsoft Expression\Encoder 3\XSetup.exe" -x -AppLangId:1033 "-manifest:EncoderManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Encoder 3\Setup;C:\Documents and Settings\Aleco\My Documents\Downloads\EXPRESSION\Setup"
Microsoft Expression Encoder 3-->MsiExec.exe /X{F73340A9-8AA9-49C4-937E-E271B837056C}
Microsoft Expression Studio 3-->"C:\Program Files (x86)\Microsoft Expression\Studio 3\XSetup.exe" -x -AppLangId:1033 "-manifest:ExpressionStudioManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Studio 3\Setup;C:\Documents and Settings\Aleco\My Documents\Downloads\EXPRESSION\Setup"
Microsoft Expression Studio 3-->MsiExec.exe /X{44F7BA74-C11A-49FC-B2FC-1B827C491F74}
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKSTD /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{90120000-00E0-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight 3 SDK-->MsiExec.exe /X{2012098D-EEE9-4769-8DD3-B038050854D4}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
mIRC-->C:\Program Files (x86)\mIRC\uninstall.exe _?=C:\Program Files (x86)\mIRC
Movavi Video Editor 4-->MsiExec.exe /I{95B7C0F4-7434-4DFB-B900-201BFC00C00B}
Movavi VideoSuite 6-->MsiExec.exe /I{A9D0555C-AB20-419D-A98C-3B11ECC0F921}
Mozilla Firefox 9.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1.2)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
Orca-->MsiExec.exe /I{63A68338-16A3-4763-8478-A45F91A61E7A}
Outlook on the Desktop 1.6.0-->"C:\Program Files (x86)\Outlook on the Desktop\unins000.exe"
PC Wizard 2010.1.96-->"C:\Program Files (x86)\CPUID\PC Wizard 2010\unins000.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixillion Image Converter-->C:\Program Files (x86)\NCH Software\Pixillion\uninst.exe
Power Launch 2-->"C:\Program Files\Power Launch 2\unins000.exe"
Preview Handler Pack-->MsiExec.exe /I{56C899E7-F067-4AE3-9CBE-788840205808}
QT Lite 2.8.0-->"C:\Program Files (x86)\QT Lite\unins000.exe"
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RoboForm 7-2-8 (All Users)-->"C:\Program Files (x86)\Siber Systems\AI RoboForm\rfwipeout.exe"
RZ DVD Creator-->"C:\Program Files (x86)\InstallShield Installation Information\{3F32058A-343A-4C16-BD1B-BE35E9A42352}\setup.exe" -runfromtemp -l0x0009 -removeonly
Safari-->MsiExec.exe /I{3763A2B4-B07A-4E4D-994D-7D2C6AF0CF9E}
SEO PowerSuite-->"C:\Program Files (x86)\SEO PowerSuite\Uninstall.exe"
Simfatic Forms 3.2.1.252-->"C:\Program Files (x86)\Simfatic Solutions\SimfaticForms\uninst\unins000.exe"
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Sothink Movie DVD Maker-->"C:\Program Files (x86)\SourceTec\Sothink Movie DVD Maker\unins000.exe"
Sothink SWF Decompiler-->"C:\Program Files (x86)\SourceTec\Sothink SWF Decompiler\unins000.exe"
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.5-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
Start Menu Manager 2.1-->C:\Program Files (x86)\Start Menu Manager\Uninst.exe
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Super Audio Grabber Pro-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8A9B872B-5040-4EF8-82BE-F03308049C4E}\Setup.exe" -l0x9
SWF to AVI 1.7-->"C:\Program Files (x86)\SWF to AVI\unins000.exe"
TweakUI for Windows 64-Bit-->MsiExec.exe /X{FBE87834-E5DB-41E6-8A11-0979F9DF8E12}
UBitMenu UK-->"C:\Documents and Settings\Aleco\Application Data\UBitMenu\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VIA Platform Device Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 1.1.3-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
vReveal-->C:\Program Files (x86)\vReveal\Uninstall.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinHTTrack Website Copier 3.43-9D-->"C:\Program Files (x86)\WinHTTrack\unins000.exe"
WPF Toolkit June 2009 (Version 3.5.40619.1)-->MsiExec.exe /X{5EE6E987-1B79-4A93-832B-27472C7D1579}
X2X Free Video Flip and Rotate 2.0-->"C:\Program Files (x86)\X2Xsoft\Free Video Flip and Rotate\unins000.exe"
Xmarks for IE-->MsiExec.exe /X{C3379132-291E-4B3D-B1FE-BCFAD8157B46}
Xmarks Thumbnails for IE-->MsiExec.exe /X{84513125-0BC7-46F8-BE1E-309263B79AE2}

======Hosts File======

127.0.0.1 localhost

Securitycenter WMI appears to be broken

======System event log======

Computer Name: ALEXPC
Event Code: 10005
Message: DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 63278
Source Name: DCOM
Time Written: 20111204141835.000000-300
Event Type: Error
User:

Computer Name: ALEXPC
Event Code: 244
Message: Failed to create a desktop due to desktop heap exhaustion.

Record Number: 63215
Source Name: Win32k
Time Written: 20111204140946.000000-300
Event Type: Warning
User:

Computer Name: ALEXPC
Event Code: 4321
Message: The name "CENTRIC :0" could not be registered on the Interface with IP address 192.168.1.107.
The machine with the IP address 192.168.1.1 did not allow the name to be claimed by
this machine.

Record Number: 63213
Source Name: NetBT
Time Written: 20111204135946.000000-300
Event Type: Error
User:

Computer Name: ALEXPC
Event Code: 3032
Message: The redirector was unable to register the domain CENTRIC on to transport NetBT_Tcpip_{323A38EF-313E-483F-AD8E-22C90ECDE164} for the following reason: You were not connected because a duplicate name exists on the network. Go to System in Control Panel to change the computer name and try again. . Transport has been taken offline.

Record Number: 63212
Source Name: MRxSmb
Time Written: 20111204135946.000000-300
Event Type: Warning
User:

Computer Name: ALEXPC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00227575BA21. The following
error occurred:
The operation was canceled by the user. .
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 63210
Source Name: Dhcp
Time Written: 20111204135934.000000-300
Event Type: Warning
User:

=====Application event log=====

Computer Name: LOVESXP
Event Code: 0
Message: HttpModules node ServiceModel does not exist in System.Web section group.

Record Number: 1690
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100503193358.000000-240
Event Type: Warning
User:

Computer Name: LOVESXP
Event Code: 0
Message: HttpHandlers node *.svc does not exist in System.Web section group.

Record Number: 1689
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100503193358.000000-240
Event Type: Warning
User:

Computer Name: LOVESXP
Event Code: 0
Message: All compilation assembly nodes do not exist in System.Web section group.

Record Number: 1688
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100503193358.000000-240
Event Type: Warning
User:

Computer Name: LOVESXP
Event Code: 0
Message: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.

Record Number: 1687
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100503193358.000000-240
Event Type: Warning
User:

Computer Name: LOVESXP
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 1685
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100503193357.000000-240
Event Type: Warning
User:

=====Security event log=====

Computer Name: ALEXPC
Event Code: 552
Message: Logon attempt using explicit credentials:

Logged on user:

User Name: Aleco

Domain: ALEXPC

Logon ID: (0x0,0x11591)

Logon GUID: -

User whose credentials were used:

Target User Name: alex@ezeosupport.com

Target Domain:

Target Logon GUID: -


Target Server Name: CAS204.domain.local

Target Server Info: CAS204.domain.local

Caller Process ID: 1640

Source Network Address: -

Source Port: -


Record Number: 59691
Source Name: Security
Time Written: 20110616234535.000000-240
Event Type: Audit Success
User: ALEXDOTCOMPUTER\Aleco

Computer Name: ALEXPC
Event Code: 538
Message: User Logoff:

User Name: ANONYMOUS LOGON

Domain: NT AUTHORITY

Logon ID: (0x0,0x2E8F7E)

Logon Type: 3


Record Number: 59690
Source Name: Security
Time Written: 20110616233801.000000-240
Event Type: Audit Success
User: NT AUTHORITY\ANONYMOUS LOGON

Computer Name: ALEXPC
Event Code: 540
Message: Successful Network Logon:

User Name:

Domain:

Logon ID: (0x0,0x2E8F7E)

