Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Typing Latency et al


  • Please log in to reply

#1
daba

daba

    Member

  • Member
  • PipPipPip
  • 367 posts
Here you go Elise:

Ok here's the OTL:

OTL logfile created on: 2/4/2011 11:31:19 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 75.38 Gb Free Space | 77.19% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 2.92 Gb Free Space | 4.28% Space Free | Partition Type: NTFS
Drive E: | 66.86 Gb Total Space | 31.18 Gb Free Space | 46.64% Space Free | Partition Type: NTFS
Drive F: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL-INSP5151 | User Name: dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/04 23:29:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
PRC - [2011/01/08 11:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/12/15 16:55:46 | 000,944,496 | ---- | M] (Opera Software) -- C:\Program Files\Opera 10 Beta\opera.exe
PRC - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/30 18:13:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/14 00:46:38 | 000,107,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/06/12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/02/17 00:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/07/17 15:09:06 | 000,090,112 | ---- | M] () -- C:\Program Files\M-Audio CMIDI\MA_CMIDI_Inst.exe


========== Modules (SafeList) ==========

MOD - [2011/02/04 23:29:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand | Stopped] -- -- (WLSetupSvc)
SRV - File not found [Auto | Stopped] -- -- (szserver)
SRV - File not found [Auto | Stopped] -- -- (sp_rssrv)
SRV - File not found [Auto | Stopped] -- -- (PSI_SVC_2)
SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)
SRV - File not found [Auto | Stopped] -- -- (CCALib8)
SRV - [2010/12/22 17:04:06 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/11/07 04:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2005/07/17 15:09:06 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio CMIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2004/02/26 21:17:28 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - [2010/12/21 23:59:36 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/30 18:13:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/04 21:34:27 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/12 20:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/03 16:25:28 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2010/07/13 08:48:52 | 000,044,672 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 16:36:28 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/11/18 07:33:57 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/18 07:33:56 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/09/28 12:55:28 | 000,018,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/21 19:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/18 19:33:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/19 12:44:54 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/25 15:29:26 | 000,054,912 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2008/08/01 06:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/08 14:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DPV)
DRV - [2008/05/08 14:52:54 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_HWAZL.sys -- (HSFHWAZL)
DRV - [2008/05/08 14:52:50 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/29 17:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/04/14 02:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/07 04:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/16 17:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fanio.sys -- (fanio)
DRV - [2006/12/29 00:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/10/26 16:48:38 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2005/07/13 21:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2004/08/04 18:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/05/21 10:50:00 | 000,068,886 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/05/21 10:50:00 | 000,052,166 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (L8042Pr2)
DRV - [2002/05/21 10:50:00 | 000,023,270 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.sys -- (LHidFlt2)
DRV - [2002/05/21 10:50:00 | 000,005,846 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60341
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...11?_IceUrl=true

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.c...11?_IceUrl=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.infowars.com/
IE - HKCU\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/27 15:32:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/27 15:32:01 | 000,000,000 | ---D | M]

