Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dealing with Rootkit.ZeroAccess


  • This topic is locked This topic is locked
14 replies to this topic

#1 Gonthor

Gonthor

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 30 March 2012 - 03:18 PM

A little backstory to help understand where I'm at: About a week ago my computer decided to start harassing me with a Flash 11.1 update constantly. I uninstalled Flash completely to be sure it wasn't an official update and the update continued to pop up, to no surprise. Google search results were also redirecting me and I had a generally slower computer and internet connection.

I ran malwarebytes (can't seem to update this recently, I think there's a known problem with windows XP for current versions), superantispyware, spybot, adaware, and even combofix out of desperation. At this point I think I may have done more damage to my computer than the infection. At one point, in my infinite wisdom, I ran something called Stopzilla which I highly suspect caused more problems. Running ComboFix identified the problem as RootKit.ZeroAccess but would hang my computer on scanning for literally days making no progress. I left it running several times not touching my computer at all. I'm no longer getting the Flash popup or Google redirects somehow but I know my computer is still infected. I have no idea what to do at this point and I'm afraid I waited too long to finally ask for help.

But here I am! Running DDS would crash my computer at some point between the scan and whatever useful information is supposed to popup so I can't provide any of that unless I can get around that problem. I managed to get and attach a GMER log though which will hopefully be of help. I hope one of you is patient enough to help clean up the mess I've made. I'd appreciate it immensely. I'll do my best to follow any advice and report back in a speedy manner. Thanks for reading.

Attached Files

  • Attached File  ark.txt   10.56KB   5 downloads


BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 AM

Posted 03 April 2012 - 05:19 PM

Hello Gonthor,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================


CD Emulation applications can interfere with scanning tools. Could you please run Defogger to disable. we will re-run Defogger later to re-enable CD Emulation when your machine is clean.
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

====================================================================================

We need to create an OTL Report
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

====================================================================================


I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • OTL.txt
  • Extra.txt
  • aswMBR Log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 Gonthor

Gonthor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 04 April 2012 - 03:30 PM

Hi ratman!

I appreciate you taking the time to respond and help me.

Here's the OTL.Txt first:

OTL logfile created on: 4/4/2012 11:36:29 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Alex Spadoni\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.40% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 9.24 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
Drive D: | 21.47 Gb Total Space | 14.33 Gb Free Space | 66.75% Space Free | Partition Type: NTFS
Drive H: | 3.54 Gb Total Space | 0.32 Gb Free Space | 9.04% Space Free | Partition Type: FAT32

Computer Name: STUMPYX | User Name: Alex Spadoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/04 11:35:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex Spadoni\Desktop\OTL.exe
PRC - [2012/03/21 06:01:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/14 17:54:58 | 000,067,408 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/09/09 07:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/05/19 23:16:26 | 000,359,424 | ---- | M] (Outertech) -- C:\Program Files\CachemanXP\CachemanXP.exe
PRC - [2008/05/13 00:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\PLANEX\Common\RalinkRegistryWriter.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/06 00:57:10 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/21 06:01:20 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/14 17:48:18 | 000,139,264 | R--- | M] () -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZEngine.dll
MOD - [2005/12/19 06:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ini910u.dll -- (WINUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XAudio.dll -- (vstor2-ws60)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p2pimsvc.dll -- (swupdtmr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PGPwded.dll -- (sit_bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bcm4sbxp.dll -- (ROOTUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DivisCTS.dll -- (PGPsdkDriver)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSCamSvc.dll -- (FTSER2K)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MREMP50.dll -- (ET5Drv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SymIM.dll -- (clmtomcatstartersvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfhlp02.dll -- (Cardex)
SRV - [2012/03/21 04:28:52 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/03/14 17:54:58 | 000,067,408 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/09/09 07:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/05/19 23:16:26 | 000,359,424 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2009/05/17 13:45:00 | 002,755,797 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2008/05/13 00:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\PLANEX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2006/06/06 00:57:10 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ALEXSP~1\LOCALS~1\Temp\uxrdypoc.sys -- (uxrdypoc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALEXSP~1\LOCALS~1\Temp\HBCD\PartitionFindAndMount\slicedisk.sys -- (SliceDisk5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PsSdk30.drv -- (PsSdk30)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALEXSP~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKG.sys -- (szkg5)
DRV - [2012/02/24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2012/01/04 14:06:32 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/09/09 07:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/09 07:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/07/22 21:09:39 | 000,006,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMSUSB2.SYS -- (EMSUSB2)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/31 18:58:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/14 20:13:44 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk41.sys -- (PsSdk41)
DRV - [2009/09/15 20:52:41 | 000,022,000 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Neo_0057.sys -- (Neo_Monster Hunter Frontier)
DRV - [2009/09/15 20:50:44 | 000,022,000 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Neo_0047.sys -- (Neo_MHFO)
DRV - [2008/06/10 06:53:24 | 000,580,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/06/06 01:03:55 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/05/23 22:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/03 22:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/11/16 12:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 10:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/14 06:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 06:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 06:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/05 07:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 18:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 18:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 18:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 03:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/02/13 07:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whitesmokestart.com/?cfg=2-267-0-0
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whitesmokestart.com/?cfg=2-267-0-0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
IE - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.110409
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/21 06:01:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/07 14:31:09 | 000,000,000 | ---D | M]