Logon Type: 3

Logon Process: NtLmSsp

Authentication Package: NTLM

Workstation Name: ELIAS-DELLLAPTO

Logon GUID: -

Caller User Name: -

Caller Domain: -

Caller Logon ID: -

Caller Process ID: -

Transited Services: -

Source Network Address: 192.168.1.104

Source Port: 0


Record Number: 59689
Source Name: Security
Time Written: 20110616233749.000000-240
Event Type: Audit Success
User: NT AUTHORITY\ANONYMOUS LOGON

Computer Name: ALEXPC
Event Code: 552
Message: Logon attempt using explicit credentials:

Logged on user:

User Name: Aleco

Domain: ALEXPC

Logon ID: (0x0,0x11591)

Logon GUID: -

User whose credentials were used:

Target User Name: alex@ezeosupport.com

Target Domain: ALEXPC

Target Logon GUID: -


Target Server Name: CAS206.domain.local

Target Server Info: CAS206.domain.local

Caller Process ID: 1640

Source Network Address: -

Source Port: -


Record Number: 59688
Source Name: Security
Time Written: 20110616232730.000000-240
Event Type: Audit Success
User: ALEXDOTCOMPUTER\Aleco

Computer Name: ALEXPC
Event Code: 538
Message: User Logoff:

User Name: ANONYMOUS LOGON

Domain: NT AUTHORITY

Logon ID: (0x0,0x2CF886)

Logon Type: 3


Record Number: 59687
Source Name: Security
Time Written: 20110616232601.000000-240
Event Type: Audit Success
User: NT AUTHORITY\ANONYMOUS LOGON

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\ImageConverter Plus;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC90.CRT;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC90.MFC;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support;C:\Program Files (x86)\Common Files\Apple\Apple Application Support;C:\Program Files (x86)\QuickTime\QTSystem\;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DevMgr_Show_Details"=1
"Devmgr_Show_Nonpresent_Devices"=1
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------