[2010/11/26 08:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell\Application Data\Mozilla\Extensions
[2010/10/24 16:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell\Application Data\Mozilla\Extensions\net.openvpn.client
[2009/08/23 10:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell\Application Data\Mozilla\Extensions\[email protected]
[2011/01/28 15:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions
[2010/06/06 18:56:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/28 14:14:22 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/01/28 14:14:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/24 17:19:57 | 000,000,000 | ---D | M] ("Better Flickr") -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\[email protected]
[2010/10/30 21:03:19 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese and Chinese Translator) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\[email protected]
[2010/12/11 08:14:04 | 000,000,000 | ---D | M] (Popup Chinese Dictionary) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\[email protected]
[2010/12/10 06:10:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\[email protected]
[2010/12/10 06:10:03 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\[email protected]
[2010/09/06 22:58:50 | 000,000,000 | ---D | M] (Free Hide IP) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\x6gipsvk.default\extensions\[email protected]
[2011/01/28 15:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/27 22:43:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/27 22:42:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/12 16:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2011/01/27 22:39:11 | 000,429,337 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 76.13.18.78 farm3.static.flickr.com
O1 - Hosts: 76.13.18.79 farm5.static.flickr.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 14782 more lines...
O2 - BHO: (IE2EMBHO Class) - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dll (VeryCD.com)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll (PIPI Tech.)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\easyMule\emule.exe (http://www.verycd.com)
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\dell\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm ()
O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\TcpIPDogL.dll (城市热点资讯有限公司)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\TcpIPDogL.dll (城市热点资讯有限公司)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\TcpIPDogL.dll (城市热点资讯有限公司)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\TcpIPDogL.dll (城市热点资讯有限公司)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\TcpIPDogL.dll (城市热点资讯有限公司)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner 4.0 Launcher)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/12 16:59:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/31 16:30:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dell\Recent
[2011/01/28 12:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell\Desktop\Devpics
[2011/01/27 21:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell\Desktop\V
[2011/01/26 15:37:51 | 000,000,000 | ---D | C] -- D:\My Documents\QiTaiGong
[2011/01/22 12:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXresizer
[2011/01/22 12:56:33 | 001,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2011/01/22 12:56:33 | 000,991,232 | ---- | C] (Viscom Software ) -- C:\WINDOWS\System32\imageviewer2.ocx
[2011/01/22 12:56:33 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\threed32.ocx
[2011/01/22 12:56:32 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2011/01/22 12:56:32 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\WINDOWS\System32\ccrpfd6.ocx
[2011/01/22 12:56:32 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpbds6.dll
[2011/01/22 12:56:32 | 000,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\System32\mbprgbar.ocx
[2011/01/22 12:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\PIXresizer
[2011/01/16 08:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell\Application Data\Real
[2011/01/15 14:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell\Application Data\Mchid
[2011/01/15 14:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell\Application Data\Livestation
[2011/01/15 14:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell\Livestation
[2011/01/15 14:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/01/15 14:03:20 | 000,413,696 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/01/15 14:03:19 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011/01/12 18:07:24 | 000,000,000 | ---D | C] -- C:\ClavisVList
[2011/01/08 11:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/01/08 11:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/01/08 09:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dell\Start Menu\Programs\Clavis Sinica 5.0
[2011/01/08 09:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Clavis Sinica 5.0
[2011/01/08 09:34:33 | 001,339,544 | ---- | C] (Dynamic Internet Technology, Inc.) -- C:\Documents and Settings\dell\Desktop\FreeU17.exe
[2009/02/26 13:43:51 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/04 22:59:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1957994488-725345543-1003UA.job
[2011/02/04 20:40:28 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D9ABFDCB-870E-4243-B2E6-594742AB73B6}.job
[2011/02/04 20:37:57 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\dell\Desktop\freeu.ini
[2011/02/03 21:38:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/03 21:36:34 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/02/03 21:36:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/02/03 21:36:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1957994488-725345543-1003.job
[2011/02/03 21:35:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/03 21:35:24 | 2011,168,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/03 21:21:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/03 20:45:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1957994488-725345543-1003.job
[2011/02/03 15:10:00 | 000,695,934 | ---- | M] () -- C:\Documents and Settings\dell\Desktop\5412759786_5cc6408205_b.jpg
[2011/02/02 12:59:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1957994488-725345543-1003Core.job
[2011/01/29 17:33:23 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/01/27 22:39:11 | 000,429,337 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/27 09:04:45 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\PIXresizer.lnk
[2011/01/26 10:39:05 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/01/23 23:14:28 | 000,428,651 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110127-223911.backup
[2011/01/23 22:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/01/22 10:33:22 | 000,039,126 | ---- | M] () -- D:\My Documents\VCol.jpg
[2011/01/19 18:02:53 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\dell\Desktop\~$alasis of Exam Result.doc
[2011/01/18 15:33:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\dell\Desktop\~$S 1 Final Exam A Answer Key Outline (completed)-1.doc
[2011/01/17 14:34:16 | 000,174,593 | ---- | M] () -- D:\My Documents\Lion_Jew[1].pdf
[2011/01/16 16:18:52 | 000,029,696 | ---- | M] () -- D:\My Documents\Aniston.doc
[2011/01/15 14:03:21 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/01/15 14:03:20 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011/01/15 13:08:42 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2011/01/15 12:37:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FreeU17.exe.lnk
[2011/01/15 12:33:33 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Clavis.lnk
[2011/01/15 12:33:09 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/01/13 09:29:59 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/01/10 18:03:39 | 000,428,651 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110123-231427.backup
[2011/01/08 11:07:27 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Movies & Games.lnk