[2009/06/16 22:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alex Spadoni\Application Data\Mozilla\Extensions
[2012/03/07 18:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alex Spadoni\Application Data\Mozilla\Firefox\Profiles\gzfot7kr.default\extensions
[2012/03/07 18:19:44 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Alex Spadoni\Application Data\Mozilla\Firefox\Profiles\gzfot7kr.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/07/03 16:48:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alex Spadoni\Application Data\Mozilla\Firefox\Profiles\gzfot7kr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/05 10:48:08 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\Alex Spadoni\Application Data\Mozilla\Firefox\Profiles\gzfot7kr.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2011/04/30 23:20:19 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Alex Spadoni\Application Data\Mozilla\Firefox\Profiles\gzfot7kr.default\extensions\rikaichan-jpen@polarcloud.com
[2012/03/07 14:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/21 06:01:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/11 19:05:41 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2012/03/07 14:31:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/07 14:31:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/03/15 19:11:49 | 000,001,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zugo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/22 04:05:13 | 000,440,585 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15170 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O15 - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17FB149-D13F-49DD-9247-2AD32F8EBC7A}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\itlntfy: DllName - (itlnfw32.dll) - File not found
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1c92cb26-5b0b-11de-b0be-0015c5a5bc36}\Shell\AutoRun\command - "" = "G:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\{960be2c8-a8a5-11de-b0ed-0015c5a5bc36}\Shell - "" = AutoRun
O33 - MountPoints2\{960be2c8-a8a5-11de-b0ed-0015c5a5bc36}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{960be2c8-a8a5-11de-b0ed-0015c5a5bc36}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4000316846-2436207543-4047055659-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 11:37:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Alex Spadoni\Desktop\aswMBR.exe
[2012/04/04 11:35:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alex Spadoni\Desktop\OTL.exe
[2012/04/03 15:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\BeadSurge
[2012/04/03 15:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BeadSurge
[2012/04/03 15:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex Spadoni\My Documents\BeadSurge
[2012/03/30 07:26:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Alex Spadoni\Desktop\dds.scr
[2012/03/30 02:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex Spadoni\Desktop\Toriko_181_[HWMN]
[2012/03/30 02:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex Spadoni\Desktop\[CXC_Scans]Medaka_Box_c140
[2012/03/28 23:16:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/28 10:29:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/28 10:29:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/28 10:29:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/28 10:29:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/28 10:28:32 | 004,448,457 | R--- | C] (Swearware) -- C:\Documents and Settings\Alex Spadoni\Desktop\ComboFix.exe
[2012/03/25 14:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/03/25 14:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex Spadoni\Start Menu\Programs\Revo Uninstaller
[2012/03/25 14:53:52 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Documents and Settings\Alex Spadoni\Desktop\cnet2_revosetup_exe.exe
[2012/03/25 12:17:49 | 000,072,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.svs
[2012/03/25 09:43:40 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2012/03/25 09:40:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/25 09:38:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/25 09:37:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/25 08:47:29 | 000,042,864 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\SBBD.EXE
[2012/03/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2012/03/25 08:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/03/25 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/03/22 07:52:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2012/03/22 06:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/22 05:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex Spadoni\Start Menu\Programs\Google Chrome
[2012/03/22 05:09:43 | 000,733,264 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Alex Spadoni\Desktop\ChromeSetup.exe
[2012/03/21 05:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex Spadoni\Application Data\SUPERAntiSpyware.com
[2012/03/21 05:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/21 05:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/21 05:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/21 05:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/21 05:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/21 05:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/03/21 05:03:04 | 015,473,544 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Alex Spadoni\Desktop\SUPERAntiSpyware.exe
[2012/03/21 05:01:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Alex Spadoni\Desktop\spybotsd162.exe
[2012/03/21 04:24:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/03/21 04:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/03/21 04:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/03/21 04:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/03/14 17:55:18 | 000,023,376 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2012/03/14 17:55:06 | 000,546,640 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2012/03/14 17:55:02 | 000,481,104 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2012/03/09 22:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/03/09 22:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alex Spadoni\Application Data\uTorrent
[2012/03/09 22:38:11 | 000,742,264 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Alex Spadoni\Desktop\uTorrent.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Alex Spadoni\Application Data\*.tmp files -> C:\Documents and Settings\Alex Spadoni\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/04 11:38:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Alex Spadoni\Desktop\aswMBR.exe
[2012/04/04 11:35:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex Spadoni\Desktop\OTL.exe
[2012/04/03 22:56:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 22:20:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4000316846-2436207543-4047055659-1005UA.job
[2012/04/03 21:40:25 | 000,298,765 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Desktop\03b267c65377722c0a7d2a4c668809fe.jpg
[2012/04/03 15:50:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/03 15:50:13 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 15:34:57 | 000,467,968 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Desktop\BeadSurge.msi
[2012/04/03 14:23:10 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Google Chrome.lnk
[2012/04/03 14:23:10 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/30 07:59:15 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Desktop\5zkyzmly.exe
[2012/03/30 07:58:35 | 000,507,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/30 07:58:35 | 000,090,324 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/30 07:54:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/30 07:54:25 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 07:26:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Alex Spadoni\Desktop\dds.scr
[2012/03/30 07:14:35 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\defogger_reenable
[2012/03/30 07:13:57 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Defogger.exe
[2012/03/30 02:20:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4000316846-2436207543-4047055659-1005Core.job
[2012/03/28 10:28:55 | 004,448,457 | R--- | M] (Swearware) -- C:\Documents and Settings\Alex Spadoni\Desktop\ComboFix.exe
[2012/03/28 10:23:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/25 14:54:46 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Revo Uninstaller.lnk
[2012/03/25 14:53:53 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Documents and Settings\Alex Spadoni\Desktop\cnet2_revosetup_exe.exe
[2012/03/25 09:40:52 | 000,000,437 | RHS- | M] () -- C:\boot.ini
[2012/03/25 09:20:06 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/25 08:25:37 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2012/03/25 08:25:37 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2012/03/25 08:18:37 | 000,000,385 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/03/22 11:45:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/22 05:09:46 | 000,733,264 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Alex Spadoni\Desktop\ChromeSetup.exe
[2012/03/22 04:50:42 | 000,000,321 | ---- | M] () -- C:\Boot.bak
[2012/03/22 04:05:13 | 000,440,585 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/21 05:52:00 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/21 05:04:44 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Spybot - Search & Destroy.lnk
[2012/03/21 05:03:28 | 015,473,544 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Alex Spadoni\Desktop\SUPERAntiSpyware.exe
[2012/03/21 05:02:03 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Alex Spadoni\Desktop\spybotsd162.exe
[2012/03/21 04:29:02 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/03/21 04:24:09 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/03/21 04:21:41 | 012,410,880 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Ad-Aware96Install.msi
[2012/03/19 18:31:36 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\rkpoirk(2).dll
[2012/03/19 04:49:33 | 000,115,686 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/03/19 04:49:33 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/03/14 17:55:18 | 000,023,376 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2012/03/14 17:55:06 | 000,546,640 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2012/03/14 17:55:02 | 000,481,104 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2012/03/14 05:11:42 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 03:50:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/09 22:38:11 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Alex Spadoni\Desktop\uTorrent.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Alex Spadoni\Application Data\*.tmp files -> C:\Documents and Settings\Alex Spadoni\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gutovore
[2012/04/03 21:40:23 | 000,298,765 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\03b267c65377722c0a7d2a4c668809fe.jpg
[2012/04/03 15:34:55 | 000,467,968 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\BeadSurge.msi
[2012/03/30 07:59:12 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\5zkyzmly.exe
[2012/03/30 07:14:23 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\defogger_reenable
[2012/03/30 07:13:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Defogger.exe
[2012/03/28 10:29:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/28 10:29:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/28 10:29:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/28 10:29:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/28 10:29:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/28 07:07:13 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/25 14:54:46 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Revo Uninstaller.lnk
[2012/03/25 09:40:52 | 000,000,321 | ---- | C] () -- C:\Boot.bak
[2012/03/25 09:40:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/22 05:13:15 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Google Chrome.lnk
[2012/03/22 05:13:15 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/22 05:10:24 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4000316846-2436207543-4047055659-1005UA.job
[2012/03/22 05:10:19 | 000,000,954 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4000316846-2436207543-4047055659-1005Core.job
[2012/03/21 05:52:00 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/21 05:04:44 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Spybot - Search & Destroy.lnk
[2012/03/21 04:40:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/03/21 04:29:03 | 000,101,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/03/21 04:24:15 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/21 04:24:09 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/03/21 04:21:23 | 012,410,880 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\Ad-Aware96Install.msi
[2012/03/21 04:15:36 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/19 18:31:36 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\rkpoirk(2).dll
[2012/03/19 04:49:33 | 000,115,686 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/03/19 04:49:33 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/03/07 14:31:11 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/15 06:01:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/04 01:45:36 | 000,006,472 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\358wx24pi63l77055138hqekjt1d027cxm7xn81705k
[2012/01/04 01:45:36 | 000,006,472 | -HS- | C] () -- C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\358wx24pi63l77055138hqekjt1d027cxm7xn81705k
[2011/11/28 03:24:57 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\121518b2t827b281r656r4vbi8m1
[2011/11/28 03:24:57 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\121518b2t827b281r656r4vbi8m1
[2011/07/22 21:04:11 | 000,272,384 | ---- | C] () -- C:\WINDOWS\System32\UsbPadCP.DLL
[2011/07/22 21:04:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UsbPadFF.DLL
[2011/07/22 21:04:11 | 000,006,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\EMSUSB2.SYS
[2011/07/22 21:04:11 | 000,003,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\FltrKbd.SYS
[2011/05/25 16:05:01 | 000,001,446 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6i543n7kxh567jlxwrlqes3duwrc
[2011/05/25 16:05:01 | 000,001,446 | -HS- | C] () -- C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\6i543n7kxh567jlxwrlqes3duwrc
[2011/05/19 23:44:18 | 000,016,832 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8037qims01b053x2e7521t65425
[2011/05/19 23:44:18 | 000,016,832 | -HS- | C] () -- C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\8037qims01b053x2e7521t65425
[2011/05/13 14:28:54 | 000,013,776 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jl8n7fdou5di8c780n00
[2011/05/13 14:28:54 | 000,013,776 | -HS- | C] () -- C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\jl8n7fdou5di8c780n00
[2011/03/19 22:47:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

< End of report >


And the Extra.Txt now:

OTL Extras logfile created on: 4/4/2012 11:36:29 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Alex Spadoni\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.40% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 9.24 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
Drive D: | 21.47 Gb Total Space | 14.33 Gb Free Space | 66.75% Space Free | Partition Type: NTFS
Drive H: | 3.54 Gb Total Space | 0.32 Gb Free Space | 9.04% Space Free | Partition Type: FAT32