below is the log.txt generated by RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Aleco at 2012-01-19 14:07:52
Microsoft® Windows® XP Professional x64 Edition Service Pack 2
System drive C: has 147 GB (48%) free of 305 GB
Total RAM: 3839 MB (43% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0 Fallback-ALEXDOTCOMPUTER-Aleco.job
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ALEXDOTCOMPUTER-Aleco.job
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ALEXPC-Aleco.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1445010430-1466051819-2357819489-1002Core.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Aleco\Application Data\Mozilla\Firefox\Profiles\q42hrgf9.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{22119944-ED35-4ab1-910B-E619EA06A115}"=C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{c4d362ec-1cff-4ca0-9031-99a8fad7995a}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npDivxPlayerPlugin.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.DEU
nppdf32.FRA
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BD0BEFE-F697-4eee-B7E1-76B849A5CB84}]
ThumbnailsBHO Class - C:\Program Files (x86)\Xmarks\Thumbnails for IE\xmarksthumbnails.dll [2010-04-06 327680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2011-04-08 14918136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2011-04-08 14918136]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VIAJDS"=C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe [2009-07-06 464896]
"emsisoft anti-malware"=c:\program files (x86)\emsisoft anti-malware\a2guard.exe [2011-12-22 3322768]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\qttask.exe [2010-09-08 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"=C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2011-04-08 107000]
"LogitechSoftwareUpdate"=C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-02-18 15360]
"Xmarks"=C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [2011-02-05 1092808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS]
C:\WINDOWS\system32\sclgntfy.dll [2007-02-18 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=lsass.exe []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DISABLETASKMGR"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMConfigurePrograms"=1
"NoUserNameInStartMenu"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"StartMenuFavorites"=0
"Start_ShowHelp"=0
"Start_ShowMyComputer"=1
"Start_ShowMyDocs"=1
"Start_ShowNetConn"=1
"Start_ShowMyMusic"=0
"Start_ShowRun"=1
"Start_ShowSearch"=0
"NoDriveTypeAutoRun"=255
"NoStrCmpLogical"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\mIRC\mirc.exe"="C:\Program Files (x86)\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files (x86)\aMSN\bin\wish.exe"="C:\Program Files (x86)\aMSN\bin\wish.exe:*:Enabled:Wish Application"
"C:\Program Files\utorrent.exe"="C:\Program Files\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"="C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files (x86)\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files (x86)\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files (x86)\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files (x86)\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files (x86)\Windows Live\Messenger\livecall.exe"="C:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"="C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"="C:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files (x86)\iTunes\iTunes.exe"="C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files (x86)\Simfatic Solutions\SimfaticForms\SimfaticForms.exe"="C:\Program Files (x86)\Simfatic Solutions\SimfaticForms\SimfaticForms.exe:*:Enabled:Simfatic Forms"
"C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\Extensions\Web Support\FM Web Publishing.exe"="C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\Extensions\Web Support\FM Web Publishing.exe:*:Enabled:FileMaker Web Publishing"
"C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\FileMaker Pro Advanced.exe"="C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\FileMaker Pro Advanced.exe:*:Enabled:FileMaker Pro Advanced"
"C:\Documents and Settings\Aleco\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Aleco\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\QvodPlayer\QvodTerminal.exe"="C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QVOD"
"C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Aleco\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Aleco\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Aleco\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Aleco\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4"
"C:\Documents and Settings\Aleco\Desktop\EMAIL\yahooproxy-0.3.exe"="C:\Documents and Settings\Aleco\Desktop\EMAIL\yahooproxy-0.3.exe:*:Disabled:yahooproxy-0.3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files (x86)\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files (x86)\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files (x86)\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files (x86)\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files (x86)\Windows Live\Messenger\livecall.exe"="C:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv50"=C:\WINDOWS\SysWOW64\ir50_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.l3acm"=C:\WINDOWS\SysWOW64\l3codecp.acm
"VIDC.wmv3"=wmv9vcm.dll
"vidc.MPG4"=Mpg4c32.dll
"vidc.MP42"=Mpg4c32.dll
"vidc.MP43"=Mpg4c32.dll
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll
"vidc.dvsd"=pdvcodec.dll
"vidc.LSCR"=C:\WINDOWS\SysWOW64\LCODCS~1.DLL
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2012-01-19 14:07:52 ----D---- C:\rsit
2012-01-19 06:10:37 ----A---- C:\Documents and Settings\All Users\Application Data\yenoaaa.tmp
2012-01-19 06:10:37 ----A---- C:\Documents and Settings\All Users\Application Data\xenoaaa.tmp
2012-01-19 06:10:37 ----A---- C:\Documents and Settings\All Users\Application Data\wenoaaa.tmp
2012-01-19 06:10:37 ----A---- C:\Documents and Settings\All Users\Application Data\venoaaa.tmp
2012-01-19 06:10:37 ----A---- C:\Documents and Settings\All Users\Application Data\uenoaaa.tmp
2012-01-19 04:06:43 ----A---- C:\Documents and Settings\All Users\Application Data\wfyjcaa.tmp
2012-01-19 04:06:03 ----A---- C:\Documents and Settings\All Users\Application Data\agyjcaa.tmp
2012-01-19 04:05:58 ----A---- C:\Documents and Settings\All Users\Application Data\zfyjcaa.tmp
2012-01-19 04:05:48 ----A---- C:\Documents and Settings\All Users\Application Data\xfyjcaa.tmp
2012-01-19 03:59:45 ----A---- C:\Documents and Settings\All Users\Application Data\lympaaa.tmp
2012-01-19 03:59:45 ----A---- C:\Documents and Settings\All Users\Application Data\iympaaa.tmp
2012-01-19 03:59:36 ----A---- C:\Documents and Settings\All Users\Application Data\mympaaa.tmp
2012-01-19 03:59:36 ----A---- C:\Documents and Settings\All Users\Application Data\kympaaa.tmp
2012-01-19 03:59:36 ----A---- C:\Documents and Settings\All Users\Application Data\jympaaa.tmp
2012-01-19 00:18:41 ----A---- C:\Documents and Settings\All Users\Application Data\mgtoaaa.tmp
2012-01-19 00:18:41 ----A---- C:\Documents and Settings\All Users\Application Data\lgtoaaa.tmp
2012-01-19 00:18:41 ----A---- C:\Documents and Settings\All Users\Application Data\kgtoaaa.tmp
2012-01-19 00:18:41 ----A---- C:\Documents and Settings\All Users\Application Data\jgtoaaa.tmp
2012-01-18 23:46:07 ----HDC---- C:\WINDOWS\ie8
2012-01-18 21:28:18 ----A---- C:\Documents and Settings\All Users\Application Data\kvapaaa.tmp
2012-01-18 21:28:18 ----A---- C:\Documents and Settings\All Users\Application Data\ivapaaa.tmp
2012-01-18 15:41:34 ----D---- C:\Program Files (x86)\ESET
2012-01-18 13:58:04 ----A---- C:\Documents and Settings\All Users\Application Data\xwgpaaa.tmp
2012-01-18 13:58:04 ----A---- C:\Documents and Settings\All Users\Application Data\vwgpaaa.tmp
2012-01-18 13:58:03 ----A---- C:\Documents and Settings\All Users\Application Data\ywgpaaa.tmp
2012-01-18 13:58:03 ----A---- C:\Documents and Settings\All Users\Application Data\wwgpaaa.tmp
2012-01-18 13:57:29 ----A---- C:\Documents and Settings\All Users\Application Data\uwgpaaa.tmp
2012-01-18 05:33:11 ----A---- C:\Documents and Settings\All Users\Application Data\vtuoaaa.tmp
2012-01-18 05:33:11 ----A---- C:\Documents and Settings\All Users\Application Data\utuoaaa.tmp
2012-01-18 05:33:11 ----A---- C:\Documents and Settings\All Users\Application Data\ttuoaaa.tmp
2012-01-18 05:33:10 ----A---- C:\Documents and Settings\All Users\Application Data\wtuoaaa.tmp
2012-01-18 05:33:10 ----A---- C:\Documents and Settings\All Users\Application Data\stuoaaa.tmp
2012-01-18 04:48:01 ----A---- C:\rapport.txt
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\WS2Fix.exe
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\VCCLSID.exe
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\VACFix.exe
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\swxcacls.exe
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\swsc.exe
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\swreg.exe
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\IEDFix.exe
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\dumphive.exe