[2011/01/08 09:34:56 | 001,339,544 | ---- | M] (Dynamic Internet Technology, Inc.) -- C:\Documents and Settings\dell\Desktop\FreeU17.exe
[2011/01/06 14:43:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/03 15:09:58 | 000,695,934 | ---- | C] () -- C:\Documents and Settings\dell\Desktop\5412759786_5cc6408205_b.jpg
[2011/01/27 09:04:45 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\PIXresizer.lnk
[2011/01/22 10:33:22 | 000,039,126 | ---- | C] () -- D:\My Documents\VCol.jpg
[2011/01/19 18:02:53 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\dell\Desktop\~$alasis of Exam Result.doc
[2011/01/18 15:33:30 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\dell\Desktop\~$S 1 Final Exam A Answer Key Outline (completed)-1.doc
[2011/01/17 14:34:16 | 000,174,593 | ---- | C] () -- D:\My Documents\Lion_Jew[1].pdf
[2011/01/16 16:17:45 | 000,029,696 | ---- | C] () -- D:\My Documents\Aniston.doc
[2011/01/15 13:08:42 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2011/01/15 12:37:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FreeU17.exe.lnk
[2011/01/15 12:36:50 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\dell\Desktop\freeu.ini
[2011/01/15 12:36:13 | 000,002,678 | ---- | C] () -- D:\My Documents\images.jpeg
[2011/01/15 12:33:33 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Clavis.lnk
[2011/01/15 12:33:09 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\dell\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/01/08 11:15:07 | 000,041,984 | ---- | C] () -- D:\My Documents\Record of Excluding Student Final__ Exam Participation.doc
[2011/01/08 11:08:20 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1957994488-725345543-1003.job
[2011/01/08 11:08:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1957994488-725345543-1003.job
[2011/01/08 11:07:27 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Movies & Games.lnk
[2010/09/28 21:35:37 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\TcpIpDog3.dll
[2010/09/28 21:04:33 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\TcpIpDog2.dll
[2010/09/28 17:02:06 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\TcpIpDog1.dll
[2010/09/27 18:54:47 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\TcpIpDogR0.dll
[2010/08/10 12:41:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/08/10 12:41:03 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/08/10 12:41:03 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2010/07/14 23:04:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/28 21:11:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B7A857D478.sys
[2010/02/06 17:10:20 | 000,000,249 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2010/02/01 11:44:17 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/11/04 17:15:22 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\dell\Application Data\pwpe_wiki_ini.conf
[2009/09/15 09:49:30 | 000,009,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/09/15 09:49:30 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\67E0C4302A.sys
[2009/09/04 10:52:37 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/08/23 22:36:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AvDetected.ini
[2009/08/23 16:03:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\dell\Local Settings\Application Data\housecall.guid.cache
[2009/08/18 19:52:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/26 14:18:29 | 001,361,718 | ---- | C] () -- C:\Documents and Settings\dell\Application Data\ZBWallpaper_1.bmp
[2009/06/26 14:17:40 | 001,361,718 | ---- | C] () -- C:\Documents and Settings\dell\Application Data\ZBWallpaper.bmp
[2009/05/19 12:44:54 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/02/26 13:43:52 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2009/02/26 13:43:52 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2009/02/26 13:43:51 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/15 09:35:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CEA_Crypt.dll
[2008/11/21 10:33:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/11/18 22:08:35 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MagicPlayDVD.ini
[2008/11/18 14:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2008/11/18 09:59:09 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\dell\Local Settings\Application Data\fusioncache.dat
[2008/11/17 21:08:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/11/14 22:54:43 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2008/11/14 22:54:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2008/11/14 22:54:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/11/13 20:38:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\RsConfig.ini
[2008/11/13 11:23:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/13 11:23:45 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 11:21:10 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/13 10:59:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/13 09:10:16 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/11/13 09:10:14 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/11/13 00:45:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/07 04:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2003/09/23 20:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 22:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/09 08:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 2/4/2011 11:31:19 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 75.38 Gb Free Space | 77.19% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 2.92 Gb Free Space | 4.28% Space Free | Partition Type: NTFS
Drive E: | 66.86 Gb Total Space | 31.18 Gb Free Space | 46.64% Space Free | Partition Type: NTFS
Drive F: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL-INSP5151 | User Name: dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera 10 Beta\Opera.exe (Opera Software)
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera 10 Beta\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] --
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] --
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Opera 10 Beta\opera.exe" = C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector
"D:\Downloads\utorrent.exe" = D:\Downloads\utorrent.exe:*:Enabled:|¨?Torrent -- (BitTorrent, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:μTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\dell\desktop\Dr.COM Authenticate Client\ishare_user.exe" = C:\Documents and Settings\dell\desktop\Dr.COM Authenticate Client\ishare_user.exe:*:Enabled:ishare_user -- ()
"E:\Dr.COM宽带认证客户端\ishare_user.exe" = E:\Dr.COM宽带认证客户端\ishare_user.exe:*:Enabled:Dr.COM 宽带认证客户端程序 -- (城市热点有限公司)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.43_1111\ThunderPlatform.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.43_1111\ThunderPlatform.exe:*:Enabled:ThunderPlatform1.1.2.43 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.43_1111\ThunderLiveUD.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.43_1111\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD1.1.2.43 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.43_1111\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\TP\Ver1\1.1.2.43_1111\XLBugReport.exe:*:Enabled:XLBugReport1.1.2.43 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\easyMule\emule.exe" = C:\Program Files\easyMule\emule.exe:*:Enabled:easyMule -- (http://www.verycd.com)
"C:\Documents and Settings\dell\desktop\FreeU17.exe" = C:\Documents and Settings\dell\desktop\FreeU17.exe:*:Enabled:Fast and Secure Gateway to Internet Freedom -- (Dynamic Internet Technology, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1100_series" = Canon iP1100 series
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B4FCBCD-3C07-4743-BC5A-8101836585C7}" = Simplified Chinese TTS
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = CMIDI
"{3AC275FB-658D-43DA-A04D-9B2E30E517B2}" = Palm
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DC
  • 0