Computer Name: STUMPYX | User Name: Alex Spadoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-4000316846-2436207543-4047055659-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58277:TCP" = 58277:TCP:*:Enabled:Pando Media Booster
"58277:UDP" = 58277:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"58277:TCP" = 58277:TCP:*:Enabled:Pando Media Booster
"58277:UDP" = 58277:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\PacketiX VPN Client English\vpnclient.exe" = C:\Program Files\PacketiX VPN Client English\vpnclient.exe:*:Enabled:PacketiX VPN Client 2.0
"C:\Program Files\PacketiX VPN Client English\vpncmgr.exe" = C:\Program Files\PacketiX VPN Client English\vpncmgr.exe:*:Enabled:PacketiX VPN Client Connection Manager 2.0
"C:\Program Files\PacketiX VPN Client English\vpncmd.exe" = C:\Program Files\PacketiX VPN Client English\vpncmd.exe:*:Enabled:PacketiX VPN Command-Line Admin Tool 2.0
"C:\Program Files\Microsoft Security Essentials\MsMpEng.exe" = C:\Program Files\Microsoft Security Essentials\MsMpEng.exe:*:Enabled:MsMpEng
"E:\setup\HPZnet01.exe" = E:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Common Files\Motive\McciServiceHost.exe" = C:\Program Files\Common Files\Motive\McciServiceHost.exe:*:Enabled:McciServiceHost -- (Alcatel-Lucent)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\ATT-SST\McciBrowser.exe" = C:\Program Files\ATT-SST\McciBrowser.exe:*:Disabled:mcci+McciBrowser -- (Alcatel-Lucent)
"C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = PCI GW-USMicroN
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1816FB6-2290-4251-8D11-E7ED83D0FD0F}" = BeadSurgeInstaller
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"Anki" = Anki
"ATI Display Driver" = ATI Display Driver
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CachemanXP 2.0" = CachemanXP 2.0
"Canon MX880 series User Registration" = Canon MX880 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ie8" = Windows Internet Explorer 8
"JAIELangPack" = Japanese Language Support
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Little Registry Cleaner" = Little Registry Cleaner
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.93
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speed Dial Utility" = Canon Speed Dial Utility
"StepMania" = StepMania 3.9b (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4000316846-2436207543-4047055659-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2011 10:23:37 PM | Computer Name = STUMPYX | Source = Application Error | ID = 1000
Description = Faulting application lollauncher.exe, version 0.0.0.0, faulting module
launcher.maestro.dll, version 1.0.0.29, fault address 0x00002348.

Error - 8/11/2011 8:06:08 AM | Computer Name = STUMPYX | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 8/27/2011 7:55:13 AM | Computer Name = STUMPYX | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2011 8:51:00 AM | Computer Name = STUMPYX | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 5:25:48 AM | Computer Name = STUMPYX | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2011 6:45:05 AM | Computer Name = STUMPYX | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 11/7/2011 3:10:41 AM | Computer Name = STUMPYX | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 little registry cleaner.exe, P2 1.5.4285.39456,
P3 4e8005b0, P4 system, P5 4.0.0.0, P6 4db92edb, P7 219d, P8 0, P9 system.net.webexception,
P10 NIL.

Error - 11/7/2011 3:10:43 AM | Computer Name = STUMPYX | Source = .NET Runtime | ID = 1026
Description = Application: Little Registry Cleaner.exe Framework Version: v4.0.30319
Description:
The process was terminated due to an unhandled exception. Exception Info: System.Net.WebException
Stack:

at Common_Tools.DeskMetrics.Watcher._StopThreadFunc() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback,
System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart()


Error - 11/28/2011 6:38:04 AM | Computer Name = STUMPYX | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 12/18/2011 10:24:40 AM | Computer Name = STUMPYX | Source = Application Error | ID = 1000
Description = Faulting application league of legends.exe, version 1.0.0.131, faulting
module league of legends.exe, version 1.0.0.131, fault address 0x00492fc7.

[ System Events ]
Error - 3/30/2012 10:54:31 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7023
Description = The ISODrive service terminated with the following error: %%126

Error - 3/30/2012 10:54:31 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7023
Description = The Bc_pat_f service terminated with the following error: %%126

Error - 3/30/2012 10:54:31 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7023
Description = The Isapisearch service terminated with the following error: %%126

Error - 3/30/2012 10:54:31 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7023
Description = The ATMsg service terminated with the following error: %%126

Error - 3/30/2012 10:54:31 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7023
Description = The Mcrdsvc service terminated with the following error: %%126

Error - 3/30/2012 10:54:31 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7023
Description = The TuneUp.Defrag service terminated with the following error: %%126

Error - 3/30/2012 10:54:31 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7023
Description = The Ati2mtaa service terminated with the following error: %%126

Error - 3/30/2012 10:54:31 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7023
Description = The Rpskt service terminated with the following error: %%126

Error - 3/30/2012 10:54:33 AM | Computer Name = STUMPYX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi redbook

Error - 4/3/2012 8:42:10 AM | Computer Name = STUMPYX | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.65 on
the Network Card with network address 001D60EB7F6E.


< End of report >


Finally, the aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-04 11:39:56
-----------------------------
11:39:56.937 OS Version: Windows 5.1.2600 Service Pack 3
11:39:56.937 Number of processors: 2 586 0xE08
11:39:56.937 ComputerName: STUMPYX UserName:
11:39:57.421 Initialize success
11:50:19.515 AVAST engine defs: 12040400
11:53:24.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:53:24.328 Disk 0 Vendor: ST910021AS 8.02 Size: 93958MB BusType: 3
11:53:24.421 Disk 0 MBR read successfully
11:53:24.437 Disk 0 MBR scan
11:53:24.484 Disk 0 Windows XP default MBR code
11:53:24.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
11:53:24.546 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68284 MB offset 96390
11:53:24.593 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21987 MB offset 139958280
11:53:24.609 Disk 0 Partition - 00 0F Extended LBA 3631 MB offset 184988475
11:53:24.656 Disk 0 Partition 4 00 0B FAT32 MSWIN4.1 3631 MB offset 184988475
11:53:24.687 Disk 0 scanning sectors +192426570
11:53:25.328 Disk 0 scanning C:\WINDOWS\system32\drivers
11:54:15.234 Service scanning
11:54:32.750 Modules scanning
11:55:17.468 Disk 0 trace - called modules:
11:55:17.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:55:17.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a900030]
11:55:17.515 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a8a14d0]
11:55:17.515 5 ACPI.sys[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8749b0]
11:55:17.984 AVAST engine scan C:\WINDOWS
11:56:05.312 AVAST engine scan C:\WINDOWS\system32
12:03:23.484 AVAST engine scan C:\WINDOWS\system32\drivers
12:04:18.234 AVAST engine scan C:\Documents and Settings\Alex Spadoni
12:04:38.296 File: C:\Documents and Settings\Alex Spadoni\Application Data\608.tmp **INFECTED** Win32:Crypt-LYW [Trj]
12:18:45.296 File: C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\rkpoirk(2).dll **INFECTED** Win32:Malware-gen
13:11:16.203 AVAST engine scan C:\Documents and Settings\All Users
13:20:12.203 Scan finished successfully
13:25:07.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alex Spadoni\Desktop\MBR.dat"
13:25:07.781 The log file has been saved successfully to "C:\Documents and Settings\Alex Spadoni\Desktop\aswMBR.txt"


That's it. Again, I appreciate your help. Please feel free to take your time with a response if you're busy.

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 AM

Posted 06 April 2012 - 09:37 AM

Hello Gonthor,

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

====================================================================================

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :processes:
    killallprocesses
    
    :OTL
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gutovore
    [2012/03/30 07:59:12 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Desktop\5zkyzmly.exe
    [2012/03/19 18:31:36 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\rkpoirk(2).dll
    
    :Files
    C:\Documents and Settings\Alex Spadoni\Application Data\608.tmp
    
    netsvsc
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

=================================================================

I want you to run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

===================================================================================

I'd like you to see if ComboFix produced a log. It should be found at C:\Combofix.txt. Please post it's contents in your next reply.