2012-01-18 04:47:50 ----A---- C:\WINDOWS\SysWOW64\404Fix.exe
2012-01-18 03:17:14 ----A---- C:\TDSSKiller.2.7.3.0_18.01.2012_03.17.14_log.txt
2012-01-18 01:38:06 ----A---- C:\Documents and Settings\All Users\Application Data\rrcmbaa.tmp
2012-01-18 01:38:06 ----A---- C:\Documents and Settings\All Users\Application Data\qrcmbaa.tmp
2012-01-18 01:38:06 ----A---- C:\Documents and Settings\All Users\Application Data\orcmbaa.tmp
2012-01-18 01:26:43 ----A---- C:\Documents and Settings\All Users\Application Data\prcmbaa.tmp
2012-01-18 00:35:28 ----D---- C:\!KillBox
2012-01-17 23:50:09 ----A---- C:\Documents and Settings\All Users\Application Data\ysroaaa.tmp
2012-01-17 23:50:09 ----A---- C:\Documents and Settings\All Users\Application Data\ctroaaa.tmp
2012-01-17 23:50:09 ----A---- C:\Documents and Settings\All Users\Application Data\btroaaa.tmp
2012-01-17 23:48:46 ----A---- C:\TDSSKiller.2.7.3.0_17.01.2012_23.48.46_log.txt
2012-01-17 23:41:35 ----A---- C:\TDSSKiller.2.7.3.0_17.01.2012_23.41.35_log.txt
2012-01-17 23:39:41 ----A---- C:\TDSSKiller.2.7.1.0_17.01.2012_23.39.41_log.txt
2012-01-17 23:10:10 ----A---- C:\Documents and Settings\All Users\Application Data\esooaaa.tmp
2012-01-17 23:09:25 ----A---- C:\Documents and Settings\All Users\Application Data\hsooaaa.tmp
2012-01-17 23:09:20 ----A---- C:\Documents and Settings\All Users\Application Data\gsooaaa.tmp
2012-01-17 23:09:15 ----A---- C:\Documents and Settings\All Users\Application Data\fsooaaa.tmp
2012-01-17 23:01:23 ----A---- C:\Documents and Settings\All Users\Application Data\ofqoaaa.tmp
2012-01-17 23:00:42 ----A---- C:\Documents and Settings\All Users\Application Data\sfqoaaa.tmp
2012-01-17 23:00:37 ----A---- C:\Documents and Settings\All Users\Application Data\rfqoaaa.tmp
2012-01-17 23:00:32 ----A---- C:\Documents and Settings\All Users\Application Data\qfqoaaa.tmp
2012-01-17 23:00:27 ----A---- C:\Documents and Settings\All Users\Application Data\pfqoaaa.tmp
2012-01-17 21:55:57 ----A---- C:\Documents and Settings\All Users\Application Data\yklpaaa.tmp
2012-01-17 21:55:56 ----A---- C:\Documents and Settings\All Users\Application Data\bllpaaa.tmp
2012-01-17 21:55:55 ----A---- C:\Documents and Settings\All Users\Application Data\cllpaaa.tmp
2012-01-17 21:55:54 ----A---- C:\Documents and Settings\All Users\Application Data\allpaaa.tmp
2012-01-17 21:55:35 ----A---- C:\Documents and Settings\All Users\Application Data\zklpaaa.tmp
2012-01-17 19:47:38 ----D---- C:\Documents and Settings\All Users\Application Data\StartMenuManager
2012-01-17 19:41:16 ----D---- C:\Documents and Settings\Aleco\Application Data\StartMenuManager
2012-01-17 19:40:21 ----D---- C:\Program Files (x86)\Start Menu Manager
2012-01-17 17:18:50 ----A---- C:\Documents and Settings\All Users\Application Data\cwdpaaa.tmp
2012-01-17 17:18:48 ----A---- C:\Documents and Settings\All Users\Application Data\bwdpaaa.tmp
2012-01-17 17:18:47 ----A---- C:\Documents and Settings\All Users\Application Data\ewdpaaa.tmp
2012-01-17 17:15:51 ----A---- C:\Documents and Settings\All Users\Application Data\dwdpaaa.tmp
2012-01-17 16:19:24 ----A---- C:\WINDOWS\SysWOW64\tmp.txt
2012-01-17 16:18:59 ----A---- C:\WINDOWS\SysWOW64\SrchSTS.exe
2012-01-17 16:18:59 ----A---- C:\WINDOWS\SysWOW64\o4Patch.exe
2012-01-17 16:18:59 ----A---- C:\WINDOWS\SysWOW64\IEDFix.C.exe
2012-01-17 16:18:59 ----A---- C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe
2012-01-17 14:44:36 ----A---- C:\Documents and Settings\All Users\Application Data\eccqaaa.tmp
2012-01-17 14:44:23 ----A---- C:\Documents and Settings\All Users\Application Data\gccqaaa.tmp
2012-01-17 14:44:20 ----A---- C:\Documents and Settings\All Users\Application Data\iccqaaa.tmp
2012-01-17 04:35:08 ----A---- C:\Documents and Settings\All Users\Application Data\slopaaa.tmp
2012-01-17 04:34:37 ----A---- C:\Documents and Settings\All Users\Application Data\wlopaaa.tmp
2012-01-17 04:34:23 ----A---- C:\Documents and Settings\All Users\Application Data\vlopaaa.tmp
2012-01-17 04:34:18 ----A---- C:\Documents and Settings\All Users\Application Data\ulopaaa.tmp
2012-01-17 04:34:13 ----A---- C:\Documents and Settings\All Users\Application Data\tlopaaa.tmp
2012-01-17 03:16:54 ----D---- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-01-17 03:14:24 ----A---- C:\Documents and Settings\All Users\Application Data\ybwbbaa.tmp
2012-01-17 03:14:21 ----A---- C:\Documents and Settings\All Users\Application Data\acwbbaa.tmp
2012-01-17 03:13:48 ----A---- C:\Documents and Settings\All Users\Application Data\xbwbbaa.tmp
2012-01-17 02:51:21 ----D---- C:\Program Files (x86)\SpywareBlaster
2012-01-17 01:46:10 ----A---- C:\Documents and Settings\All Users\Application Data\maqbbaa.tmp
2012-01-17 01:46:10 ----A---- C:\Documents and Settings\All Users\Application Data\jaqbbaa.tmp
2012-01-17 01:46:09 ----A---- C:\Documents and Settings\All Users\Application Data\iaqbbaa.tmp
2012-01-17 01:46:05 ----A---- C:\Documents and Settings\All Users\Application Data\laqbbaa.tmp
2012-01-16 23:07:26 ----A---- C:\Documents and Settings\All Users\Application Data\mcxdbaa.tmp
2012-01-16 23:07:19 ----A---- C:\Documents and Settings\All Users\Application Data\kcxdbaa.tmp
2012-01-16 23:07:10 ----A---- C:\Documents and Settings\All Users\Application Data\icxdbaa.tmp
2012-01-16 23:07:09 ----A---- C:\Documents and Settings\All Users\Application Data\jcxdbaa.tmp
2012-01-16 23:07:03 ----A---- C:\Documents and Settings\All Users\Application Data\lcxdbaa.tmp
2012-01-16 23:01:23 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2012-01-16 20:19:33 ----A---- C:\Documents and Settings\All Users\Application Data\ehoibaa.tmp
2012-01-16 20:19:32 ----A---- C:\Documents and Settings\All Users\Application Data\ghoibaa.tmp
2012-01-16 20:10:22 ----D---- C:\Program Files (x86)\trend micro
2012-01-16 19:14:39 ----A---- C:\Documents and Settings\All Users\Application Data\fhoibaa.tmp
2012-01-16 18:49:45 ----A---- C:\Documents and Settings\All Users\Application Data\ymklbaa.tmp
2012-01-16 18:48:50 ----A---- C:\Documents and Settings\All Users\Application Data\zmklbaa.tmp
2012-01-16 16:18:07 ----A---- C:\Documents and Settings\All Users\Application Data\miskbaa.tmp
2012-01-16 16:18:02 ----A---- C:\Documents and Settings\All Users\Application Data\liskbaa.tmp
2012-01-16 16:17:57 ----A---- C:\Documents and Settings\All Users\Application Data\kiskbaa.tmp
2012-01-16 16:17:55 ----A---- C:\Documents and Settings\All Users\Application Data\iiskbaa.tmp
2012-01-16 16:17:52 ----A---- C:\Documents and Settings\All Users\Application Data\jiskbaa.tmp
2012-01-16 09:01:31 ----D---- C:\WINDOWS.1
2012-01-16 09:01:31 ----ASH---- C:\pagefile.sys
2012-01-16 03:10:22 ----A---- C:\Documents and Settings\All Users\Application Data\oatvaaa.tmp
2012-01-16 03:10:11 ----A---- C:\Documents and Settings\All Users\Application Data\qatvaaa.tmp
2012-01-16 03:10:05 ----A---- C:\Documents and Settings\All Users\Application Data\patvaaa.tmp
2012-01-16 03:09:56 ----A---- C:\Documents and Settings\All Users\Application Data\natvaaa.tmp
2012-01-16 02:48:00 ----A---- C:\Documents and Settings\All Users\Application Data\orhyaaa.tmp
2012-01-16 02:47:58 ----A---- C:\Documents and Settings\All Users\Application Data\nrhyaaa.tmp
2012-01-16 02:47:51 ----A---- C:\Documents and Settings\All Users\Application Data\mrhyaaa.tmp
2012-01-16 02:47:45 ----A---- C:\Documents and Settings\All Users\Application Data\lrhyaaa.tmp
2012-01-16 00:36:47 ----D---- C:\SanctionedMedia
2012-01-16 00:24:48 ----A---- C:\Documents and Settings\All Users\Application Data\ammxaaa.tmp
2012-01-16 00:24:08 ----A---- C:\Documents and Settings\All Users\Application Data\emmxaaa.tmp
2012-01-16 00:24:03 ----A---- C:\Documents and Settings\All Users\Application Data\dmmxaaa.tmp
2012-01-16 00:23:58 ----A---- C:\Documents and Settings\All Users\Application Data\cmmxaaa.tmp
2012-01-16 00:23:53 ----A---- C:\Documents and Settings\All Users\Application Data\bmmxaaa.tmp
2012-01-15 23:51:31 ----A---- C:\WINDOWS\SysWOW64\drivers\BlackBox.sys
2012-01-15 23:20:01 ----A---- C:\WINDOWS\stinger.sys
2012-01-15 22:54:32 ----D---- C:\Documents and Settings\Aleco\Application Data\SUPERAntiSpyware.com
2012-01-15 22:54:14 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-15 22:05:25 ----A---- C:\WINDOWS\ntbtlog.txt
2012-01-15 17:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-01-14 13:32:19 ----D---- C:\Program Files (x86)\49095
2012-01-14 13:31:47 ----D---- C:\Program Files (x86)\LP
2012-01-14 13:31:47 ----D---- C:\Documents and Settings\Aleco\Application Data\28849
2012-01-05 15:09:56 ----D---- C:\Program Files (x86)\High-Logic FontCreator
2012-01-05 15:09:56 ----D---- C:\Documents and Settings\Aleco\Application Data\FontCreator
2012-01-05 15:09:56 ----A---- C:\WINDOWS\SysWOW64\FontInstaller2.dll
2012-01-02 16:41:49 ----DC---- C:\WINDOWS\$NtUninstallWdf01005$
2012-01-02 16:40:39 ----D---- C:\Documents and Settings\Aleco\Application Data\Logitech
2012-01-02 16:38:56 ----D---- C:\Program Files (x86)\Common Files\LogiShrd
2012-01-02 16:38:26 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2011-12-20 14:20:52 ----A---- C:\WINDOWS\avisplitter.ini
2011-12-20 14:20:51 ----A---- C:\WINDOWS\SysWOW64\ff_vfw.dll