Advertisements


#2
Elise

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
First of all, I recommend you to uninstall StopZilla, its known to slow things down/throw errors.


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.
  • 0

#3
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts
Hi Elise,

Wow! So shocked to hear that Stopzilla is still on my system. Bit of a story to it: I actually bought it two or three years ago because it was on offer. However I was scammed. The price they quoted was not the price billed. They billed for the full amount and then you can get a 'rebate' three months later. It's a clear case of fraudulent misrepresentation and I tried but failed to get them to stop. It's a well-documented rebate scam. I had removed it years back, or so I thought. How do I remove it now? It does not show on Add or Remove or Revo Uninstaller. Thanks for the heads-up.

Also, strangely under my IE manage add-ons I found PIPI Link Helper from Zhejiang Haoying Network Company Ltd. I don't recognise it, although it may be quite innocuous. I simply don't know.

Here's the scan result:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8CE0000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3891200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1CD000 C:\WINDOWS\System32\ati3duag.dll 3821568 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF572000 C:\WINDOWS\System32\ativvaxx.dll 2674688 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAB726000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xB8B91000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1126400 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0xAB5DD000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 987136 bytes (Conexant Systems, Inc., HSF_DP driver)
0xAB52A000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF065000 C:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9E1D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAB34E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9D85000 timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xB89D5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAB49E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA866B000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB8AB3000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xBF182000 C:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xA7C62000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAB6CE000 C:\WINDOWS\system32\DRIVERS\HSF_HWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB8A5B000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8B16000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DF0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA71EC000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAB3BE000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8CA4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAB476000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAB308000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAB450000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA7217000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAB702000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8B6D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8B4A000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAB40B000 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 143360 bytes (-, -)
0xAB42E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAB3E9000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9ED3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB8B2A000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9D6B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EF3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9EAA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8A9C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8F2B000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA8A11000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8B05000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB8CCC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAB4F7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EC1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8A8B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8B19000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0xBA178000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB9695000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys 65536 bytes (Logitech, Logitech Mouse Filter Driver)
0xB9685000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0C8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB7EA5000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA128000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB96C5000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8BAB000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8613000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0D8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0A8000 szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB96B5000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB9675000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0F8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xB96A5000 C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys 49152 bytes (Logitech, Logitech PS/2 Mouse Filter)
0xB9655000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB7E65000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0E8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9665000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0B8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8643000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB9635000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xBA108000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB7E25000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB7E35000 C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 36864 bytes (Windows ® Codename Longhorn DDK provider, KMWDFilter Driver from UASSOFT.COM)
0xB9645000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB7E75000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7326000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA138000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB7E15000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xBA3A0000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB7F0D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB7EF5000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA340000 risdptsk.sys 28672 bytes (REDC, RICOH SD/MMC Driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\tap0901.sys 28672 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB7EED000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys 24576 bytes (Logitech, Logitech HID Filter Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB7EFD000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB7F05000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xB7F1D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB7F15000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA3F0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9CF2000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB909E000 C:\WINDOWS\system32\drivers\fanio.sys 16384 bytes (Christian Diefer, I8k Fan I/O)
0xA8C13000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB90AA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xBA5A4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9CEA000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA594000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB79A2000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9CEE000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB7992000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA630000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBA628000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA626000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA652000 C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS 8192 bytes
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E6000 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys 8192 bytes (Logitech, Logitech Keyboard Filter Driver)
0xBA62A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA62C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5E8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA622000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6E3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA799000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA68C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x8055C700 Faked ServiceTable-->MA_CMIDI_Inst.exe [ ETHREAD 0x89C85BC8 ] TID: 192
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89D399E8 ] TID: 220, 3276870 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89BE4DA8 ] TID: 224, 458761 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C83DA8 ] TID: 232, 4522034 bytes
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x89972C20 ] TID: 236, 479176 bytes
0x8055C700 Faked ServiceTable-->avshadow.exe [ ETHREAD 0x89C8FDA8 ] TID: 240
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CA6B30 ] TID: 244
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89D32DA8 ] TID: 252
0x8055C700 Faked ServiceTable-->stacsv.exe [ ETHREAD 0x89C39B30 ] TID: 284
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89D3CDA8 ] TID: 288
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89D3CB30 ] TID: 292, 8781826 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89828C98 ] TID: 312
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BE9950 ] TID: 316, 8781826 bytes
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89CB3B60 ] TID: 320
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8977CAD8 ] TID: 352, 8781836 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D1C950 ] TID: 368
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D2ADA8 ] TID: 376, 8781845 bytes
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89BF38B8 ] TID: 392
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A22D10 ] TID: 404, 8781858 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D3FDA8 ] TID: 416
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D08DA8 ] TID: 424
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8993ABF8 ] TID: 452
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BC6B30 ] TID: 456
0x8055C700 Faked ServiceTable-->sched.exe [ ETHREAD 0x89D0CB28 ] TID: 472
0x8055C700 Faked ServiceTable-->sched.exe [ ETHREAD 0x89D0F9E8 ] TID: 484
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C81DA8 ] TID: 488
0x8055C700 Faked ServiceTable-->sched.exe [ ETHREAD 0x89D0DDA8 ] TID: 492, 8781864 bytes
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89CA88B8 ] TID: 496