===================================================================================



In your next reply, please copy/paste the contents of the following:
  • OTL Report
  • TDSSKiller Log
  • C:\Combofix.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 Gonthor

Gonthor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 06 April 2012 - 04:27 PM

Here is the OTL Report:

Error: Unable to interpret <:processes:> in the current context!
Error: Unable to interpret <killallprocesses> in the current context!
========== OTL ==========
C:\WINDOWS\system32\gutovore moved successfully.
C:\Documents and Settings\Alex Spadoni\Desktop\5zkyzmly.exe moved successfully.
C:\Documents and Settings\Alex Spadoni\Local Settings\Application Data\rkpoirk(2).dll moved successfully.
========== FILES ==========
C:\Documents and Settings\Alex Spadoni\Application Data\608.tmp moved successfully.
File\Folder netsvsc not found.

OTL by OldTimer - Version 3.2.39.2 log created on 04062012_141503


And the TDSSKiller Log:

14:18:17.0039 31804 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
14:18:17.0695 31804 ============================================================
14:18:17.0695 31804 Current date / time: 2012/04/06 14:18:17.0695
14:18:17.0695 31804 SystemInfo:
14:18:17.0695 31804
14:18:17.0695 31804 OS Version: 5.1.2600 ServicePack: 3.0
14:18:17.0695 31804 Product type: Workstation
14:18:17.0695 31804 ComputerName: STUMPYX
14:18:17.0695 31804 UserName: Alex Spadoni
14:18:17.0695 31804 Windows directory: C:\WINDOWS
14:18:17.0695 31804 System windows directory: C:\WINDOWS
14:18:17.0695 31804 Processor architecture: Intel x86
14:18:17.0695 31804 Number of processors: 2
14:18:17.0695 31804 Page size: 0x1000
14:18:17.0695 31804 Boot type: Normal boot
14:18:17.0695 31804 ============================================================
14:18:20.0117 31804 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:18:20.0117 31804 \Device\Harddisk0\DR0:
14:18:20.0117 31804 MBR used
14:18:20.0117 31804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x855E0C1
14:18:20.0117 31804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8579808, BlocksNum 0x2AF1B33
14:18:20.0149 31804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xB06B33B, BlocksNum 0x717F0F
14:18:20.0274 31804 Initialize success
14:18:20.0274 31804 ============================================================
14:18:36.0102 29480 ============================================================
14:18:36.0102 29480 Scan started
14:18:36.0102 29480 Mode: Manual;
14:18:36.0102 29480 ============================================================
14:18:36.0383 29480 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:18:36.0383 29480 !SASCORE - ok
14:18:36.0633 29480 Abiosdsk - ok
14:18:36.0712 29480 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:18:36.0712 29480 abp480n5 - ok
14:18:36.0790 29480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:18:36.0790 29480 ACPI - ok
14:18:36.0852 29480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:18:36.0868 29480 ACPIEC - ok
14:18:36.0930 29480 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:18:36.0946 29480 Adobe LM Service - ok
14:18:36.0993 29480 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:18:36.0993 29480 adpu160m - ok
14:18:37.0040 29480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:18:37.0040 29480 aec - ok
14:18:37.0102 29480 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:18:37.0118 29480 AegisP - ok
14:18:37.0196 29480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:18:37.0196 29480 AFD - ok
14:18:37.0258 29480 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:18:37.0258 29480 agp440 - ok
14:18:37.0305 29480 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:18:37.0305 29480 agpCPQ - ok
14:18:37.0383 29480 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:18:37.0383 29480 Aha154x - ok
14:18:37.0430 29480 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:18:37.0430 29480 aic78u2 - ok
14:18:37.0477 29480 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:18:37.0477 29480 aic78xx - ok
14:18:37.0555 29480 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:18:37.0555 29480 Alerter - ok
14:18:37.0602 29480 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:18:37.0602 29480 ALG - ok
14:18:37.0649 29480 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:18:37.0649 29480 AliIde - ok
14:18:37.0696 29480 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:18:37.0696 29480 alim1541 - ok
14:18:37.0743 29480 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:18:37.0743 29480 amdagp - ok
14:18:37.0805 29480 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:18:37.0805 29480 amsint - ok
14:18:37.0899 29480 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:18:37.0899 29480 AppMgmt - ok
14:18:37.0977 29480 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:18:37.0977 29480 Arp1394 - ok
14:18:38.0040 29480 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:18:38.0040 29480 asc - ok
14:18:38.0055 29480 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:18:38.0055 29480 asc3350p - ok
14:18:38.0071 29480 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:18:38.0071 29480 asc3550 - ok
14:18:38.0118 29480 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:18:38.0133 29480 ASCTRM - ok
14:18:38.0180 29480 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:18:38.0180 29480 aspnet_state - ok
14:18:38.0243 29480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:18:38.0243 29480 AsyncMac - ok
14:18:38.0290 29480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:18:38.0290 29480 atapi - ok
14:18:38.0290 29480 Atdisk - ok
14:18:38.0352 29480 Ati HotKey Poller (3b11be07af444314794372af5d7c9a5a) C:\WINDOWS\system32\Ati2evxx.exe
14:18:38.0368 29480 Ati HotKey Poller - ok
14:18:38.0462 29480 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:18:38.0540 29480 ati2mtag - ok
14:18:38.0602 29480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:18:38.0602 29480 Atmarpc - ok
14:18:38.0696 29480 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:18:38.0696 29480 AudioSrv - ok
14:18:38.0758 29480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:18:38.0774 29480 audstub - ok
14:18:38.0837 29480 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:18:38.0837 29480 BCM43XX - ok
14:18:38.0899 29480 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:18:38.0899 29480 bcm4sbxp - ok
14:18:38.0930 29480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:18:38.0930 29480 Beep - ok
14:18:39.0009 29480 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:18:39.0024 29480 BITS - ok
14:18:39.0118 29480 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:18:39.0118 29480 Browser - ok
14:18:39.0227 29480 CachemanXPService (bacedcf419d4517cd41a9b62e63fa7fc) C:\PROGRA~1\CACHEM~1\CachemanXP.exe
14:18:39.0243 29480 CachemanXPService - ok
14:18:39.0274 29480 Cardex - ok
14:18:39.0415 29480 catchme - ok
14:18:39.0462 29480 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:18:39.0462 29480 cbidf - ok
14:18:39.0509 29480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:18:39.0509 29480 cbidf2k - ok
14:18:39.0602 29480 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:18:39.0602 29480 cd20xrnt - ok
14:18:39.0649 29480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:18:39.0649 29480 Cdaudio - ok
14:18:39.0696 29480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:18:39.0696 29480 Cdfs - ok
14:18:39.0743 29480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:18:39.0743 29480 Cdrom - ok
14:18:39.0759 29480 Changer - ok
14:18:39.0805 29480 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:18:39.0805 29480 CiSvc - ok
14:18:39.0821 29480 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:18:39.0821 29480 ClipSrv - ok
14:18:39.0821 29480 clmtomcatstartersvc - ok
14:18:39.0930 29480 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:18:39.0977 29480 clr_optimization_v2.0.50727_32 - ok
14:18:40.0040 29480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:18:40.0071 29480 clr_optimization_v4.0.30319_32 - ok
14:18:40.0149 29480 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:18:40.0149 29480 CmBatt - ok
14:18:40.0212 29480 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:18:40.0212 29480 CmdIde - ok
14:18:40.0243 29480 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:18:40.0243 29480 Compbatt - ok
14:18:40.0259 29480 COMSysApp - ok
14:18:40.0305 29480 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:18:40.0305 29480 Cpqarray - ok
14:18:40.0384 29480 Creative Labs Licensing Service (7db5e3f44d797bd38b8e336ccc2e49d5) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
14:18:40.0384 29480 Creative Labs Licensing Service - ok
14:18:40.0415 29480 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:18:40.0415 29480 CryptSvc - ok
14:18:40.0430 29480 ctsfm2k - ok
14:18:40.0446 29480 CTUSFSYN - ok
14:18:40.0477 29480 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:18:40.0493 29480 dac2w2k - ok
14:18:40.0509 29480 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:18:40.0509 29480 dac960nt - ok
14:18:40.0571 29480 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:18:40.0571 29480 DcomLaunch - ok
14:18:40.0618 29480 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:18:40.0618 29480 Dhcp - ok
14:18:40.0680 29480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:18:40.0680 29480 Disk - ok
14:18:40.0680 29480 dmadmin - ok
14:18:40.0759 29480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:18:40.0774 29480 dmboot - ok
14:18:40.0790 29480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:18:40.0790 29480 dmio - ok
14:18:40.0821 29480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:18:40.0821 29480 dmload - ok