======List of files/folders modified in the last 1 month======

2012-01-19 14:09:25 ----D---- C:\WINDOWS\Temp
2012-01-19 12:56:49 ----D---- C:\Documents and Settings\Aleco\Application Data\FileZilla
2012-01-19 06:15:51 ----A---- C:\WINDOWS\NeroDigital.ini
2012-01-19 06:10:36 ----D---- C:\Documents and Settings\Aleco\Application Data\Media Player Classic
2012-01-19 03:48:05 ----SD---- C:\WINDOWS\Tasks
2012-01-19 00:46:23 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-01-19 00:14:54 ----RD---- C:\Program Files
2012-01-19 00:13:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-01-19 00:08:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-01-18 23:57:04 ----AD---- C:\WINDOWS
2012-01-18 23:53:21 ----D---- C:\WINDOWS\inf
2012-01-18 23:53:04 ----D---- C:\WINDOWS\system32
2012-01-18 23:52:10 ----D---- C:\WINDOWS\SysWOW64
2012-01-18 23:52:05 ----D---- C:\Program Files (x86)\Internet Explorer
2012-01-18 23:52:04 ----D---- C:\WINDOWS\Help
2012-01-18 23:48:05 ----D---- C:\WINDOWS\WBEM
2012-01-18 23:48:05 ----D---- C:\WINDOWS\SysWOW64\wbem
2012-01-18 23:48:05 ----D---- C:\WINDOWS\SysWOW64\en-US
2012-01-18 23:47:54 ----D---- C:\WINDOWS\Media
2012-01-18 23:26:05 ----SH---- C:\boot.ini
2012-01-18 21:26:56 ----RD---- C:\Program Files (x86)
2012-01-18 19:40:38 ----D---- C:\WINDOWS.0
2012-01-18 05:23:12 ----D---- C:\Documents and Settings\Aleco\Application Data\Mozilla
2012-01-18 00:03:15 ----SHD---- C:\WINDOWS\CSC
2012-01-17 21:57:40 ----SHD---- C:\WINDOWS\Installer
2012-01-17 21:57:39 ----D---- C:\Config.Msi
2012-01-17 21:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-01-17 20:06:22 ----D---- C:\Program Files (x86)\Movavi VideoSuite 6
2012-01-17 20:03:16 ----D---- C:\Program Files (x86)\Movavi Video Editor 4
2012-01-17 18:13:53 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2012-01-17 17:24:31 ----D---- C:\Program Files (x86)\Notepad++
2012-01-17 17:24:31 ----D---- C:\Documents and Settings\Aleco\Application Data\Notepad++
2012-01-17 14:02:13 ----D---- C:\Program Files (x86)\Common Files
2012-01-17 13:57:07 ----D---- C:\Program Files (x86)\Java
2012-01-17 13:53:02 ----D---- C:\Program Files (x86)\Adobe
2012-01-17 13:52:44 ----D---- C:\Program Files (x86)\Common Files\Adobe
2012-01-17 03:06:59 ----D---- C:\Program Files (x86)\Softonic-Eng7
2012-01-17 02:50:45 ----D---- C:\Program Files (x86)\InstallShield Installation Information
2012-01-17 02:50:45 ----D---- C:\Program Files (x86)\ASUS
2012-01-17 02:50:19 ----D---- C:\Program Files (x86)\FileHippo.com
2012-01-16 22:54:15 ----D---- C:\WINDOWS\pss
2012-01-16 18:39:26 ----D---- C:\WINDOWS\WinSxS
2012-01-16 18:39:12 ----RSD---- C:\WINDOWS\Fonts
2012-01-16 08:55:42 ----D---- C:\Base
2012-01-16 08:53:17 ----D---- C:\Program Files (x86)\QT Lite
2012-01-16 08:52:31 ----D---- C:\Program Files (x86)\PSPad editor
2012-01-16 08:52:29 ----D---- C:\Program Files (x86)\ERUNT
2012-01-16 08:51:48 ----D---- C:\Documents and Settings
2012-01-16 08:43:02 ----D---- C:\Program Files (x86)\NetMeeting
2012-01-16 08:42:16 ----D---- C:\Program Files (x86)\Movie Maker
2012-01-16 08:42:07 ----D---- C:\Program Files (x86)\Windows Media Player[Strings]
2012-01-16 08:42:07 ----D---- C:\Program Files (x86)\Windows Media Player
2012-01-16 02:41:02 ----D---- C:\Program Files (x86)\CardRecovery
2012-01-16 00:42:39 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-16 00:21:48 ----D---- C:\WINDOWS\Registration
2012-01-16 00:20:43 ----SHD---- C:\System Volume Information
2012-01-15 23:51:31 ----D---- C:\WINDOWS\SysWOW64\Drivers
2012-01-15 21:58:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-15 16:28:43 ----D---- C:\WINDOWS\Debug
2012-01-15 16:21:53 ----D---- C:\Documents and Settings\Aleco\Application Data\Skype
2012-01-15 16:21:53 ----D---- C:\Documents and Settings\Aleco\Application Data\CoreFTP
2012-01-15 16:21:18 ----D---- C:\WINDOWS\SoftwareDistribution
2012-01-15 16:21:18 ----D---- C:\WINDOWS\Minidump
2012-01-15 15:14:30 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-01-15 14:49:09 ----D---- C:\Documents and Settings\Aleco\Application Data\Dropbox
2012-01-15 14:48:17 ----D---- C:\Program Files (x86)\SpeedFan
2012-01-05 14:35:42 ----D---- C:\Documents and Settings\Aleco\Application Data\uTorrent
2011-12-31 03:15:08 ----D---- C:\Documents and Settings\Aleco\Application Data\vlc
2011-12-20 15:47:42 ----D---- C:\Documents and Settings\Aleco\Application Data\Audacity
2011-12-20 14:21:02 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2011-12-20 01:14:21 ----D---- C:\Documents and Settings\Aleco\Application Data\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys []
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys []
R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys []
R1 a2injectiondriver;a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys []
R1 a2util;a-squared Malware-IDS utility driver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys []
R1 AmdPPM64;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys []
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS []
R1 speedfan;speedfan; \??\C:\WINDOWS\SysWOW64\speedfan.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys []
R2 adfs;adfs; C:\WINDOWS\SysWOW64\drivers\adfs.sys [2008-08-14 74720]
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys []
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys []
R3 a2acc;a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys []
R3 BLKWGU;Belkin Wireless G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\BLKWGU.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys []
R3 HPZid412;IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\HPZid412.sys []
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys []
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12 Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\HPZius12.sys []
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys []
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\WINDOWS\system32\DRIVERS\LEqdUsb.Sys []
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\WINDOWS\system32\DRIVERS\LHidEqd.Sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys []
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMIX.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys []
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys []
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys []
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS []
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys []
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys []
S0 BlackBox;BlackBox SR2; C:\WINDOWS\SysWOW64\drivers\BlackBox.sys [2012-01-19 35712]
S1 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys []
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys []
S3 cpuz134;cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys []
S3 PROCEXP151;PROCEXP151; \??\C:\WINDOWS\system32\Drivers\PROCEXP151.SYS []
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver; C:\WINDOWS\system32\DRIVERS\Rtenic64.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys []
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys []
S3 ZDPSp50a64;ZDPSp50a64 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50a64.sys []
S4 adpu320;adpu320; C:\WINDOWS\SysWOW64\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\SysWOW64\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\SysWOW64\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\SysWOW64\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\SysWOW64\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-12-22 2998832]
R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe []
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-18 14848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-25 46088]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
S4 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376]
S4 DvmMDES;DeviceVM Meta Data Export Service; C:\ASUS.SYS\config\DVMExportService.exe [2009-07-17 319488]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-24 655624]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 932640]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 119808]
S4 nlsX86cc;Nalpeiron Licensing Service; C:\WINDOWS\system32\NlsSrv32.exe [2009-06-07 61440]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-18 14848]
S4 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]

-----------------EOF-----------------

Edited by Troubled Virus, 19 January 2012 - 01:47 PM.


BC AdBot (Login to Remove)

 


#2 Troubled Virus

Troubled Virus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 19 January 2012 - 02:53 PM

(Accidentally posted again here and can't delete this post. Hopefully someone still see's my issue has not been addressed. Sorry about that!)

Edited by Troubled Virus, 20 January 2012 - 12:43 PM.


#3 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:56 PM

Posted 21 January 2012 - 02:37 PM

hi Troubled Virus,

We will get a download to use. Its called Combofix. There is a guide to read first. read through the guide then apply the directions on your own machine. Post the log in your reply:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#4 Troubled Virus

Troubled Virus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 23 January 2012 - 11:59 PM

Hey Shelf Life,

Thank you for getting back to me. This spyware is driving me crazy.

I would love to use combo fix but unfortunately I am running Windows XP 64 bit and ComboFix is not compatible is there a work around or another type of software to scan my computer?

Thanks!

#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:56 PM

Posted 24 January 2012 - 05:43 AM

Not being able to use combofix will handicap us. Lets go with these instead, I know tdsskiller supports 64 bit, not sure about the other one. You will find out.

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk © as TDSSKiller.2.4.2.1_11.08.2010_17.32.21_log.txt (name, version, date, time)

Please post the log report

And aswMBR:

Please download aswMBR to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

How Can I Reduce My Risk to Malware?


#6 Troubled Virus

Troubled Virus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 24 January 2012 - 12:00 PM

I feel handicapped already. Both software worked just fine. Below are logs.



TDSS Killer log:


12:27:18.0140 0280 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
12:27:18.0531 0280 ============================================================
12:27:18.0531 0280 Current date / time: 2012/01/24 12:27:18.0531
12:27:18.0531 0280 SystemInfo:
12:27:18.0531 0280
12:27:18.0531 0280 OS Version: 5.2.3790 ServicePack: 2.0
12:27:18.0531 0280 Product type: Workstation
12:27:18.0531 0280 ComputerName: ALEXDOTCOMPUTER
12:27:18.0531 0280 UserName: Aleco
12:27:18.0531 0280 Windows directory: C:\WINDOWS
12:27:18.0531 0280 System windows directory: C:\WINDOWS
12:27:18.0531 0280 Running under WOW64
12:27:18.0531 0280 Processor architecture: Intel x64
12:27:18.0531 0280 Number of processors: 4
12:27:18.0531 0280 Page size: 0x1000
12:27:18.0531 0280 Boot type: Safe boot with network
12:27:18.0531 0280 ============================================================
12:27:21.0296 0280 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
12:27:21.0296 0280 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
12:27:21.0453 0280 Initialize success
12:27:41.0531 0220 ============================================================
12:27:41.0531 0220 Scan started
12:27:41.0531 0220 Mode: Manual; SigCheck; TDLFS;
12:27:41.0531 0220 ============================================================
12:27:42.0500 0220 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
12:27:42.0859 0220 a2acc - ok
12:27:42.0921 0220 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
12:27:42.0921 0220 A2DDA - ok
12:27:42.0937 0220 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
12:27:42.0937 0220 a2injectiondriver - ok
12:27:42.0968 0220 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
12:27:42.0968 0220 a2util - ok
12:27:43.0781 0220 Abiosdsk - ok
12:27:44.0609 0220 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:27:44.0703 0220 ACPI - ok
12:27:45.0515 0220 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:27:45.0578 0220 ACPIEC - ok
12:27:46.0765 0220 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\WINDOWS\system32\drivers\adfs.sys
12:27:46.0765 0220 adfs - ok
12:27:47.0578 0220 adpu160m - ok
12:27:48.0375 0220 adpu320 - ok
12:27:49.0234 0220 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
12:27:49.0312 0220 aec - ok
12:27:49.0343 0220 Afc - ok
12:27:50.0187 0220 AFD (1a461996ee240c9cef90c4c31622b9ef) C:\WINDOWS\System32\drivers\afd.sys
12:27:50.0296 0220 AFD - ok
12:27:51.0093 0220 aic78u2 - ok
12:27:51.0937 0220 aic78xx - ok
12:27:52.0765 0220 AliIde - ok
12:27:53.0578 0220 AmdIde - ok
12:27:54.0421 0220 AmdPPM64 (cce290f816a286a6632530da169f5545) C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys
12:27:54.0437 0220 AmdPPM64 ( UnsignedFile.Multi.Generic ) - warning
12:27:54.0437 0220 AmdPPM64 - detected UnsignedFile.Multi.Generic (1)
12:27:55.0281 0220 arc - ok
12:27:56.0187 0220 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:27:56.0265 0220 AsyncMac - ok
12:27:57.0046 0220 atapi (8293749a8578836562d70c7185be32a0) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:27:57.0093 0220 atapi - ok
12:27:57.0859 0220 Atdisk - ok
12:27:58.0937 0220 ati2mtag (fa47f0942381eaec3304bac0baa029d6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:27:59.0265 0220 ati2mtag - ok
12:28:00.0109 0220 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:28:00.0171 0220 Atmarpc - ok
12:28:01.0031 0220 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:28:01.0093 0220 audstub - ok
12:28:01.0953 0220 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
12:28:02.0015 0220 Beep - ok
12:28:02.0859 0220 BlackBox - ok
12:28:03.0703 0220 BLKWGU (bd9677014d1267b706aa5e1aafef56db) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
12:28:03.0734 0220 BLKWGU ( UnsignedFile.Multi.Generic ) - warning
12:28:03.0734 0220 BLKWGU - detected UnsignedFile.Multi.Generic (1)
12:28:04.0593 0220 CCDECODE (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:28:04.0656 0220 CCDECODE - ok
12:28:05.0500 0220 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
12:28:05.0562 0220 CdaC15BA - ok
12:28:06.0375 0220 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
12:28:06.0437 0220 CdaD10BA - ok
12:28:07.0312 0220 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
12:28:07.0359 0220 Cdfs - ok
12:28:08.0218 0220 Cdrom (df644a11db3cf37c6041d0d506299fc6) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:28:08.0250 0220 Cdrom - ok
12:28:09.0125 0220 CmdIde - ok
12:28:09.0328 0220 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
12:28:09.0343 0220 cpuz134 - ok
12:28:10.0156 0220 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
12:28:10.0218 0220 crcdisk - ok
12:28:11.0093 0220 Disk (87f4f2325911738a7c93180715cb641b) C:\WINDOWS\system32\DRIVERS\disk.sys
12:28:11.0125 0220 Disk - ok
12:28:11.0984 0220 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
12:28:12.0046 0220 dmboot - ok
12:28:12.0859 0220 dmio (18f5e66786759d16e5bf0cbba8f4b707) C:\WINDOWS\system32\drivers\dmio.sys
12:28:12.0890 0220 dmio - ok
12:28:13.0671 0220 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
12:28:13.0734 0220 dmload - ok
12:28:14.0546 0220 dpti2o - ok
12:28:15.0421 0220 eamon (4111ad3021209c82f9ebbc57dd9e1eec) C:\WINDOWS\system32\DRIVERS\eamon.sys
12:28:15.0437 0220 eamon - ok
12:28:16.0250 0220 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:28:16.0250 0220 ehdrv - ok
12:28:17.0109 0220 epfwtdir (9da68c40b6c738eb08144010de032ced) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
12:28:17.0125 0220 epfwtdir - ok
12:28:17.0968 0220 Fastfat (db2b34b94eb328023fa329a682629124) C:\WINDOWS\system32\drivers\Fastfat.sys
12:28:18.0000 0220 Fastfat - ok
12:28:18.0796 0220 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\drivers\Fdc.sys
12:28:18.0859 0220 Fdc - ok
12:28:19.0703 0220 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
12:28:19.0765 0220 Fips - ok
12:28:20.0593 0220 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:28:20.0656 0220 Flpydisk - ok
12:28:21.0500 0220 FltMgr (9c4d9164cefd4fc4e50d2234e338c127) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:28:21.0531 0220 FltMgr - ok
12:28:22.0375 0220 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:28:22.0421 0220 Fs_Rec - ok
12:28:23.0281 0220 Ftdisk (b26ca6292f9678175f2f7c2da03d7e03) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:28:23.0328 0220 Ftdisk - ok
12:28:24.0109 0220 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:28:24.0125 0220 GEARAspiWDM - ok
12:28:24.0937 0220 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:28:24.0984 0220 Gpc - ok
12:28:25.0812 0220 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:28:25.0859 0220 HDAudBus - ok
12:28:26.0734 0220 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:28:26.0796 0220 hidusb - ok
12:28:27.0593 0220 HPZid412 (b76fdd8ec7120474e7bc9cad400dac6c) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:28:27.0671 0220 HPZid412 - ok
12:28:28.0500 0220 HPZipr12 (9b28887500db96a433c9c9ded8fdc886) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:28:28.0546 0220 HPZipr12 - ok
12:28:29.0359 0220 HPZius12 (0013dd74cd20ebfb8c816d9df7413d91) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:28:29.0375 0220 HPZius12 - ok
12:28:30.0218 0220 HTTP (f765dd7daf8049c7b64e84a4b7ac7c75) C:\WINDOWS\system32\Drivers\HTTP.sys
12:28:30.0265 0220 HTTP - ok
12:28:31.0125 0220 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:28:31.0171 0220 i8042prt - ok
12:28:32.0015 0220 iirsp - ok
12:28:32.0875 0220 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:28:32.0921 0220 imapi - ok
12:28:33.0750 0220 IntelIde - ok
12:28:34.0609 0220 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:28:34.0671 0220 Ip6Fw - ok
12:28:35.0468 0220 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:28:35.0515 0220 IpFilterDriver - ok
12:28:36.0328 0220 IpNat (bb9e2a4a6a0a9cb80df9c00e0a9b04e3) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:28:36.0328 0220 IpNat - ok
12:28:37.0203 0220 IPSec (69672d6d7df4fb8748212a3b149962d9) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:28:37.0234 0220 IPSec - ok
12:28:38.0015 0220 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:28:38.0062 0220 IRENUM - ok
12:28:38.0890 0220 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:28:38.0937 0220 isapnp - ok
12:28:39.0765 0220 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:28:39.0828 0220 Kbdclass - ok
12:28:40.0734 0220 kbdhid (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:28:40.0812 0220 kbdhid - ok
12:28:41.0828 0220 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
12:28:41.0875 0220 kmixer - ok
12:28:42.0703 0220 KSecDD (47b8faa7cf8a88a015e4e8a2ff4a51db) C:\WINDOWS\system32\drivers\KSecDD.sys
12:28:42.0750 0220 KSecDD - ok
12:28:44.0468 0220 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
12:28:44.0515 0220 ksthunk - ok
12:28:45.0375 0220 LBeepKE (ded7bfb54b3bc9190fc156013b760451) C:\WINDOWS\system32\Drivers\LBeepKE.sys
12:28:45.0375 0220 LBeepKE - ok
12:28:46.0250 0220 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\WINDOWS\system32\DRIVERS\LEqdUsb.Sys
12:28:46.0250 0220 LEqdUsb - ok
12:28:47.0609 0220 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\WINDOWS\system32\DRIVERS\LHidEqd.Sys
12:28:47.0609 0220 LHidEqd - ok
12:28:48.0468 0220 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:28:48.0468 0220 LHidFilt - ok
12:28:49.0781 0220 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:28:49.0781 0220 LMouFilt - ok
12:28:50.0625 0220 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\WINDOWS\system32\drivers\mbam.sys
12:28:50.0640 0220 MBAMProtector - ok
12:28:51.0515 0220 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
12:28:51.0562 0220 mnmdd - ok
12:28:52.0859 0220 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
12:28:52.0906 0220 Modem - ok
12:28:53.0718 0220 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:28:53.0765 0220 Mouclass - ok
12:28:54.0953 0220 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:28:55.0015 0220 mouhid - ok
12:28:55.0828 0220 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
12:28:55.0890 0220 MountMgr - ok
12:28:56.0671 0220 mraid35x - ok
12:28:58.0078 0220 MRxDAV (d20686e835be5b9ab8b5a5b5f15fc053) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:28:58.0125 0220 MRxDAV - ok
12:28:58.0937 0220 MRxSmb (273c5872db0d0db4e237f27cca32a478) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:28:59.0015 0220 MRxSmb - ok
12:29:00.0312 0220 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
12:29:00.0359 0220 Msfs - ok
12:29:01.0203 0220 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:29:01.0265 0220 MSKSSRV - ok
12:29:02.0078 0220 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:29:02.0125 0220 MSPCLOCK - ok
12:29:03.0765 0220 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
12:29:03.0812 0220 MSPQM - ok
12:29:04.0703 0220 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:29:04.0750 0220 mssmbios - ok
12:29:06.0218 0220 MSTEE (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys
12:29:06.0265 0220 MSTEE - ok
12:29:10.0390 0220 MTsensor (cac3bb575e4a0417bff28d3196e44d3a) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:29:10.0453 0220 MTsensor - ok
12:29:12.0890 0220 Mup (089943e89671f8b27e6e3242724dd0c7) C:\WINDOWS\system32\drivers\Mup.sys