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BE9BC8 ] TID: 532
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D06DA8 ] TID: 540
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89679AE0 ] TID: 548
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CFC9E8 ] TID: 552
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CFD9E8 ] TID: 556
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CFBDA8 ] TID: 560
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x8A66C8B8 ] TID: 568
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89CE1DA8 ] TID: 588
0x8055C700 Faked ServiceTable-->sched.exe [ ETHREAD 0x89D80B30 ] TID: 592
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A118958 ] TID: 652
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A0C7958 ] TID: 664
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A0C8958 ] TID: 668
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x89E1D878 ] TID: 680
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C7EDA8 ] TID: 684
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x8908E560 ] TID: 700
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BCADA8 ] TID: 708
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C6DBC8 ] TID: 712
0x8055C700 Faked ServiceTable-->sched.exe [ ETHREAD 0x89CF3958 ] TID: 716
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C60BC8 ] TID: 728
0x8055C700 Faked ServiceTable-->stacsv.exe [ ETHREAD 0x89C4DDA8 ] TID: 736
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C5AB30 ] TID: 748
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C83B30 ] TID: 752
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C63DA8 ] TID: 756
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C89DA8 ] TID: 760
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89B0FDA8 ] TID: 764
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8991EC10 ] TID: 768
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A85DA8 ] TID: 776
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x898EEDA8 ] TID: 792
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x89675900 ] TID: 808
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x8990DBC8 ] TID: 820
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896F8DA8 ] TID: 840
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C4CDA8 ] TID: 864
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C3FDA8 ] TID: 868, 6094963 bytes
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x8A3F6800 ] TID: 872
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C5FBC8 ] TID: 892
0x8055C700 Faked ServiceTable-->stacsv.exe [ ETHREAD 0x89C3BDA8 ] TID: 896
0x8055C700 Faked ServiceTable-->stacsv.exe [ ETHREAD 0x89C419E8 ] TID: 900
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89CF4DA8 ] TID: 904
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89964020 ] TID: 916
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89CD9DA8 ] TID: 920
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x8990D950 ] TID: 928
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CE6B30 ] TID: 932
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x898FFDA8 ] TID: 936, 3145776 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89889B40 ] TID: 940
0x8055C700 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x89CBAB30 ] TID: 960, 3801155 bytes
0x8055C700 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x89CBFB28 ] TID: 964
0x8055C700 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x89CC9BC8 ] TID: 968, 5374020 bytes
0x8055C700 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x89CBBDA8 ] TID: 972
0x8055C700 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x89CA2958 ] TID: 976, 5374020 bytes
0x8055C700 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x89C999E8 ] TID: 980
0x8055C700 Faked ServiceTable-->stacsv.exe [ ETHREAD 0x89C0FBC8 ] TID: 984
0x8055C700 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x89C98950 ] TID: 988
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C17DA8 ] TID: 1004, 5374020 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D22910 ] TID: 1008
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C11BC8 ] TID: 1012, 7471204 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89AE7DA8 ] TID: 1016
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C1DDA8 ] TID: 1020, 1279848 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C26DA8 ] TID: 1028
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x89DFBBE0 ] TID: 1032
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8952EA88 ] TID: 1040
0x8055C700 Faked ServiceTable-->stacsv.exe [ ETHREAD 0x89F918E8 ] TID: 1044
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895EB898 ] TID: 1048
0x8055C700 Faked ServiceTable-->PhotoScape.exe [ ETHREAD 0x899958B0 ] TID: 1064
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x8994BDA8 ] TID: 1076
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89CBCB30 ] TID: 1080
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D21B30 ] TID: 1088
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A66D8C8 ] TID: 1096
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89CB2B28 ] TID: 1112
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89C92DA8 ] TID: 1116
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89C9B958 ] TID: 1132
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89C9A9E8 ] TID: 1136
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89C8A9E8 ] TID: 1140
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89CB7BC0 ] TID: 1148
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x898E6A08 ] TID: 1156
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C7E958 ] TID: 1184
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C81B30 ] TID: 1188
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89EC7968 ] TID: 1196
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C8CDA8 ] TID: 1200, 32 bytes
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x89EC69E8 ] TID: 1204
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8A6B79F0 ] TID: 1224
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C8C950 ] TID: 1248
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89ED6478 ] TID: 1256
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A61D950 ] TID: 1260
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89EA2020 ] TID: 1268
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A0CDA8 ] TID: 1276
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89E78020 ] TID: 1296, 7471211 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89E9E020 ] TID: 1300
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89ED3560 ] TID: 1304
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89EDEB10 ] TID: 1308
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89E832A0 ] TID: 1312
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89EC66B0 ] TID: 1316
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89EC6438 ] TID: 1320
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89EC61C0 ] TID: 1324
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x8A669DA8 ] TID: 1328, 5505106 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89CFEB68 ] TID: 1332
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89EE6DA8 ] TID: 1340
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8929F560 ] TID: 1348
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89EE4DA8 ] TID: 1364
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89EAADA8 ] TID: 1368
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x898C7CC0 ] TID: 1372
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89E52DA8 ] TID: 1384, 3801155 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89DFDDA8 ] TID: 1396, 4587620 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89DEEDA8 ] TID: 1400
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89DEEB30 ] TID: 1404
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89DE7BC8 ] TID: 1408
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89D74DA8 ] TID: 1412
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89DE4DA8 ] TID: 1420
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x8965A9C8 ] TID: 1424
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89DE0950 ] TID: 1428
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89DE3DA8 ] TID: 1436, 7209051 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89EDADA8 ] TID: 1444
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89D89DA8 ] TID: 1448
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x899279F8 ] TID: 1452
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BC6DA8 ] TID: 1456
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89DBABC8 ] TID: 1492
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89DCCDA8 ] TID: 1512
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x89BC98B0 ] TID: 1524
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BE6DA8 ] TID: 1528, 4718683 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89BD79E8 ] TID: 1532
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DAC958 ] TID: 1536
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DA8B30 ] TID: 1544
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89DD5DA8 ] TID: 1556
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89DC1B58 ] TID: 1576
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DB1DA8 ] TID: 1592
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DB1B30 ] TID: 1596
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DB18B8 ] TID: 1600, 6094963 bytes
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x89CF2CD8 ] TID: 1604
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DA39E8 ] TID: 1608
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DA0DA8 ] TID: 1612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DD9C08 ] TID: 1616
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DA7DA8 ] TID: 1620
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DC09E8 ] TID: 1624
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DA4BC8 ] TID: 1628
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D9FB30 ] TID: 1636
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89C90BD0 ] TID: 1640
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89FACBA8 ] TID: 1652
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BDCDA8 ] TID: 1656
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89E7EDA8 ] TID: 1668
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BCFBC8 ] TID: 1696
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89A538A8 ] TID: 1700
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8972D870 ] TID: 1704
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D35A08 ] TID: 1708, 6619256 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C57958 ] TID: 1720
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C4D9E8 ] TID: 1724