14:18:40.0884 29480 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:18:40.0884 29480 dmserver - ok
14:18:40.0899 29480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:18:40.0899 29480 DMusic - ok
14:18:40.0946 29480 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:18:40.0946 29480 Dnscache - ok
14:18:40.0993 29480 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:18:41.0009 29480 Dot3svc - ok
14:18:41.0055 29480 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:18:41.0055 29480 dpti2o - ok
14:18:41.0102 29480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:18:41.0102 29480 drmkaud - ok
14:18:41.0149 29480 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
14:18:41.0165 29480 drvmcdb - ok
14:18:41.0180 29480 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
14:18:41.0180 29480 drvnddm - ok
14:18:41.0212 29480 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:18:41.0212 29480 E100B - ok
14:18:41.0243 29480 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:18:41.0243 29480 EapHost - ok
14:18:41.0290 29480 EMSUSB2 (d83c85a75617be0120a06f1c05601f5b) C:\WINDOWS\system32\Drivers\EMSUSB2.SYS
14:18:41.0290 29480 EMSUSB2 - ok
14:18:41.0321 29480 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:18:41.0321 29480 ERSvc - ok
14:18:41.0337 29480 ET5Drv - ok
14:18:41.0384 29480 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:18:41.0384 29480 Eventlog - ok
14:18:41.0446 29480 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:18:41.0446 29480 EventSystem - ok
14:18:41.0493 29480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:18:41.0493 29480 Fastfat - ok
14:18:41.0540 29480 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:18:41.0540 29480 FastUserSwitchingCompatibility - ok
14:18:41.0571 29480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:18:41.0571 29480 Fdc - ok
14:18:41.0587 29480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:18:41.0587 29480 Fips - ok
14:18:41.0618 29480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:18:41.0618 29480 Flpydisk - ok
14:18:41.0665 29480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:18:41.0665 29480 FltMgr - ok
14:18:41.0821 29480 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:18:41.0821 29480 FontCache3.0.0.0 - ok
14:18:41.0852 29480 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
14:18:41.0852 29480 FsVga - ok
14:18:41.0884 29480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:18:41.0884 29480 Fs_Rec - ok
14:18:41.0930 29480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:18:41.0930 29480 Ftdisk - ok
14:18:41.0946 29480 FTSER2K - ok
14:18:41.0993 29480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:18:41.0993 29480 Gpc - ok
14:18:42.0149 29480 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:18:42.0149 29480 gupdate - ok
14:18:42.0149 29480 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:18:42.0149 29480 gupdatem - ok
14:18:42.0196 29480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:18:42.0196 29480 HDAudBus - ok
14:18:42.0274 29480 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:18:42.0290 29480 helpsvc - ok
14:18:42.0305 29480 HidServ - ok
14:18:42.0352 29480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:18:42.0352 29480 HidUsb - ok
14:18:42.0384 29480 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:18:42.0384 29480 hkmsvc - ok
14:18:42.0430 29480 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:18:42.0430 29480 hpn - ok
14:18:42.0493 29480 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:18:42.0493 29480 HSFHWAZL - ok
14:18:42.0540 29480 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:18:42.0618 29480 HSF_DPV - ok
14:18:42.0712 29480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:18:42.0712 29480 HTTP - ok
14:18:42.0790 29480 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:18:42.0790 29480 HTTPFilter - ok
14:18:42.0868 29480 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:18:42.0868 29480 i2omgmt - ok
14:18:42.0899 29480 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:18:42.0899 29480 i2omp - ok
14:18:42.0946 29480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:18:42.0946 29480 i8042prt - ok
14:18:43.0087 29480 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:18:43.0102 29480 idsvc - ok
14:18:43.0149 29480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:18:43.0149 29480 Imapi - ok
14:18:43.0196 29480 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:18:43.0196 29480 ImapiService - ok
14:18:43.0243 29480 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:18:43.0243 29480 ini910u - ok
14:18:43.0274 29480 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:18:43.0274 29480 IntelIde - ok
14:18:43.0306 29480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:18:43.0306 29480 intelppm - ok
14:18:43.0337 29480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:18:43.0337 29480 Ip6Fw - ok
14:18:43.0352 29480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:18:43.0352 29480 IpFilterDriver - ok
14:18:43.0399 29480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:18:43.0399 29480 IpInIp - ok
14:18:43.0415 29480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:18:43.0415 29480 IpNat - ok
14:18:43.0431 29480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:18:43.0431 29480 IPSec - ok
14:18:43.0446 29480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:18:43.0446 29480 IRENUM - ok
14:18:43.0493 29480 is3srv (dccbdfd30bbeca6d74d9133981429b94) C:\WINDOWS\system32\drivers\is3srv.sys
14:18:43.0509 29480 is3srv - ok
14:18:43.0524 29480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:18:43.0524 29480 isapnp - ok
14:18:43.0665 29480 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
14:18:43.0665 29480 JavaQuickStarterService - ok
14:18:43.0696 29480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:18:43.0696 29480 Kbdclass - ok
14:18:43.0712 29480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:18:43.0712 29480 kmixer - ok
14:18:43.0759 29480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:18:43.0774 29480 KSecDD - ok
14:18:43.0806 29480 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:18:43.0806 29480 lanmanserver - ok
14:18:43.0884 29480 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:18:43.0884 29480 lanmanworkstation - ok
14:18:43.0993 29480 Lavasoft Ad-Aware Service (05bf145bc0a7b5a0fc9a7227fe05d260) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
14:18:44.0087 29480 Suspicious file (Forged): C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe. Real md5: 05bf145bc0a7b5a0fc9a7227fe05d260, Fake md5: ea38136981c61c571d52c380daad46ef
14:18:44.0087 29480 Lavasoft Ad-Aware Service ( ForgedFile.Multi.Generic ) - warning
14:18:44.0087 29480 Lavasoft Ad-Aware Service - detected ForgedFile.Multi.Generic (1)
14:18:44.0134 29480 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
14:18:44.0134 29480 Lbd - ok
14:18:44.0165 29480 lbrtfdc - ok
14:18:44.0212 29480 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:18:44.0212 29480 LmHosts - ok
14:18:44.0306 29480 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
14:18:44.0306 29480 McciCMService - ok
14:18:44.0352 29480 McciServiceHost (eee1ea23c4777adb268a36196a631200) C:\Program Files\Common Files\Motive\McciServiceHost.exe
14:18:44.0352 29480 McciServiceHost - ok
14:18:44.0446 29480 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:18:44.0446 29480 mdmxsdk - ok
14:18:44.0493 29480 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:18:44.0493 29480 Messenger - ok
14:18:44.0540 29480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:18:44.0556 29480 mnmdd - ok
14:18:44.0618 29480 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:18:44.0618 29480 mnmsrvc - ok
14:18:44.0696 29480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:18:44.0696 29480 Modem - ok
14:18:44.0806 29480 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
14:18:44.0915 29480 monfilt - ok
14:18:44.0977 29480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:18:44.0977 29480 Mouclass - ok
14:18:45.0056 29480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:18:45.0056 29480 mouhid - ok
14:18:45.0102 29480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:18:45.0102 29480 MountMgr - ok
14:18:45.0165 29480 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:18:45.0165 29480 mraid35x - ok
14:18:45.0337 29480 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:18:45.0337 29480 MREMP50 - ok
14:18:45.0352 29480 MREMPR5 - ok
14:18:45.0368 29480 MRENDIS5 - ok
14:18:45.0446 29480 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:18:45.0462 29480 MRESP50 - ok
14:18:45.0759 29480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:18:45.0806 29480 MRxDAV - ok
14:18:46.0165 29480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:18:46.0274 29480 MRxSmb - ok
14:18:46.0446 29480 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:18:46.0462 29480 MSDTC - ok
14:18:46.0618 29480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:18:46.0634 29480 Msfs - ok
14:18:46.0712 29480 MSIServer - ok
14:18:46.0884 29480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:18:46.0884 29480 MSKSSRV - ok
14:18:47.0024 29480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:18:47.0024 29480 MSPCLOCK - ok
14:18:47.0134 29480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:18:47.0149 29480 MSPQM - ok
14:18:47.0321 29480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:18:47.0337 29480 mssmbios - ok
14:18:47.0493 29480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:18:47.0509 29480 Mup - ok
14:18:47.0712 29480 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:18:47.0743 29480 napagent - ok
14:18:48.0040 29480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:18:48.0087 29480 NDIS - ok