12:29:12.0921 0220 Mup - ok
12:29:14.0156 0220 NABTSFEC (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:29:14.0218 0220 NABTSFEC - ok
12:29:15.0125 0220 NDIS (e7dc59c92cf181224ea092fe49a89272) C:\WINDOWS\system32\drivers\NDIS.sys
12:29:15.0203 0220 NDIS - ok
12:29:16.0453 0220 NdisIP (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:29:16.0531 0220 NdisIP - ok
12:29:17.0500 0220 NdisTapi (74612c7b722df0dbcc972f301bd1bf1e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:29:17.0625 0220 NdisTapi - ok
12:29:18.0484 0220 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:29:18.0531 0220 Ndisuio - ok
12:29:20.0187 0220 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:29:20.0250 0220 NdisWan - ok
12:29:21.0140 0220 NDProxy (24ea58a8257c3a4557c589ee0d4ab19b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:29:21.0203 0220 NDProxy - ok
12:29:22.0546 0220 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:29:22.0593 0220 NetBIOS - ok
12:29:23.0468 0220 NetBT (ba4b0391db3ac6fbf99a71b1759dca0a) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:29:23.0500 0220 NetBT - ok
12:29:24.0890 0220 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
12:29:24.0937 0220 Npfs - ok
12:29:25.0796 0220 Ntfs (eb2ced832c2d8f48d84a46c0d5c00461) C:\WINDOWS\system32\drivers\Ntfs.sys
12:29:25.0859 0220 Ntfs - ok
12:29:27.0156 0220 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
12:29:27.0218 0220 Null - ok
12:29:28.0171 0220 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\DRIVERS\parport.sys
12:29:28.0218 0220 Parport - ok
12:29:29.0203 0220 PartMgr (d903732e19ba9b3592af3b0d8e8c636b) C:\WINDOWS\system32\drivers\PartMgr.sys
12:29:29.0234 0220 PartMgr - ok
12:29:30.0703 0220 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
12:29:30.0750 0220 PCI - ok
12:29:31.0578 0220 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:29:31.0625 0220 PCIIde - ok
12:29:33.0187 0220 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:29:33.0234 0220 Pcmcia - ok
12:29:34.0203 0220 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:29:34.0250 0220 PptpMiniport - ok
12:29:35.0281 0220 Processor (1f6afb4d9ccf57ff90eb4932b672d1e6) C:\WINDOWS\system32\DRIVERS\processr.sys
12:29:35.0375 0220 Processor - ok
12:29:36.0500 0220 PROCEXP151 - ok
12:29:37.0359 0220 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
12:29:37.0406 0220 PSched - ok
12:29:39.0234 0220 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:29:39.0281 0220 Ptilink - ok
12:29:40.0109 0220 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
12:29:40.0125 0220 PxHlpa64 - ok
12:29:40.0906 0220 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:29:40.0953 0220 RasAcd - ok
12:29:42.0437 0220 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:29:42.0484 0220 Rasl2tp - ok
12:29:43.0328 0220 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:29:43.0375 0220 RasPppoe - ok
12:29:44.0671 0220 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:29:44.0718 0220 Raspti - ok
12:29:45.0562 0220 Rdbss (9434ab5d415f2c158205182941932357) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:29:45.0593 0220 Rdbss - ok
12:29:46.0421 0220 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:29:46.0468 0220 RDPCDD - ok
12:29:47.0750 0220 rdpdr (ee5eeca18b47521fa0251543e1d83647) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:29:47.0765 0220 rdpdr - ok
12:29:48.0609 0220 RDPWD (ceca4f10b0118e3883628afa294b31d6) C:\WINDOWS\system32\drivers\RDPWD.sys
12:29:48.0671 0220 RDPWD - ok
12:29:50.0343 0220 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:29:50.0390 0220 redbook - ok
12:29:51.0390 0220 RTHDMIAzAudService (7eaf2d1deb5ed550d982386240922ab9) C:\WINDOWS\system32\drivers\RtKHDMIX.sys
12:29:51.0578 0220 RTHDMIAzAudService ( UnsignedFile.Multi.Generic ) - warning
12:29:51.0578 0220 RTHDMIAzAudService - detected UnsignedFile.Multi.Generic (1)
12:29:52.0937 0220 RTLE8023x64 (55d5947298501c38095733f16eeb36c5) C:\WINDOWS\system32\DRIVERS\Rtenic64.sys
12:29:52.0953 0220 RTLE8023x64 - ok
12:29:53.0031 0220 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:29:53.0031 0220 SASDIFSV - ok
12:29:53.0062 0220 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:29:53.0078 0220 SASKUTIL - ok
12:29:53.0937 0220 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:29:53.0968 0220 Secdrv - ok
12:29:54.0796 0220 serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:29:54.0843 0220 serenum - ok
12:29:56.0093 0220 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
12:29:56.0140 0220 Serial - ok
12:29:57.0015 0220 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:29:57.0062 0220 Sfloppy - ok
12:29:58.0281 0220 Simbad - ok
12:29:59.0140 0220 SLIP (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:29:59.0203 0220 SLIP - ok
12:30:00.0046 0220 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\WINDOWS\SysWOW64\speedfan.sys
12:30:00.0890 0220 speedfan - ok
12:30:01.0750 0220 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
12:30:01.0812 0220 splitter - ok
12:30:02.0640 0220 Sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
12:30:02.0671 0220 Sr - ok
12:30:03.0921 0220 Srv (d6721916dd1c0e44d79f33d1950e4513) C:\WINDOWS\system32\DRIVERS\srv.sys
12:30:03.0984 0220 Srv - ok
12:30:04.0859 0220 streamip (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:30:04.0921 0220 streamip - ok
12:30:06.0265 0220 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:30:06.0312 0220 swenum - ok
12:30:07.0203 0220 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
12:30:07.0265 0220 swmidi - ok
12:30:08.0437 0220 symc8xx - ok
12:30:09.0562 0220 symmpi - ok
12:30:10.0406 0220 sym_hi - ok
12:30:11.0765 0220 sym_u3 - ok
12:30:12.0625 0220 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
12:30:12.0671 0220 sysaudio - ok
12:30:13.0578 0220 Tcpip (b53f939e6f25dacef318958a39297224) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:30:13.0718 0220 Tcpip ( UnsignedFile.Multi.Generic ) - warning
12:30:13.0718 0220 Tcpip - detected UnsignedFile.Multi.Generic (1)
12:30:14.0718 0220 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:30:14.0765 0220 TDPIPE - ok
12:30:15.0625 0220 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
12:30:15.0687 0220 TDTCP - ok
12:30:19.0578 0220 TermDD (3c73159ca39830e3144a83a8c65630f7) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:30:19.0625 0220 TermDD - ok
12:30:20.0484 0220 TosIde - ok
12:30:21.0812 0220 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
12:30:21.0875 0220 Udfs - ok
12:30:22.0750 0220 ultra - ok
12:30:24.0468 0220 Update (2288385c3326f956a578f24c15da26da) C:\WINDOWS\system32\DRIVERS\update.sys
12:30:24.0500 0220 Update - ok
12:30:25.0500 0220 usbaudio (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
12:30:25.0562 0220 usbaudio - ok
12:30:27.0078 0220 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:30:27.0156 0220 usbccgp - ok
12:30:28.0250 0220 usbehci (0eaf081544fca09f45fe5f43cb898138) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:30:28.0281 0220 usbehci - ok
12:30:29.0421 0220 usbhub (5efd6213cffc1fa628e3889a37f08b27) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:30:29.0500 0220 usbhub - ok
12:30:30.0609 0220 usbohci (78bce5198e04d1874387c7fb2c3a84ae) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:30:30.0625 0220 usbohci - ok
12:30:31.0765 0220 usbprint (040f6f425a6cc4fb156470502cafb31b) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:30:31.0843 0220 usbprint - ok
12:30:32.0984 0220 usbscan (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:30:33.0046 0220 usbscan - ok
12:30:33.0906 0220 usbstor (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:30:33.0953 0220 usbstor - ok
12:30:35.0312 0220 usbvideo (64ff08340d138e99f8e3796853af7ef4) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:30:35.0375 0220 usbvideo - ok
12:30:36.0234 0220 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
12:30:36.0281 0220 vga - ok
12:30:37.0656 0220 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
12:30:37.0703 0220 VgaSave - ok
12:30:38.0609 0220 VIAHdAudAddService (f6354e58ca13450d5d67c685124a56b4) C:\WINDOWS\system32\drivers\viahduaa.sys
12:30:38.0656 0220 VIAHdAudAddService - ok
12:30:39.0437 0220 ViaIde - ok
12:30:40.0593 0220 VolSnap (511f64ac3d17d9e6e59e0d20b3ec7b9d) C:\WINDOWS\system32\DRIVERS\volsnap.sys
12:30:40.0609 0220 VolSnap - ok
12:30:41.0531 0220 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:30:41.0578 0220 Wanarp - ok
12:30:43.0593 0220 Wdf01000 (4a8e02f3b8fde6d2546e392d61c67427) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:30:43.0625 0220 Wdf01000 - ok
12:30:44.0515 0220 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
12:30:44.0578 0220 wdmaud - ok
12:30:45.0656 0220 WmiAcpi (ea6a8317c29120ede0e422286712d769) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:30:45.0734 0220 WmiAcpi - ok
12:30:46.0765 0220 WSTCODEC (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:30:46.0812 0220 WSTCODEC - ok
12:30:47.0656 0220 WudfPf (3f98a4e57933963cf2a941bb48f9d47a) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:30:47.0703 0220 WudfPf - ok
12:30:48.0984 0220 WudfRd (881c0c35cdd09077b0e95ec2269cb44c) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:30:48.0984 0220 WudfRd - ok
12:30:49.0890 0220 ZDPSp50a64 (e11183b2f02ae38915982d10d717c6c6) C:\WINDOWS\system32\Drivers\ZDPSp50a64.sys
12:30:49.0890 0220 ZDPSp50a64 ( UnsignedFile.Multi.Generic ) - warning
12:30:49.0890 0220 ZDPSp50a64 - detected UnsignedFile.Multi.Generic (1)
12:30:49.0984 0220 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:30:50.0203 0220 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:30:50.0203 0220 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:30:50.0218 0220 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:30:50.0312 0220 \Device\Harddisk1\DR1 - ok
12:30:50.0328 0220 Boot (0x1200) (894355136b11aca2e2842c161c2255ec) \Device\Harddisk0\DR0\Partition0
12:30:50.0328 0220 \Device\Harddisk0\DR0\Partition0 - ok
12:30:50.0343 0220 ============================================================
12:30:50.0343 0220 Scan finished
12:30:50.0343 0220 ============================================================
12:30:50.0500 0224 Detected object count: 6
12:30:50.0500 0224 Actual detected object count: 6
12:32:16.0984 0224 AmdPPM64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:16.0984 0224 AmdPPM64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:16.0984 0224 BLKWGU ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:16.0984 0224 BLKWGU ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:17.0000 0224 RTHDMIAzAudService ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:17.0000 0224 RTHDMIAzAudService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:17.0031 0224 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:17.0031 0224 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:17.0031 0224 ZDPSp50a64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:17.0031 0224 ZDPSp50a64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:17.0046 0224 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:32:17.0046 0224 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:32:25.0078 0340 Deinitialize success