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C60950 ] TID: 1728
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C45968 ] TID: 1732
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89CFBB30 ] TID: 1736
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89D26DA8 ] TID: 1740
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A05958 ] TID: 1744
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BDBDA8 ] TID: 1752, 4587611 bytes
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x898F8940 ] TID: 1756
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x890B7020 ] TID: 1760
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x8984A9F8 ] TID: 1764
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89082480 ] TID: 1768
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89BC8B30 ] TID: 1780
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8951BDA8 ] TID: 1784
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D97B30 ] TID: 1796
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DC6DA8 ] TID: 1800, 5963776 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DB8DA8 ] TID: 1808
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C01BC8 ] TID: 1812
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D81B38 ] TID: 1832
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89CC08B8 ] TID: 1836
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DB6DA8 ] TID: 1844
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x89B91968 ] TID: 1848
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BC1DA8 ] TID: 1860
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x896A3DA8 ] TID: 1864, 5963776 bytes
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BCAB30 ] TID: 1872
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89CED9E8 ] TID: 1876
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D28B30 ] TID: 1888
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A00DA8 ] TID: 1892
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DBEDA8 ] TID: 1896
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DCBDA8 ] TID: 1900
0x8055C700 Faked ServiceTable-->WLTRYSVC.EXE [ ETHREAD 0x89D86B30 ] TID: 1920
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89961BC8 ] TID: 1932
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89E84938 ] TID: 1936
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8991E998 ] TID: 1940
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BC8DA8 ] TID: 1956
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A089E8 ] TID: 1960
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D47CA0 ] TID: 1964
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89C00BC8 ] TID: 1968
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BDABC8 ] TID: 1972
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898F2BD0 ] TID: 1976
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A6ECD8 ] TID: 1996
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D5EDA8 ] TID: 2004
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D5EB30 ] TID: 2008
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898D9870 ] TID: 2012
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D57958 ] TID: 2028
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D52DA8 ] TID: 2036
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BCF950 ] TID: 2052
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BECBC8 ] TID: 2056
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BEC950 ] TID: 2060
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BD3DA8 ] TID: 2064
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BD3B30 ] TID: 2068
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BD38B8 ] TID: 2072
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BD5DA8 ] TID: 2076
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BD5B30 ] TID: 2080
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89BC4DA8 ] TID: 2084
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A56DA8 ] TID: 2088
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x895F48D0 ] TID: 2108
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x897D4DA8 ] TID: 2112
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89956B98 ] TID: 2116
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DC7DA8 ] TID: 2120
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CB2DA8 ] TID: 2124
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x89769020 ] TID: 2136
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89669BD0 ] TID: 2152
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BB9DA8 ] TID: 2164
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C0DCD0 ] TID: 2168
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89632958 ] TID: 2176
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BCEA08 ] TID: 2184
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BA9DA8 ] TID: 2188
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BA5DA8 ] TID: 2192
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BA29E8 ] TID: 2196
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BB89E8 ] TID: 2204
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A5669D8 ] TID: 2208
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x8970FB90 ] TID: 2228
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89140020 ] TID: 2236
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897B6A00 ] TID: 2240
0x8055C700 Faked ServiceTable-->PhotoScape.exe [ ETHREAD 0x8A425DA8 ] TID: 2264
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x898529E8 ] TID: 2268
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89CC2B30 ] TID: 2288
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B7EBC8 ] TID: 2300
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89B44A38 ] TID: 2320
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x898278A8 ] TID: 2324
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x897FDDA8 ] TID: 2328
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89D8FDA8 ] TID: 2332
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x89A97890 ] TID: 2340
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B78DA8 ] TID: 2364
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B92DA8 ] TID: 2368
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B8CDA8 ] TID: 2372
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C0EDA8 ] TID: 2376, 130 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B7E950 ] TID: 2380, 1399136 bytes
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x89E0B3A8 ] TID: 2392
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BB9B30 ] TID: 2400
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x89BF2DA8 ] TID: 2404
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89AB99F0 ] TID: 2424, 262147 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BE2DA8 ] TID: 2428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B6F958 ] TID: 2444
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8964CCB0 ] TID: 2452
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89FB2BD8 ] TID: 2468, 3127189504 bytes
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x897FBDA8 ] TID: 2500
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x89B6EBD8 ] TID: 2504
0x8055C700 Faked ServiceTable-->PhotoScape.exe [ ETHREAD 0x890B0020 ] TID: 2528
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x89AFCA58 ] TID: 2536
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8993EB30 ] TID: 2540
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89BAC9F0 ] TID: 2544
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x8A5957E0 ] TID: 2572
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x896238B0 ] TID: 2580
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89D8F8B8 ] TID: 2600
0x8055C700 Faked ServiceTable-->PhotoScape.exe [ ETHREAD 0x89799880 ] TID: 2608
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8A54D8C8 ] TID: 2612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8988BC78 ] TID: 2620
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897E9B08 ] TID: 2628
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x898B5DA8 ] TID: 2632
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8968ADA8 ] TID: 2640
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x895D9DA8 ] TID: 2660
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x89EA4278 ] TID: 2664
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89709A78 ] TID: 2676
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x899799F8 ] TID: 2692, 3801155 bytes
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x896F6880 ] TID: 2708
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x896EFCD8 ] TID: 2712
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A4FF9E8 ] TID: 2720
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x89BDEBD8 ] TID: 2736
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x8964EDA8 ] TID: 2744
0x8055C700 Faked ServiceTable-->MDM.EXE [ ETHREAD 0x891CE2D8 ] TID: 2748
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x892AB020 ] TID: 2752
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89F93DA8 ] TID: 2760
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8A543DA8 ] TID: 2768
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895B0888 ] TID: 2776
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x8975BDA8 ] TID: 2780
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89B6DDA8 ] TID: 2800
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89B46DA8 ] TID: 2804
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89B64DA8 ] TID: 2808
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89B34DA8 ] TID: 2812
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89B34B30 ] TID: 2816
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89B51DA8 ] TID: 2820
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89B20DA8 ] TID: 2824
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89B20B30 ] TID: 2828
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x897A4DA8 ] TID: 2836
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8967CA50 ] TID: 2840
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x8A3F43E0 ] TID: 2844
0x8055C700 Faked ServiceTable-->stsystra.exe [ ETHREAD 0x8909BDA8 ] TID: 2848
0x8055C700 Faked ServiceTable-->PhotoScape.exe [ ETHREAD 0x8A05D880 ] TID: 2852
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BC7BD0 ] TID: 2860
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x8A056B30 ] TID: 2896
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A7ABF8 ] TID: 2900
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B9DDA8 ] TID: 2904
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897CCBC8 ] TID: 2908
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x89948B30 ] TID: 2932
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890924D8 ] TID: 2948
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x898B09B8 ] TID: 2988