14:18:48.0290 29480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:18:48.0306 29480 NdisTapi - ok
14:18:48.0431 29480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:18:48.0431 29480 Ndisuio - ok
14:18:48.0571 29480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:18:48.0587 29480 NdisWan - ok
14:18:48.0728 29480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:18:48.0728 29480 NDProxy - ok
14:18:48.0884 29480 Neo_MHFO (78a1eacf8da011715f7e0b3536f9845c) C:\WINDOWS\system32\DRIVERS\Neo_0047.sys
14:18:48.0884 29480 Neo_MHFO - ok
14:18:49.0024 29480 Neo_Monster Hunter Frontier (78a1eacf8da011715f7e0b3536f9845c) C:\WINDOWS\system32\DRIVERS\Neo_0057.sys
14:18:49.0024 29480 Neo_Monster Hunter Frontier - ok
14:18:49.0181 29480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:18:49.0181 29480 NetBIOS - ok
14:18:49.0415 29480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:18:49.0462 29480 NetBT - ok
14:18:49.0634 29480 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:18:49.0649 29480 NetDDE - ok
14:18:49.0665 29480 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:18:49.0665 29480 NetDDEdsdm - ok
14:18:49.0790 29480 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:49.0790 29480 Netlogon - ok
14:18:49.0962 29480 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:18:49.0993 29480 Netman - ok
14:18:50.0149 29480 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:18:50.0228 29480 NetTcpPortSharing - ok
14:18:50.0712 29480 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:18:50.0728 29480 NIC1394 - ok
14:18:50.0853 29480 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:18:50.0931 29480 Nla - ok
14:18:51.0056 29480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:18:51.0071 29480 Npfs - ok
14:18:51.0087 29480 npggsvc - ok
14:18:51.0290 29480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:18:51.0446 29480 Ntfs - ok
14:18:51.0650 29480 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:51.0650 29480 NtLmSsp - ok
14:18:51.0915 29480 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:18:52.0103 29480 NtmsSvc - ok
14:18:52.0353 29480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:18:52.0368 29480 Null - ok
14:18:52.0540 29480 nv (c04fa0ccf740e1920bc7c19ca4f597a4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:18:53.0118 29480 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: c04fa0ccf740e1920bc7c19ca4f597a4, Fake md5: 2b298519edbfcf451d43e0f1e8f1006d
14:18:53.0134 29480 nv ( ForgedFile.Multi.Generic ) - warning
14:18:53.0134 29480 nv - detected ForgedFile.Multi.Generic (1)
14:18:53.0400 29480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:18:53.0400 29480 NwlnkFlt - ok
14:18:53.0509 29480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:18:53.0540 29480 NwlnkFwd - ok
14:18:54.0431 29480 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:18:54.0431 29480 ohci1394 - ok
14:18:54.0572 29480 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
14:18:54.0572 29480 omci - ok
14:18:54.0728 29480 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:18:54.0743 29480 ose - ok
14:18:54.0853 29480 ossrv - ok
14:18:55.0025 29480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:18:55.0025 29480 Parport - ok
14:18:55.0197 29480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:18:55.0197 29480 PartMgr - ok
14:18:55.0306 29480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:18:55.0322 29480 ParVdm - ok
14:18:55.0447 29480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:18:55.0462 29480 PCI - ok
14:18:55.0572 29480 PCIDump - ok
14:18:55.0712 29480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:18:55.0728 29480 PCIIde - ok
14:18:55.0931 29480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:18:55.0962 29480 Pcmcia - ok
14:18:56.0056 29480 PDCOMP - ok
14:18:56.0165 29480 PDFRAME - ok
14:18:56.0243 29480 PDRELI - ok
14:18:56.0337 29480 PDRFRAME - ok
14:18:56.0962 29480 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:18:56.0978 29480 perc2 - ok
14:18:57.0322 29480 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:18:57.0337 29480 perc2hib - ok
14:18:57.0447 29480 PGPsdkDriver - ok
14:18:57.0572 29480 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:18:57.0587 29480 PlugPlay - ok
14:18:57.0712 29480 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
14:18:57.0712 29480 Pml Driver HPZ12 - ok
14:18:57.0837 29480 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:57.0853 29480 PolicyAgent - ok
14:18:58.0009 29480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:18:58.0025 29480 PptpMiniport - ok
14:18:58.0165 29480 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:58.0165 29480 ProtectedStorage - ok
14:18:58.0337 29480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:18:58.0353 29480 PSched - ok
14:18:58.0478 29480 PsSdk30 - ok
14:18:58.0634 29480 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys
14:18:58.0650 29480 PsSdk41 - ok
14:18:58.0790 29480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:18:58.0806 29480 Ptilink - ok
14:18:58.0931 29480 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:18:58.0947 29480 PxHelp20 - ok
14:18:59.0103 29480 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:18:59.0134 29480 ql1080 - ok
14:18:59.0181 29480 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:18:59.0197 29480 Ql10wnt - ok
14:19:00.0040 29480 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:19:00.0072 29480 ql12160 - ok
14:19:00.0337 29480 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:19:00.0369 29480 ql1240 - ok
14:19:00.0478 29480 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:19:00.0494 29480 ql1280 - ok
14:19:00.0681 29480 RalinkRegistryWriter (432f5b15e21a54b48072593f03570326) C:\Program Files\PLANEX\Common\RalinkRegistryWriter.exe
14:19:00.0697 29480 RalinkRegistryWriter - ok
14:19:00.0962 29480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:19:00.0978 29480 RasAcd - ok
14:19:01.0134 29480 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:19:01.0150 29480 RasAuto - ok
14:19:01.0275 29480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:19:01.0275 29480 Rasl2tp - ok
14:19:01.0447 29480 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:19:01.0509 29480 RasMan - ok
14:19:01.0665 29480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:19:01.0665 29480 RasPppoe - ok
14:19:01.0790 29480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:19:01.0790 29480 Raspti - ok
14:19:01.0915 29480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:19:01.0978 29480 Rdbss - ok
14:19:02.0087 29480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:19:02.0087 29480 RDPCDD - ok
14:19:03.0462 29480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:19:03.0462 29480 rdpdr - ok
14:19:03.0666 29480 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:19:03.0697 29480 RDPWD - ok
14:19:03.0806 29480 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:19:03.0806 29480 RDSessMgr - ok
14:19:03.0978 29480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:19:03.0994 29480 redbook - ok
14:19:04.0306 29480 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:19:04.0322 29480 RemoteAccess - ok
14:19:05.0447 29480 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:19:05.0447 29480 RemoteRegistry - ok
14:19:05.0634 29480 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:19:05.0634 29480 rimmptsk - ok
14:19:05.0697 29480 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
14:19:05.0697 29480 rimsptsk - ok
14:19:05.0759 29480 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
14:19:05.0775 29480 rismxdp - ok
14:19:05.0791 29480 ROOTUSB - ok
14:19:05.0884 29480 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:19:05.0884 29480 RpcLocator - ok
14:19:05.0962 29480 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:19:05.0962 29480 RpcSs - ok
14:19:06.0025 29480 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:19:06.0025 29480 RSVP - ok
14:19:06.0087 29480 rt2870 (4f73e0a397a85392a4f7410f8b808311) C:\WINDOWS\system32\DRIVERS\rt2870.sys
14:19:06.0103 29480 rt2870 - ok
14:19:06.0150 29480 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:19:06.0150 29480 SamSs - ok
14:19:06.0228 29480 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:19:06.0228 29480 SASDIFSV - ok
14:19:06.0244 29480 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:19:06.0244 29480 SASKUTIL - ok
14:19:06.0275 29480 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:19:06.0291 29480 SCardSvr - ok
14:19:06.0384 29480 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:19:06.0384 29480 Schedule - ok
14:19:06.0478 29480 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:19:06.0478 29480 sdbus - ok
14:19:06.0541 29480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:19:06.0556 29480 Secdrv - ok
14:19:06.0603 29480 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:19:06.0619 29480 seclogon - ok
14:19:06.0666 29480 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:19:06.0666 29480 SENS - ok
14:19:06.0744 29480 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:19:06.0744 29480 serenum - ok
14:19:06.0806 29480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:19:06.0806 29480 Serial - ok
14:19:06.0884 29480 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:19:06.0884 29480 sffdisk - ok
14:19:06.0947 29480 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:19:06.0947 29480 sffp_sd - ok
14:19:06.0963 29480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:19:06.0963 29480 Sfloppy - ok
14:19:07.0025 29480 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:19:07.0025 29480 SharedAccess - ok
14:19:07.0072 29480 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:19:07.0072 29480 ShellHWDetection - ok
14:19:07.0072 29480 Simbad - ok
14:19:07.0103 29480 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:19:07.0103 29480 sisagp - ok
14:19:07.0119 29480 sit_bus - ok
14:19:07.0338 29480 SliceDisk5 - ok
14:19:07.0447 29480 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:19:07.0447 29480 Sparrow - ok
14:19:07.0541 29480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:19:07.0541 29480 splitter - ok
14:19:07.0603 29480 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:19:07.0619 29480 Spooler - ok
14:19:07.0759 29480 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
14:19:07.0884 29480 sptd - ok
14:19:07.0947 29480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:19:07.0947 29480 sr - ok
14:19:08.0009 29480 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:19:08.0009 29480 srservice - ok
14:19:08.0056 29480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:19:08.0072 29480 Srv - ok
14:19:08.0119 29480 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:19:08.0119 29480 sscdbhk5 - ok
14:19:08.0134 29480 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:19:08.0150 29480 SSDPSRV - ok
14:19:08.0166 29480 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
14:19:08.0166 29480 ssrtln - ok
14:19:08.0244 29480 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
14:19:08.0322 29480 STHDA - ok
14:19:08.0416 29480 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:19:08.0447 29480 stisvc - ok
14:19:08.0541 29480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:19:08.0541 29480 swenum - ok
14:19:08.0619 29480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:19:08.0619 29480 swmidi - ok
14:19:08.0634 29480 SwPrv - ok
14:19:08.0666 29480 swupdtmr - ok
14:19:08.0697 29480 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:19:08.0697 29480 symc810 - ok
14:19:08.0728 29480 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:19:08.0728 29480 symc8xx - ok
14:19:08.0744 29480 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:19:08.0744 29480 sym_hi - ok
14:19:08.0759 29480 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:19:08.0759 29480 sym_u3 - ok
14:19:08.0822 29480 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:19:08.0822 29480 SynTP - ok
14:19:08.0884 29480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:19:08.0884 29480 sysaudio - ok
14:19:08.0931 29480 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:19:08.0931 29480 SysmonLog - ok
14:19:08.0994 29480 szkg5 (dccbdfd30bbeca6d74d9133981429b94) C:\WINDOWS\system32\DRIVERS\szkg.sys
14:19:08.0994 29480 szkg5 - ok
14:19:09.0009 29480 szkgfs (24abe4a9d7faf255f1e4c4fd27b7fe58) C:\WINDOWS\system32\drivers\szkgfs.sys
14:19:09.0009 29480 szkgfs - ok
14:19:09.0119 29480 szserver (d4fbaca244a89c894766a3d4fe1b1030) C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
14:19:09.0134 29480 szserver - ok
14:19:09.0181 29480 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:19:09.0181 29480 TapiSrv - ok
14:19:09.0244 29480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:19:09.0244 29480 Tcpip - ok
14:19:09.0338 29480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:19:09.0338 29480 TDPIPE - ok
14:19:09.0369 29480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:19:09.0369 29480 TDTCP - ok
14:19:09.0400 29480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:19:09.0400 29480 TermDD - ok
14:19:09.0447 29480 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:19:09.0463 29480 TermService - ok
14:19:09.0541 29480 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
14:19:09.0541 29480 tfsnboio - ok
14:19:09.0541 29480 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
14:19:09.0541 29480 tfsncofs - ok
14:19:09.0572 29480 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
14:19:09.0572 29480 tfsndrct - ok
14:19:09.0572 29480 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
14:19:09.0572 29480 tfsndres - ok
14:19:09.0603 29480 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
14:19:09.0603 29480 tfsnifs - ok
14:19:09.0619 29480 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
14:19:09.0619 29480 tfsnopio - ok
14:19:09.0634 29480 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
14:19:09.0634 29480 tfsnpool - ok
14:19:09.0650 29480 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
14:19:09.0650 29480 tfsnudf - ok
14:19:09.0666 29480 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
14:19:09.0666 29480 tfsnudfa - ok
14:19:09.0713 29480 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:19:09.0713 29480 Themes - ok
14:19:09.0759 29480 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:19:09.0759 29480 TlntSvr - ok
14:19:09.0978 29480 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:19:09.0978 29480 TosIde - ok
14:19:10.0025 29480 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:19:10.0025 29480 TrkWks - ok
14:19:10.0072 29480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:19:10.0072 29480 Udfs - ok
14:19:10.0103 29480 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:19:10.0103 29480 ultra - ok
14:19:10.0150 29480 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
14:19:10.0150 29480 UMWdf - ok
14:19:10.0213 29480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:19:10.0213 29480 Update - ok
14:19:10.0275 29480 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:19:10.0275 29480 upnphost - ok
14:19:10.0291 29480 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:19:10.0291 29480 UPS - ok
14:19:10.0338 29480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:19:10.0338 29480 usbccgp - ok
14:19:10.0385 29480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:19:10.0385 29480 usbehci - ok
14:19:10.0400 29480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:19:10.0416 29480 usbhub - ok
14:19:10.0431 29480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:19:10.0431 29480 usbprint - ok
14:19:10.0447 29480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:19:10.0447 29480 usbscan - ok
14:19:10.0463 29480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:19:10.0478 29480 USBSTOR - ok
14:19:10.0494 29480 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:19:10.0494 29480 usbuhci - ok
14:19:10.0510 29480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:19:10.0510 29480 VgaSave - ok
14:19:10.0556 29480 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:19:10.0556 29480 viaagp - ok
14:19:10.0572 29480 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:19:10.0572 29480 ViaIde - ok
14:19:10.0588 29480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:19:10.0588 29480 VolSnap - ok
14:19:10.0650 29480 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:19:10.0650 29480 VSS - ok
14:19:10.0666 29480 vstor2-ws60 - ok
14:19:10.0713 29480 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:19:10.0713 29480 w32time - ok
14:19:10.0775 29480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:19:10.0775 29480 Wanarp - ok
14:19:10.0791 29480 wanatw - ok
14:19:10.0885 29480 WDICA - ok
14:19:10.0900 29480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:19:10.0900 29480 wdmaud - ok
14:19:10.0947 29480 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:19:10.0947 29480 WebClient - ok
14:19:11.0010 29480 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:19:11.0025 29480 winachsf - ok
14:19:11.0119 29480 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:19:11.0119 29480 winmgmt - ok
14:19:11.0135 29480 WINUSB - ok
14:19:11.0150 29480 wltrysvc - ok
14:19:11.0213 29480 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
14:19:11.0213 29480 WmdmPmSN - ok
14:19:11.0291 29480 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:19:11.0291 29480 Wmi - ok
14:19:11.0353 29480 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:19:11.0353 29480 WmiAcpi - ok
14:19:11.0431 29480 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:19:11.0431 29480 WmiApSrv - ok
14:19:11.0556 29480 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:19:11.0603 29480 WPFFontCache_v0400 - ok
14:19:11.0666 29480 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:19:11.0666 29480 WS2IFSL - ok
14:19:11.0728 29480 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:19:11.0728 29480 wscsvc - ok
14:19:11.0744 29480 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:19:11.0744 29480 wuauserv - ok
14:19:11.0806 29480 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:19:11.0822 29480 WZCSVC - ok
14:19:11.0838 29480 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:19:11.0853 29480 xmlprov - ok
14:19:11.0900 29480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:19:12.0025 29480 \Device\Harddisk0\DR0 - ok
14:19:12.0025 29480 Boot (0x1200) (c08d009babbd5a9657bbaaf7781758b0) \Device\Harddisk0\DR0\Partition0
14:19:12.0025 29480 \Device\Harddisk0\DR0\Partition0 - ok
14:19:12.0056 29480 Boot (0x1200) (db4f7fe5a65e7dd09e4087b1e9bab509) \Device\Harddisk0\DR0\Partition1
14:19:12.0056 29480 \Device\Harddisk0\DR0\Partition1 - ok
14:19:12.0072 29480 Boot (0x1200) (3d01adb9d1cc018a0e0d11522abf20ad) \Device\Harddisk0\DR0\Partition2
14:19:12.0072 29480 \Device\Harddisk0\DR0\Partition2 - ok
14:19:12.0072 29480 ============================================================
14:19:12.0072 29480 Scan finished
14:19:12.0072 29480 ============================================================
14:19:12.0088 32120 Detected object count: 2
14:19:12.0088 32120 Actual detected object count: 2
14:20:41.0247 32120 Lavasoft Ad-Aware Service ( ForgedFile.Multi.Generic ) - skipped by user
14:20:41.0247 32120 Lavasoft Ad-Aware Service ( ForgedFile.Multi.Generic ) - User select action: Skip
14:20:41.0247 32120 nv ( ForgedFile.Multi.Generic ) - skipped by user
14:20:41.0247 32120 nv ( ForgedFile.Multi.Generic ) - User select action: Skip


"Skip" was the default option for both detected objects so I'm not sure if that worked the way it should. I wasn't able to find any kind of log from when I ran combofix previously. Hopefully some of this proves to be helpful.

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 AM

Posted 09 April 2012 - 09:59 AM

Hello Gonthor,

Please unistall your current version of Malwarebytes and do the following:

I'd like you to run a scan with MBAM:

Please download Malwarebytes' Anti-Malware and save it to your desktop.

Download Link 1

Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

===================================================================================



In your next reply, please copy/paste the contents of the following:
  • MBAM Log


How is your machine running now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 Gonthor

Gonthor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 09 April 2012 - 12:44 PM

Here is the MBAM Log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alex Spadoni :: STUMPYX [administrator]

4/9/2012 10:21:30 AM
mbam-log-2012-04-09 (10-21-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230134
Time elapsed: 17 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Alex Spadoni\Local Settings\Temp\mor.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)


My computer seems to be running more smoothly but I still feel like it might be slower than after I noticed the infection, although it's certainly possible I'm imagining it or that all my previous spyware removal attempts have taken a toll on my computer's performance.

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 AM

Posted 09 April 2012 - 06:17 PM

Hello Gonthor,

..but I still feel like it might be slower than after I noticed the infection,

Some tools may make a reboot slower but that should be ok on next boot.

Logs are looking better.

I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


In your next reply, please copy/paste the contents of the following:
  • ESETScan


How is your machine looking now? What issues are you seeing?

Edited by ratman, 09 April 2012 - 06:18 PM.

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 Gonthor

Gonthor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 10 April 2012 - 03:43 PM

This scan seemed to have found quite a few things:

C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\1\18f94b81-5c89fc6c Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\19\5d5daf93-706735ac a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\26\44353a1a-71709fd3 Java/Exploit.Blacole.AN trojan deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\37\1e0742a5-2a80ead0 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\40\ef0ef68-2694030d Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\41\418b0369-22072ac1 Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\43\58630b2b-4ea00c96 Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\43\939556b-1f90eaa5 multiple threats deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\47\6cde0e2f-662b36d2 multiple threats deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\57\6fd76cb9-4e5a7e3b a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\6.0\61\49b8f3bd-2202073e probably a variant of Java/Exploit.CVE-2012-0507.C trojan deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmaudio.jar-4d1d52c5-5a885ad0.zip Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Documents and Settings\Alex Spadoni\Desktop\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Alex Spadoni\Local Settings\Temp\ICReinstall\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\redbook.sys.vir a variant of Win32/Rootkit.Kryptik.KD trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04062012_141503\C_Documents and Settings\Alex Spadoni\Application Data\608.tmp a variant of Win32/Kryptik.ACSS trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04062012_141503\C_Documents and Settings\Alex Spadoni\Local Settings\Application Data\rkpoirk(2).dll a variant of Win32/TrojanProxy.Agent.NIM trojan cleaned by deleting - quarantined


My computer is definitely running better but I notice small things that stand out to me more than, say, a few weeks ago. Firefox taking 5+ seconds longer to open sometimes, my mouse becoming unmovable for a couple seconds when nothing much should be going on, etc. Just small things like that. I may be overreacting to things at this point though so maybe it's best not to put too much weight on how I judge my computer's performance.

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 AM

Posted 10 April 2012 - 04:44 PM

Hello Gonthor,

Looks good. What was found and removed by ESET was in Java Cache folder. Just for peace of mind we'll do another clean.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
===================================================================

Please run another scan with ESET and post the log in your next reply.

====================================================================
In your next reply, please copy/paste the contents of the following:
  • OTL Report
  • ESETScan
How is your machine looking now?




=================================================================
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 Gonthor

Gonthor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 11 April 2012 - 07:13 AM

Here's the OLT Report:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1659805 bytes
->Temporary Internet Files folder emptied: 784786 bytes

User: Alex Spadoni
->Temp folder emptied: 1225432901 bytes
->Temporary Internet Files folder emptied: 220293536 bytes
->Java cache emptied: 11963141 bytes
->FireFox cache emptied: 641777111 bytes
->Google Chrome cache emptied: 218850579 bytes
->Flash cache emptied: 60635 bytes

User: All Users

User: Default User
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10439012 bytes

User: NetworkService
->Temp folder emptied: 16878 bytes
->Temporary Internet Files folder emptied: 156658778 bytes
->Java cache emptied: 923 bytes
->Flash cache emptied: 300 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 496957 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 220656562 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 478329 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,584.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04112012_030011

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Running ESET again resulted in no items detected, which is reassuring.

Computer seems fine as far as I can tell, although I admit I've been busy and haven't been using it as much this week. The only thing that concerns me is that since I don't have any experience looking at any of these logs, I can't tell if we've found what ComboFix identified as Rootkit.ZeroAccess. None of the other spyware removal tools I attempted to use on my own before coming here were able to identify it as that. Although I think I remember seeing something listed as "sirefef" in one of the scans at one point. But if you think the steps you've walked me through have taken care of this, I'll take your word for it.

#12 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 AM

Posted 11 April 2012 - 07:43 AM

Hello Gonthor,

Good work - your computer is clean :thumbsup:

ZeroAccess has been removed from your machine. You have no active malware installed.

Just a couple of housekeeping tasks now.:

We need to bring your Java up to date.

  • Update your Java version here:

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====================================================================================

We need to delete ComboFix:

Please rename ComboFix.exe (right click ComboFix and select Rename) to Uninstall.exe and double click on it.

====================================================================================

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

==========================================================================

Except for Malwarebytes, you can simply delete all other tools we used as they don't un-install.


Things to do to stay safe:

  • Make sure Windows Updates (including Internet Explorer) are current. Follow instructions here
  • Run Malwarebytes "Quick scan" once in a week to assure safety of your computer.
  • Download and install Secunia Personal Software Inspector (PSI): The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
  • When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
  • Read How did I get infected?, With steps so it does not happen again!

Happy and safe surfing!


Can you reply to say whether you have any more issues or not. If not we can close this topic.





regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#13 Gonthor

Gonthor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 12 April 2012 - 04:38 AM

Followed all of your steps and everything seems great. I'll try to be safer from now on. Thanks a ton for all your help and patience. I had just about given up on trying to solve this myself and you made it seem fairly easy in comparison. I appreciate everything you've done for me. Thanks again!

#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 AM

Posted 12 April 2012 - 04:47 AM

You are very welcome.

Glad we could help :)
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 AM

Posted 12 April 2012 - 04:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users