aswMBR log:


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-24 12:32:35
-----------------------------
12:32:35.312 OS Version: Windows x64 5.2.3790 Service Pack 2
12:32:35.312 Number of processors: 4 586 0x402
12:32:35.312 ComputerName: ALEXDOTCOMPUTER UserName: Aleco
12:32:35.937 Initialize success
12:32:50.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:32:50.843 Disk 0 Vendor: WDC_WD3200AAKS-22SBA0 12.01B01 Size: 305245MB BusType: 3
12:32:50.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-1b
12:32:50.890 Disk 1 Vendor: WDC_WD3200JB-00KFA0 08.05J08 Size: 305245MB BusType: 3
12:32:50.921 Disk 0 MBR read successfully
12:32:50.953 Disk 0 MBR scan
12:32:50.968 Disk 0 Windows XP default MBR code
12:32:51.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
12:32:51.031 Service scanning
12:32:53.593 Modules scanning
12:32:53.609 Disk 0 trace - called modules:
12:32:53.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
12:32:53.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadfa30a5060]
12:32:53.734 3 CLASSPNP.SYS[fffffadf9742e8c9] -> nt!IofCallDriver -> \Device\00000071[0xfffffadfa2896060]
12:32:53.765 5 ACPI.sys[fffffadf975a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0xfffffadfa2cb8060]
12:32:53.843 Scan finished successfully
12:33:04.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aleco\My Documents\MBR.dat"
12:33:04.437 The log file has been saved successfully to "C:\Documents and Settings\Aleco\My Documents\aswMBR.txt"




#7 Troubled Virus

Troubled Virus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 26 January 2012 - 05:15 AM

Any idea?

#8 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:56 PM

Posted 26 January 2012 - 07:42 PM

Those two logs look ok. Why dont you try Dr Web Cureit. Its a one time download malware scanner. See what it digs up;

Dr. Web

How Can I Reduce My Risk to Malware?


#9 Troubled Virus

Troubled Virus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 29 January 2012 - 11:02 AM

Hey Shelf Life,

I used Cureit. It actually found 12 infections that I removed.

However internet explorer still pops up (at least 4 or 5 processes) every 10 minutes.

Very frustrating.

Any other ideas?

#10 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:56 PM

Posted 29 January 2012 - 06:32 PM

Lets try MS malicious tool remover. If you type in a run box: mrt.exe it should bring up the tool and some options. The tool is installed and updated via Windows update. Go ahead and run it. I really dont expect it to find anything. Some info about MRT.exe When you see all these IE's running do you have multiple tabs open, i believe opening new tabs in IE will start a new IE process running.

How Can I Reduce My Risk to Malware?


#11 Troubled Virus

Troubled Virus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 29 January 2012 - 07:09 PM

Dear Shelf Life,

The IE processes running are definitely malware / spyware. I have actually installed a program called Process Blocker and so far it has blocked 38,900 iexplore.exe processes in the past 10 days!

Thank goodness for that tool as it helps give me back some sanity that I had lost.

mrt.exe does not run on my computer. any other program / tool?

#12 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:56 PM

Posted 30 January 2012 - 06:47 PM

Your version of Windows is up to date? You have auto-downloads enabled or visit Windows update ocassionaly to get "patched"? When IE runs you first noticed it by seeing it in task manager? Does IE start by itself? Did it open up random web pages or anything?

Until we know whats going on I really wouldnt be using the computer to much if I where you, wouldnt hurt to make sure it has no connectivity when its not in use by pulling the cabel etc or powering it off. Malware is going deeper and deeper into the OS and getting harder to remove.

Iam in linux right now. Next boot I will go into W7 and see about getting some more tools to use.
A thought; try resetting IE back to its defaults. With IE open go to tool>internet options, under the advanced tab (i think) there is a reset button. Try it, can't hurt.

How Can I Reduce My Risk to Malware?


#13 Troubled Virus

Troubled Virus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 31 January 2012 - 01:17 AM

Hey Shelf Life,

when I open Internet Explorer it opens up fine (i.e. shows up google.com).

in the task manager it will say the USER NAME next to the process that was opened. That is all fine and well.

The issue is, there are other iexplore.exe processes running initiated by SYSTEM (not be user).

These processes still open after all the scans I have done.

Scary that you think the malware is making things worse and worse.

I am will to try a few more things before ultimately getting a new computer (which I REALLY don't want to do).

Hope there are some more tricks up your sleeve!

#14 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:56 PM

Posted 01 February 2012 - 07:49 PM

Lets make sure this is really a malware issue and not normal activity for W7. Normally the scans we ran would pick up the malware. I didnt mean the malware was making your case worse, but that malware in general is better at hiding then it use to be.
did you install IRC? and wish.exe?
Try this: boot up normally and dont do anything on the computer, after a few minutes has passed bring up task manager like you normally do and see if any instances of IE are running.
I havent been in my W7 drive yet but I still plan to boot into it.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users