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89A609E8 ] TID: 2992
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x8A678DA8 ] TID: 2996
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B18BC8 ] TID: 3032
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B18950 ] TID: 3036
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B1DDA8 ] TID: 3040
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89989D10 ] TID: 3052
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B16958 ] TID: 3084
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B319E8 ] TID: 3088
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B33DA8 ] TID: 3092
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B3BDA8 ] TID: 3096
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B37DA8 ] TID: 3100
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B89CA0 ] TID: 3104
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8908C8D0 ] TID: 3108
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B13958 ] TID: 3120
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89E979C0 ] TID: 3124
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x89A3AC20 ] TID: 3152
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B28DA8 ] TID: 3164
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89985870 ] TID: 3180
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x89967DA8 ] TID: 3184
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8977CDA8 ] TID: 3192
0x8055C700 Faked ServiceTable-->PhotoScape.exe [ ETHREAD 0x89AF5C70 ] TID: 3200
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89AF8DA8 ] TID: 3204
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x891CE020 ] TID: 3216
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89990CA0 ] TID: 3224
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x899229E8 ] TID: 3236
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x895FB890 ] TID: 3240
0x8055C700 Faked ServiceTable-->RichVideo.exe [ ETHREAD 0x88E2B268 ] TID: 3244
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x898F1C18 ] TID: 3256
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x898F19A0 ] TID: 3260
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x898FE950 ] TID: 3268
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B06DA8 ] TID: 3280
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89CF8BE0 ] TID: 3296
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89AFCDA8 ] TID: 3304
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x890A68A8 ] TID: 3332
0x8055C700 Faked ServiceTable-->WLTRAY.EXE [ ETHREAD 0x89CF6C00 ] TID: 3360
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89623DA8 ] TID: 3364
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x8A587A60 ] TID: 3368
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A669A8 ] TID: 3376
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x899E5DA8 ] TID: 3380
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x899FF958 ] TID: 3384
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x896E0DA8 ] TID: 3404
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x8991F988 ] TID: 3420
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89FABD18 ] TID: 3428
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x898008B0 ] TID: 3456
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8A511560 ] TID: 3496
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89514DA8 ] TID: 3516
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89823928 ] TID: 3524
0x8055C700 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89A99B30 ] TID: 3536
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895B8DA8 ] TID: 3544
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A2D9A0 ] TID: 3548
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89AB0990 ] TID: 3560
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890A9A38 ] TID: 3588
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88CF3020 ] TID: 3592
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x895179F8 ] TID: 3596
0x8055C700 Faked ServiceTable-->WLTRAY.EXE [ ETHREAD 0x89AF1DA8 ] TID: 3604
0x8055C700 Faked ServiceTable-->avgnt.exe [ ETHREAD 0x89A7CB30 ] TID: 3624
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88F26420 ] TID: 3632
0x8055C700 Faked ServiceTable-->stsystra.exe [ ETHREAD 0x89A8DC70 ] TID: 3640
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8965FC98 ] TID: 3660
0x8055C700 Faked ServiceTable-->WLTRAY.EXE [ ETHREAD 0x8A587020 ] TID: 3676
0x8055C700 Faked ServiceTable-->stsystra.exe [ ETHREAD 0x89A74DA8 ] TID: 3692
0x8055C700 Faked ServiceTable-->stsystra.exe [ ETHREAD 0x89A78B30 ] TID: 3696
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x89A8CB30 ] TID: 3720
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x89A559E8 ] TID: 3728
0x8055C700 Faked ServiceTable-->WLTRAY.EXE [ ETHREAD 0x89ECF528 ] TID: 3732
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89A959E8 ] TID: 3744
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89E8F820 ] TID: 3772
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89831DA8 ] TID: 3796
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89876A30 ] TID: 3820
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x898D5BD8 ] TID: 3824
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x896E2DA8 ] TID: 3828
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8905A020 ] TID: 3836
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x8988DBC8 ] TID: 3868
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89864BC8 ] TID: 3872
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x898A1C78 ] TID: 3876
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x899ECB30 ] TID: 3880
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89864950 ] TID: 3884
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89DAADA8 ] TID: 3888
0x8055C700 Faked ServiceTable-->iTunes.exe [ ETHREAD 0x89A00AA0 ] TID: 3904
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x899E6DA8 ] TID: 3912
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x8A54CDA8 ] TID: 3924
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897D5968 ] TID: 3932
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896C4DA8 ] TID: 3952
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89920DA8 ] TID: 3956
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89642970 ] TID: 3964
0x8055C700 Faked ServiceTable-->Flickr Uploadr.exe [ ETHREAD 0x8966CD30 ] TID: 3996
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89A65DA8 ] TID: 4004
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x898BDDA8 ] TID: 4008
0x8055C700 Faked ServiceTable-->CLI.exe [ ETHREAD 0x89EF3DA8 ] TID: 4012
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8923A020 ] TID: 4016
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89946870 ] TID: 4020
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x896BDDA8 ] TID: 4032
0x8055C700 Faked ServiceTable-->opera.exe [ ETHREAD 0x895B9020 ] TID: 4036
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89769810 ] TID: 4052
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CE89F8 ] TID: 4072
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8975B898 ] TID: 4084
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C489E8 ] TID: 4092
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [compbatt.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [BCMWL5.SYS]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [sthda.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [Rtnicxp.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [snapman.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [cmbatt.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [battc.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [sp_rsdrv2.sys]
WARNING: Virus alike driver modification [RtHDMIV.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [fanio.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [Apfiltr.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [windrvr.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [PalmUSBD.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [usbohci.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [HSFHWAZL.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [RTL8139.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [HSF_HWAZL.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [avgntmgr.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [LHidFlt2.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [tap0901.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [hamachi.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [Icdusb.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [GEARAspiWDM.sys]
WARNING: Virus alike driver modification [tapvpn.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [risdptsk.sys]
WARNING: Virus alike driver modification [ssmdrv.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [ICDSX.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [wdfldr.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [BCMWLNPF.SYS]
WARNING: Virus alike driver modification [npf.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [rootrepeal.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [tdrpman.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [rixdptsk.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [IcdUsb2.sys]
WARNING: Virus alike driver modification [cercsr6.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [rimsptsk.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [PxHelp20.sys]
WARNING: Virus alike driver modification [timntr.sys]
WARNING: Virus alike driver modification [tifsfilt.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [SDTHOOK.SYS]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [avgntdd.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [irbus.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [wdf01000.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [hpzid412.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [L8042Pr2.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [1394bus.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [fssfltr_tdi.sys]
WARNING: Virus alike driver modification [SZKG.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [LKbdFlt2.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [ohci1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [LMouFlt2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [HSF_CNXT.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [AtiHdAud.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [wmiacpi.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [cdr4_xp.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [cdralw2k.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]
WARNING: Virus alike driver modification [HSF_DP.sys]
WARNING: Virus alike driver modification [HSF_DPV.sys]

Very much appreciate your first-class expertise, as ever :D
  • 0

#4
Elise

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Hi daba, were you able to uninstall Stopzilla now? It is indeed a legit problem, but as you say, their marketing strategy is not always nice.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
  • 0

#5
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts
Hi Elise,

I haven't been able to uninstall Stopzilla. As I said in my last post: 'How do I remove it (Stopzilla) now? It does not show on Add or Remove or Revo Uninstaller.' Please tell me how to uninstall it, thanks.

David
  • 0

#6
Elise

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Sorry for that, I overlooked that. In that case we'll clean up the leftovers manually. Please proceed with combofix.
  • 0

#7
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts
Nothing's ever smooth sailing; Combofix automatically defaults to Chinese characters for users here in China. I don't read them so.....I just clicked on the Yes button which was in English but the prog didn't really run; it started, but then it stopped and didn't proceed. Any ideas? If memory serves, this happened with Combofix when you recommended it to me once before. Unfortunately I don't remember what alternative you recommended...:D

Daba
  • 0

#8
Elise

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Please try this instead.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
  • 0

#9
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts
Hi Elise,

This is the exact same Combofix data you sent me earlier.

Daba
  • 0

#10
Elise

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Wow, sorry, I must have had a blonde moment. :D

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

  • 0

#11
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts
Hi Elise,

Ran it, nothing found.

Is this a known Opera issue: every time I want to open a download it says: No registered application for this extension.

Daba
  • 0

#12
Elise

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Please reboot in safe mode and rerun combofix from there.

As for the download: when does this happen? After you finish the download? If so, verify if the download indeed completed. An incomplete download can cause these errors.
  • 0

#13
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts
Elise hi,

OK, I tried to do as you said but could not get online in safe mode, my broadband wouldn't open so I wasn't able to try the Combofix. Even if I could, how would that prevent it opening in Chinese?

No, this happens before the prog downloads. Actually I believe it's a known Opera issue.

David
  • 0

#14
Elise

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
No problem, just put combofix on the desktop and try it from safe mode, even if the internet doesn't work.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP