Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32 Heur causing multiple computer errors

Started by Joolker , Mar 31 2011 09:50 AM

  • This topic is locked This topic is locked

#31
Joolker
Posted 13 April 2011 - 08:37 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #1
==============================================
>Drivers
==============================================
0x8E404000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7315456 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81C4F000 C:\Windows\system32\ntkrnlpa.exe 3911680 bytes (Microsoft Corporation, NT Kernel & System)
0x81C4F000 PnpManager 3911680 bytes
0x81C4F000 RAW 3911680 bytes
0x81C4F000 WMIxWDM 3911680 bytes
0x96A40000 Win32k 2109440 bytes
0x96A40000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8DE0E000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x89E0D000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x89C09000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8E20D000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804C2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAB28F000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8EC76000 C:\Windows\System32\Drivers\dump_iaStor.sys 851968 bytes
0x82209000 C:\Windows\system32\drivers\iastor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xAA005000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8EAFE000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x82324000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80609000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xAA0B4000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8078B000 C:\Windows\system32\DRIVERS\stwrt.sys 409600 bytes (IDT, Inc., IDT PC Audio)
0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAB201000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8DF56000 C:\Windows\system32\DRIVERS\yk60x86.sys 315392 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x80731000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E36D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80688000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8DFB6000 C:\Windows\system32\DRIVERS\Apfiltr.sys 270336 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8ED73000 C:\Windows\system32\DRIVERS\OA009Vid.sys 270336 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x80481000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8DB63000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8EBB5000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8EC0C000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89D3F000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAA1AB000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x89F1C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89DC8000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81C1C000 ACPI_HAL 208896 bytes
0x81C1C000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x822D9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E33B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DB35000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x823A6000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89D14000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x89D9E000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8DA82000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAB267000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8DA1B000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x89F6C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806DF000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x823D3000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8EDB5000 C:\Windows\system32\DRIVERS\OA009Ufd.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x8DBD1000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89FA4000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x805A2000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAA16C000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xAA18C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAA121000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8E2F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8DA00000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAA13E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DB05000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAA1E4000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8EC52000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8DBAF000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8ED46000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xAB38B000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8E3B5000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E311000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAA157000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89D79000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x89FEA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8ED5F000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0x8E327000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8DFA3000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8DAB6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E3D9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8DAF3000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x89F93000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x82395000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80468000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8230B000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8E3EC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8DA72000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8077B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x89D8E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8DB26000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8EDE3000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x89F5D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80706000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x89FDB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8DAE4000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80722000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x96C80000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8E3CB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x805D6000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8067A000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8EC69000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x89E00000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8EB9D000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0xAB377000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x807EF000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EBF3000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8DE00000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x805CB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8DBC6000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DBA4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8DAD0000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8EBAA000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80718000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8EDD9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8DBF4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8DAAC000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8EC48000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAB36D000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x89FC5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x89C00000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8EDF2000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAB3A1000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8231B000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x805E4000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96C60000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8DADB000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8DB1D000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806CE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xAB383000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver)
0x80479000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80400000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8E200000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806D7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x80600000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x805C3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89F55000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x82200000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EC00000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x823F8000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8DFF8000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8E400000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x80715000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8DFFE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8ED5D000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x04230000 Hidden Image-->msvcm90.dll [ EPROCESS 0x898A8B40 ] PID: 1664, 270336 bytes
0x02600000 Hidden Image-->msvcm90.dll [ EPROCESS 0x89A88890 ] PID: 2296, 270336 bytes
0x01D10000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x89865548 ] PID: 2392, 28672 bytes
0x063B0000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x898A8B40 ] PID: 1664, 4231168 bytes
0x01CF0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x89865548 ] PID: 2392, 45056 bytes
0x046C0000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x898A8B40 ] PID: 1664, 77824 bytes
0x02830000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x89A88890 ] PID: 2296, 77824 bytes
0x01C70000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x89865548 ] PID: 2392, 77824 bytes
  • 0

Advertisements

#32
sempai
Posted 13 April 2011 - 08:52 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Did you run TDSSKiller? Can you please post the log.
  • 0

#33
Joolker
Posted 13 April 2011 - 09:01 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hey yes I did, sorry about that, forgot to attach the log

2011/04/13 15:17:36.0727 5320 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 15:17:37.0227 5320 ================================================================================
2011/04/13 15:17:37.0227 5320 SystemInfo:
2011/04/13 15:17:37.0227 5320
2011/04/13 15:17:37.0227 5320 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/13 15:17:37.0227 5320 Product type: Workstation
2011/04/13 15:17:37.0227 5320 ComputerName: J00LK3R
2011/04/13 15:17:37.0227 5320 UserName: Josh
2011/04/13 15:17:37.0227 5320 Windows directory: C:\Windows
2011/04/13 15:17:37.0227 5320 System windows directory: C:\Windows
2011/04/13 15:17:37.0227 5320 Processor architecture: Intel x86
2011/04/13 15:17:37.0227 5320 Number of processors: 1
2011/04/13 15:17:37.0227 5320 Page size: 0x1000
2011/04/13 15:17:37.0227 5320 Boot type: Normal boot
2011/04/13 15:17:37.0227 5320 ================================================================================
2011/04/13 15:17:37.0679 5320 Initialize success
2011/04/13 15:17:40.0830 5640 ================================================================================
2011/04/13 15:17:40.0830 5640 Scan started
2011/04/13 15:17:40.0830 5640 Mode: Manual;
2011/04/13 15:17:40.0830 5640 ================================================================================
2011/04/13 15:17:42.0531 5640 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys
2011/04/13 15:17:43.0467 5640 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/13 15:17:44.0091 5640 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/13 15:17:44.0652 5640 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/13 15:17:45.0276 5640 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/13 15:17:46.0025 5640 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/13 15:17:46.0665 5640 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/13 15:17:46.0836 5640 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/13 15:17:47.0507 5640 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/13 15:17:47.0788 5640 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/13 15:17:47.0850 5640 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/13 15:17:48.0490 5640 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/13 15:17:48.0630 5640 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/13 15:17:48.0739 5640 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/13 15:17:49.0473 5640 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/13 15:17:50.0097 5640 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/13 15:17:50.0206 5640 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/13 15:17:50.0331 5640 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/04/13 15:17:51.0641 5640 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/13 15:17:51.0984 5640 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/13 15:17:52.0749 5640 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/13 15:17:53.0419 5640 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/13 15:17:54.0137 5640 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/13 15:17:54.0277 5640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/13 15:17:54.0340 5640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/13 15:17:55.0011 5640 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/13 15:17:55.0073 5640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/13 15:17:55.0135 5640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/13 15:17:55.0198 5640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/13 15:17:55.0323 5640 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/13 15:17:56.0243 5640 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/13 15:17:56.0898 5640 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/13 15:17:57.0569 5640 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/13 15:17:57.0663 5640 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2011/04/13 15:17:58.0365 5640 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/13 15:17:58.0599 5640 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/13 15:17:59.0223 5640 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/13 15:17:59.0862 5640 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/13 15:17:59.0956 5640 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/13 15:18:00.0049 5640 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/13 15:18:00.0174 5640 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/13 15:18:00.0861 5640 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
2011/04/13 15:18:01.0516 5640 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/13 15:18:02.0249 5640 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/13 15:18:02.0374 5640 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/13 15:18:02.0452 5640 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/13 15:18:03.0107 5640 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/13 15:18:03.0731 5640 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/13 15:18:04.0511 5640 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/13 15:18:05.0151 5640 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/13 15:18:05.0853 5640 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/13 15:18:05.0977 5640 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/13 15:18:06.0071 5640 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/13 15:18:06.0149 5640 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/13 15:18:06.0211 5640 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/13 15:18:06.0258 5640 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/13 15:18:06.0289 5640 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/13 15:18:06.0695 5640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/13 15:18:07.0459 5640 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/13 15:18:07.0553 5640 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/13 15:18:07.0615 5640 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/13 15:18:07.0725 5640 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/13 15:18:07.0771 5640 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/13 15:18:07.0865 5640 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/04/13 15:18:07.0943 5640 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/13 15:18:08.0614 5640 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/13 15:18:09.0316 5640 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
2011/04/13 15:18:09.0893 5640 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/13 15:18:10.0642 5640 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/13 15:18:11.0281 5640 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/13 15:18:11.0968 5640 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/13 15:18:12.0061 5640 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/13 15:18:12.0779 5640 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/13 15:18:13.0637 5640 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/13 15:18:13.0715 5640 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/13 15:18:13.0824 5640 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/13 15:18:13.0887 5640 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/13 15:18:13.0980 5640 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/13 15:18:14.0074 5640 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/13 15:18:14.0823 5640 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/13 15:18:15.0431 5640 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/13 15:18:16.0180 5640 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/13 15:18:16.0851 5640 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/13 15:18:17.0631 5640 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/13 15:18:17.0724 5640 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/13 15:18:17.0865 5640 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/13 15:18:18.0535 5640 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/13 15:18:19.0159 5640 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/13 15:18:19.0752 5640 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/13 15:18:20.0485 5640 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/13 15:18:20.0719 5640 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/13 15:18:20.0797 5640 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/13 15:18:20.0829 5640 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/13 15:18:20.0875 5640 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/13 15:18:20.0922 5640 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/13 15:18:21.0063 5640 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/13 15:18:21.0359 5640 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/13 15:18:21.0967 5640 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/13 15:18:22.0779 5640 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/13 15:18:23.0434 5640 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/13 15:18:24.0027 5640 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/13 15:18:24.0775 5640 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/13 15:18:25.0680 5640 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/04/13 15:18:26.0289 5640 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/13 15:18:26.0959 5640 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/13 15:18:27.0661 5640 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/13 15:18:27.0833 5640 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/13 15:18:27.0864 5640 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/13 15:18:27.0973 5640 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/13 15:18:28.0020 5640 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/13 15:18:28.0067 5640 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/13 15:18:28.0098 5640 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/13 15:18:28.0145 5640 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/13 15:18:28.0207 5640 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/13 15:18:28.0301 5640 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/04/13 15:18:29.0003 5640 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/13 15:18:29.0627 5640 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/13 15:18:29.0674 5640 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/13 15:18:29.0767 5640 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/13 15:18:30.0376 5640 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/13 15:18:31.0031 5640 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/13 15:18:31.0717 5640 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/13 15:18:31.0827 5640 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/13 15:18:31.0873 5640 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/13 15:18:32.0497 5640 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/13 15:18:33.0184 5640 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/13 15:18:33.0886 5640 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/13 15:18:34.0588 5640 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/13 15:18:35.0103 5640 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/13 15:18:35.0149 5640 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/13 15:18:35.0305 5640 OA009Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA009Ufd.sys
2011/04/13 15:18:35.0976 5640 OA009Vid (d4e1f63a07c58563a73fd5aa20dcfb65) C:\Windows\system32\DRIVERS\OA009Vid.sys
2011/04/13 15:18:36.0694 5640 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/13 15:18:36.0772 5640 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/13 15:18:36.0803 5640 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/13 15:18:36.0850 5640 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/13 15:18:36.0912 5640 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/13 15:18:37.0068 5640 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/13 15:18:37.0645 5640 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/13 15:18:38.0269 5640 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/13 15:18:38.0472 5640 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/13 15:18:38.0519 5640 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/13 15:18:38.0613 5640 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/13 15:18:38.0737 5640 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/13 15:18:39.0377 5640 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/13 15:18:39.0502 5640 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/13 15:18:40.0095 5640 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/13 15:18:40.0812 5640 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/13 15:18:41.0577 5640 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/13 15:18:42.0169 5640 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/13 15:18:42.0762 5640 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/13 15:18:42.0793 5640 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/13 15:18:42.0856 5640 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/13 15:18:42.0965 5640 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/13 15:18:43.0074 5640 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/13 15:18:43.0105 5640 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/13 15:18:43.0152 5640 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/13 15:18:43.0293 5640 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/13 15:18:43.0355 5640 RTSTOR (8f6b5cfcd472fd3e54a68d211ec4617b) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/13 15:18:43.0636 5640 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/13 15:18:44.0322 5640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/13 15:18:44.0962 5640 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/13 15:18:45.0009 5640 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/13 15:18:45.0040 5640 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/13 15:18:45.0118 5640 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/13 15:18:45.0149 5640 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/13 15:18:45.0180 5640 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/13 15:18:45.0227 5640 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/13 15:18:45.0321 5640 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/13 15:18:45.0367 5640 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/13 15:18:45.0414 5640 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/13 15:18:46.0054 5640 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/13 15:18:46.0709 5640 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/13 15:18:46.0803 5640 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/04/13 15:18:46.0943 5640 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/13 15:18:47.0349 5640 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/13 15:18:47.0458 5640 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
2011/04/13 15:18:47.0598 5640 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/13 15:18:48.0269 5640 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/13 15:18:49.0002 5640 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/13 15:18:49.0595 5640 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/13 15:18:49.0798 5640 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/04/13 15:18:49.0985 5640 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/13 15:18:50.0063 5640 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/13 15:18:50.0094 5640 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/13 15:18:50.0125 5640 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/13 15:18:50.0157 5640 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/13 15:18:50.0203 5640 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/13 15:18:50.0281 5640 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/13 15:18:50.0328 5640 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/13 15:18:50.0437 5640 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/13 15:18:50.0484 5640 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/13 15:18:50.0515 5640 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/13 15:18:50.0578 5640 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/13 15:18:50.0640 5640 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/13 15:18:51.0295 5640 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/13 15:18:51.0997 5640 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/13 15:18:52.0606 5640 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/13 15:18:53.0230 5640 usbccgp (4073a94046d5f1025766eefd6abdc8db) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/13 15:18:53.0947 5640 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/13 15:18:54.0571 5640 usbehci (8625e96957cb855413628abb306c7b89) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/13 15:18:55.0195 5640 usbhub (bc1912ebb127b4e0905c7574349c6dce) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/13 15:18:55.0804 5640 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/13 15:18:55.0960 5640 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/13 15:18:56.0069 5640 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/13 15:18:56.0849 5640 usbuhci (4ba9542f67c63979761f1e0b8ab7141f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/13 15:18:57.0567 5640 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/13 15:18:58.0237 5640 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/13 15:18:58.0331 5640 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/13 15:18:58.0393 5640 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/13 15:18:58.0503 5640 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/13 15:18:58.0549 5640 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/13 15:18:58.0581 5640 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/13 15:18:58.0674 5640 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/13 15:18:58.0721 5640 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/13 15:18:58.0783 5640 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/13 15:18:58.0815 5640 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 15:18:58.0846 5640 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 15:18:58.0893 5640 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/13 15:18:59.0033 5640 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/13 15:18:59.0735 5640 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/13 15:19:00.0499 5640 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/13 15:19:00.0577 5640 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/13 15:19:00.0687 5640 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/13 15:19:00.0827 5640 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/13 15:19:00.0999 5640 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/13 15:19:01.0014 5640 ================================================================================
2011/04/13 15:19:01.0014 5640 Scan finished
2011/04/13 15:19:01.0014 5640 ================================================================================
2011/04/13 15:19:01.0030 5212 Detected object count: 1
2011/04/13 15:19:08.0939 5212 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/13 15:19:08.0939 5212 \HardDisk0 - ok
2011/04/13 15:19:08.0939 5212 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/13 15:19:14.0134 5596 Deinitialize success
  • 0

#34
sempai
Posted 13 April 2011 - 09:14 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please delete your copy of ComboFix (do not uninstall) and then download and run a new copy, refer to my post #7 about the download link and how to run it.
  • 0

#35
Joolker
Posted 13 April 2011 - 11:14 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
ComboFix 11-04-12.02 - Josh 13/04/2011 17:38:47.6.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3034.1843 [GMT 1:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Media Player\run.exe
c:\users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}
c:\users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}\chrome.manifest
c:\users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}\chrome\content\_cfg.js
c:\users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}\chrome\content\overlay.xul
c:\users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}\install.rdf
c:\users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C
c:\users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C\enemies-names.txt
c:\users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C\local.ini
c:\users\Josh\AppData\Roaming\Adobe\plugs
c:\users\Josh\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2011-03-13 to 2011-04-13 )))))))))))))))))))))))))))))))
.
.
2011-04-13 16:45 . 2011-04-13 16:45 -------- d-----w- c:\users\Josh\AppData\Local\temp
2011-04-13 16:45 . 2011-04-13 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 12:52 . 2011-04-10 12:52 -------- d-----w- c:\programdata\WindowsSearch
2011-04-10 12:22 . 2011-04-13 14:15 -------- d-----w- c:\programdata\AVAST Software
2011-04-10 12:22 . 2011-04-10 12:22 -------- d-----w- c:\program files\AVAST Software
2011-04-10 11:50 . 2011-04-10 11:50 -------- d-----w- C:\_OTL
2011-04-10 00:57 . 2011-04-10 01:57 -------- d-----w- c:\users\Josh\AppData\Roaming\Arols
2011-04-10 00:57 . 2011-04-10 01:18 -------- d-----w- c:\users\Josh\AppData\Roaming\Tiuli
2011-04-09 00:01 . 2008-11-13 02:28 2560 ----a-w- c:\windows\system32\msimsg.dll
2011-04-09 00:01 . 2008-11-13 04:50 332800 ----a-w- c:\windows\system32\msihnd.dll
2011-04-09 00:01 . 2008-11-13 04:50 2241536 ----a-w- c:\windows\system32\msi.dll
2011-04-09 00:01 . 2008-11-13 04:50 16384 ----a-w- c:\windows\system32\msisip.dll
2011-04-09 00:01 . 2008-11-13 04:49 73216 ----a-w- c:\windows\system32\msiexec.exe
2011-04-08 14:03 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53D72BA4-CA4B-49E7-8645-4EBDE6F21C23}\mpengine.dll
2011-04-07 18:18 . 2011-04-07 18:18 -------- d-----w- c:\program files\Common Files\Java
2011-04-07 18:17 . 2011-04-07 18:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-07 16:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 16:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 19:13 . 2011-04-04 19:24 -------- d-----w- c:\users\Josh\AppData\Local\ManyCam
2011-04-04 19:07 . 2011-04-04 19:13 -------- d-----w- c:\users\Josh\AppData\Roaming\ManyCam
2011-04-04 19:06 . 2011-04-04 19:07 -------- d-----w- c:\program files\ManyCam
2011-04-04 17:11 . 2011-04-04 17:11 -------- d-----w- c:\users\Josh\AppData\Local\Vitalwerks
2011-04-04 17:11 . 2011-04-04 17:11 -------- d-----w- c:\program files\No-IP
2011-04-01 06:28 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-04-01 06:28 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-04-01 06:28 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-04-01 06:28 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-04-01 06:28 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-04-01 06:28 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-04-01 06:28 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-31 14:30 . 2011-03-31 14:30 -------- d-----w- c:\program files\CCleaner
2011-03-24 16:05 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-03-24 15:50 . 2011-04-13 14:27 -------- d-----w- c:\windows\system32\wbem\repository
2011-03-23 22:03 . 2011-03-24 15:23 -------- d-----w- c:\users\Josh\AppData\Roaming\Otax
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 18:17 . 2010-12-27 15:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-12-28 02:13 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2011-03-21 1752136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-22 15:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 MouseDriver;MouseDriver;c:\windows\TEMP\MouseDriver.bat [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com?o=102868&l=dis&gct=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-13 17:45
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriver]
"ImagePath"="%SystemRoot%\TEMP\MouseDriver.bat"
.
Completion time: 2011-04-13 17:48:49
ComboFix-quarantined-files.txt 2011-04-13 16:48
ComboFix2.txt 2011-04-07 15:30
ComboFix3.txt 2011-04-07 09:41
.
Pre-Run: 62,616,899,584 bytes free
Post-Run: 62,597,160,960 bytes free
.
- - End Of File - - E89E11834C61F7A9D9389F109EF3023B
  • 0

#36
sempai
Posted 14 April 2011 - 06:43 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

We need to confirm a possible Virut infection.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time. (Please scan at least 3 of the files below):

C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe


Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/




=====================================



We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

File::
c:\windows\TEMP\MouseDriver.bat

Driver::
MouseDriver

DirLook::
c:\users\Josh\AppData\Roaming\Tiuli

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


  • 0

#37
Joolker
Posted 14 April 2011 - 11:40 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
File name:
explorer.exe
Submission date:
2011-04-14 16:59:00 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)

---------------

File name:
lsass.exe
Submission date:
2011-04-14 16:57:06 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 40 (0.0%)

--------

File name:
services.exe
Submission date:
2011-04-14 17:02:20 (UTC)
Current status:
queued (#32) queued (#32) analysing finished
Result:
0/ 41 (0.0%)

-------------

Filename: winlogon.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Thu 14 Apr 2011 19:03:35 (CET) Permalink

--------

Filename: svchost.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Thu 14 Apr 2011 19:07:50 (CET) Permalink


-----------

ComboFix 11-04-13.06 - Josh 14/04/2011 18:16:58.7.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3034.1977 [GMT 1:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
Command switches used :: c:\users\Josh\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\TEMP\MouseDriver.bat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MouseDriver
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 17:24 . 2011-04-14 17:28 -------- d-----w- c:\users\Josh\AppData\Local\temp
2011-04-14 17:24 . 2011-04-14 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 12:52 . 2011-04-10 12:52 -------- d-----w- c:\programdata\WindowsSearch
2011-04-10 12:22 . 2011-04-13 14:15 -------- d-----w- c:\programdata\AVAST Software
2011-04-10 12:22 . 2011-04-10 12:22 -------- d-----w- c:\program files\AVAST Software
2011-04-10 11:50 . 2011-04-10 11:50 -------- d-----w- C:\_OTL
2011-04-10 00:57 . 2011-04-10 01:57 -------- d-----w- c:\users\Josh\AppData\Roaming\Arols
2011-04-10 00:57 . 2011-04-10 01:18 -------- d-----w- c:\users\Josh\AppData\Roaming\Tiuli
2011-04-09 00:01 . 2008-11-13 02:28 2560 ----a-w- c:\windows\system32\msimsg.dll
2011-04-09 00:01 . 2008-11-13 04:50 332800 ----a-w- c:\windows\system32\msihnd.dll
2011-04-09 00:01 . 2008-11-13 04:50 2241536 ----a-w- c:\windows\system32\msi.dll
2011-04-09 00:01 . 2008-11-13 04:50 16384 ----a-w- c:\windows\system32\msisip.dll
2011-04-09 00:01 . 2008-11-13 04:49 73216 ----a-w- c:\windows\system32\msiexec.exe
2011-04-08 14:03 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53D72BA4-CA4B-49E7-8645-4EBDE6F21C23}\mpengine.dll
2011-04-07 18:18 . 2011-04-07 18:18 -------- d-----w- c:\program files\Common Files\Java
2011-04-07 18:17 . 2011-04-07 18:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-07 16:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 16:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 19:13 . 2011-04-04 19:24 -------- d-----w- c:\users\Josh\AppData\Local\ManyCam
2011-04-04 19:07 . 2011-04-04 19:13 -------- d-----w- c:\users\Josh\AppData\Roaming\ManyCam
2011-04-04 19:06 . 2011-04-04 19:07 -------- d-----w- c:\program files\ManyCam
2011-04-04 17:11 . 2011-04-04 17:11 -------- d-----w- c:\users\Josh\AppData\Local\Vitalwerks
2011-04-04 17:11 . 2011-04-04 17:11 -------- d-----w- c:\program files\No-IP
2011-04-01 06:28 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-04-01 06:28 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-04-01 06:28 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-04-01 06:28 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-04-01 06:28 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-04-01 06:28 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-04-01 06:28 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-31 14:30 . 2011-03-31 14:30 -------- d-----w- c:\program files\CCleaner
2011-03-24 16:05 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-03-24 15:50 . 2011-04-14 17:26 -------- d-----w- c:\windows\system32\wbem\repository
2011-03-23 22:03 . 2011-03-24 15:23 -------- d-----w- c:\users\Josh\AppData\Roaming\Otax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 18:17 . 2010-12-27 15:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-12-28 02:13 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Josh\AppData\Roaming\Tiuli ----
.
2011-04-10 01:15 . 2011-04-10 01:18 6420 ----a-w- c:\users\Josh\AppData\Roaming\Tiuli\ywit.ilt
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2011-03-21 1752136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-22 15:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-09-03 144672]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-09-03 269216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com?o=102868&l=dis&gct=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-04-14 18:33:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-14 17:33
ComboFix2.txt 2011-04-13 16:48
ComboFix3.txt 2011-04-07 15:30
ComboFix4.txt 2011-04-07 09:41
.
Pre-Run: 62,619,017,216 bytes free
Post-Run: 62,582,865,920 bytes free
.
- - End Of File - - A3AE162A722A6B4304C3CBF3118CF1DC
  • 0

#38
sempai
Posted 15 April 2011 - 09:55 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi Joolker, you can reinstall AVAST after doing the instructions below.


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box. 

    :OTL
[2011/04/10 01:57:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Tiuli

:Commands
[EMPTYTEMP] 
[CREATERESTOREPOINT]
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



2. ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#39
Joolker
Posted 17 April 2011 - 07:49 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi sempai, apologies for the delay in replying, had a busy weekend!

OTL logfile created on: 11/04/2011 21:39:54 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Josh\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 58.17 Gb Free Space | 43.29% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.10 Gb Free Space | 34.84% Space Free | Partition Type: NTFS

Computer Name: J00LK3R | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 16:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
PRC - [2011/03/21 10:32:02 | 001,752,136 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/23 15:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2010/10/27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/03/22 18:21:17 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 19:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/03 21:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 20:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 23:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 16:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
MOD - [2011/02/23 15:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 15:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2009/03/22 16:06:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 14:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/23 13:34:54 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/22 11:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/15 05:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/09/03 09:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 09:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/01/21 03:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=...68&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CC0341EE-174B-49B4-B69B-F32D0D9F0D06}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:20110101


FF - HKLM\software\mozilla\Firefox\Extensions\\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}: C:\Users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06} [2011/04/10 01:43:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/10 13:22:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 21:25:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/07 19:17:32 | 000,000,000 | ---D | M]

[2011/02/28 16:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2011/04/11 15:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions
[2011/03/24 16:35:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 17:27:50 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/04/04 20:22:54 | 000,002,575 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l66m8t3v.default\searchplugins\askcom.xml
[2011/04/11 15:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/07 19:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/24 08:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/10 13:22:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/10 01:43:47 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JOSH\APPDATA\LOCAL\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}
[2011/04/07 19:17:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/27 12:21:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/27 12:21:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/27 12:21:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/27 12:21:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (adfavwsqpr Object) - {C348BB9A-995C-404A-8185-76325B4BED9F} - C:\Windows\$XNTUninstall643$\mbdwt.dll ()
O2 - BHO: (brumavwsqgrm Object) - {F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} - C:\Windows\$XNTUninstall643$\xgoir.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bipro] C:\Windows\$XNTUninstall643$\mbdwt.dll ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 14:43:02 | 000,000,000 | ---D | C] -- C:\Windows\$XNTUninstall643$
[2011/04/10 13:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/04/10 13:23:06 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/10 13:23:06 | 000,101,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2011/04/10 13:23:06 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/10 13:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2011/04/10 13:22:52 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/10 13:22:52 | 000,192,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2011/04/10 13:22:52 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/10 13:22:52 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/10 13:22:52 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/10 13:22:39 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/10 13:22:39 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/10 13:22:39 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2011/04/10 13:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/10 13:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/10 13:20:57 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\avast!.Internet.Security.6.0.1000.plus.CRACK.till.2050.By.GuDDs
[2011/04/10 12:50:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/10 01:57:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Tiuli
[2011/04/10 01:57:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Arols
[2011/04/10 01:43:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}
[2011/04/10 01:41:59 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C
[2011/04/09 11:49:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/04/09 11:36:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/09 11:36:22 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\temp
[2011/04/09 11:24:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/09 11:24:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/07 19:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/07 17:07:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/07 17:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/07 17:07:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/06 17:56:24 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\TDSSKiller.exe
[2011/04/06 16:30:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/06 16:30:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/06 16:30:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/06 16:30:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/04 20:13:11 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\ManyCam
[2011/04/04 20:07:18 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManyCam
[2011/04/04 20:07:12 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\ManyCam
[2011/04/04 20:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
[2011/04/04 18:11:41 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Vitalwerks
[2011/04/04 18:11:24 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2011/04/04 18:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2011/03/31 16:42:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2011/03/31 15:59:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/31 15:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/31 15:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/24 16:49:36 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/03/23 23:03:34 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Otax
[2011/03/23 11:24:59 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\keep
[2011/03/16 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Remote Assistance Logs

========== Files - Modified Within 30 Days ==========

[2011/04/11 21:35:57 | 000,000,117 | ---- | M] () -- C:\Users\Josh\jagex_runescape_preferences2.dat
[2011/04/11 21:35:57 | 000,000,034 | ---- | M] () -- C:\Users\Josh\jagex_runescape_preferences.dat
[2011/04/11 21:08:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 21:08:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 18:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/11 15:08:33 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/10 20:35:55 | 000,003,972 | ---- | M] () -- C:\Users\Josh\Documents\the blackout.rtf
[2011/04/10 14:29:36 | 284,892,379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/10 13:23:06 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/04/10 13:22:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/10 13:17:40 | 000,006,756 | ---- | M] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2011/04/10 13:04:36 | 107,986,828 | ---- | M] () -- C:\Users\Josh\Desktop\avast!.Internet.Security.6.0.1000.plus.CRACK.till.2050.By.GuDDs.rar
[2011/04/10 02:03:52 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/10 02:03:52 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/10 01:57:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/10 01:57:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/09 11:24:21 | 004,317,112 | R--- | M] () -- C:\Users\Josh\Desktop\ComboFix.exe
[2011/04/07 19:19:59 | 000,498,264 | ---- | M] () -- C:\Users\Josh\Desktop\DSCF0920x.jpg
[2011/04/07 19:09:27 | 000,798,376 | ---- | M] () -- C:\Users\Josh\Desktop\DSCF0920.JPG
[2011/04/07 17:16:20 | 000,012,288 | ---- | M] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/07 17:07:40 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/04 20:07:18 | 000,000,934 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2011/04/04 17:28:02 | 000,000,372 | ---- | M] () -- C:\Users\Josh\Documents - Shortcut.lnk
[2011/04/04 15:02:22 | 074,038,653 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm.install_backup
[2011/03/31 16:42:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2011/03/24 22:43:11 | 000,012,643 | ---- | M] () -- C:\Users\Josh\Documents\1301002912024.jpg
[2011/03/24 20:34:44 | 000,000,945 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/22 22:53:14 | 000,034,508 | ---- | M] () -- C:\Users\Josh\Documents\200370_173890622663410_100001274193625_435525_3221838_n.jpg

========== Files Created - No Company Name ==========

[2011/04/10 20:35:55 | 000,003,972 | ---- | C] () -- C:\Users\Josh\Documents\the blackout.rtf
[2011/04/10 13:27:33 | 3181,760,512 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/10 13:23:06 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/04/10 13:00:10 | 107,986,828 | ---- | C] () -- C:\Users\Josh\Desktop\avast!.Internet.Security.6.0.1000.plus.CRACK.till.2050.By.GuDDs.rar
[2011/04/10 01:57:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/04/10 01:57:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/08 23:49:29 | 004,317,112 | R--- | C] () -- C:\Users\Josh\Desktop\ComboFix.exe
[2011/04/07 19:19:59 | 000,498,264 | ---- | C] () -- C:\Users\Josh\Desktop\DSCF0920x.jpg
[2011/04/07 17:16:21 | 000,798,376 | ---- | C] () -- C:\Users\Josh\Desktop\DSCF0920.JPG
[2011/04/07 17:07:40 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/06 16:30:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/06 16:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/06 16:30:21 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/06 16:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/06 16:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/04 20:07:18 | 000,000,934 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2011/04/04 17:28:02 | 000,000,372 | ---- | C] () -- C:\Users\Josh\Documents - Shortcut.lnk
[2011/03/24 22:43:04 | 000,012,643 | ---- | C] () -- C:\Users\Josh\Documents\1301002912024.jpg
[2011/03/24 20:34:44 | 000,000,945 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/24 17:06:47 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/22 22:53:02 | 000,034,508 | ---- | C] () -- C:\Users\Josh\Documents\200370_173890622663410_100001274193625_435525_3221838_n.jpg
[2011/02/28 16:52:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/27 08:01:20 | 000,006,756 | ---- | C] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2011/01/07 20:26:07 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/12/27 15:27:22 | 000,012,288 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 18:27:17 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/03/22 18:27:17 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/03/22 18:27:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/03/22 18:27:17 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/22 18:23:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/22 18:23:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/22 16:00:54 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/22 15:49:08 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/22 15:49:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/22 15:49:07 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/04 00:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,604,520 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,796 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/10 01:42:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C
[2011/04/10 02:57:23 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Arols
[2011/01/12 23:17:32 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\GetRightToGo
[2011/04/04 20:13:11 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ManyCam
[2011/01/14 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\NetMedia Providers
[2011/03/24 16:35:10 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Opera
[2011/03/24 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Otax
[2011/01/14 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Publish Providers
[2011/01/14 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Sony
[2011/04/10 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Spotify
[2011/04/10 02:18:29 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Tiuli
[2011/04/10 14:53:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2011/04/10 22:44:30 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


--------------------------------

C:\Qoobox\Quarantine\C\Users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Qoobox\Quarantine\C\Users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Users\Josh\Desktop\keep\Alternative Reviews\footer(2).php PHP/Kryptik.AB trojan
C:\Users\Josh\Desktop\keep\Alternative Reviews\footer.php PHP/Kryptik.AB trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV2TMNDU\sta2wo[1].pdf JS/Exploit.Pdfka.OVA trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-28d98882 Java/TrojanDownloader.OpenStream.NBS trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\307c97e-7361a703 a variant of Win32/Injector.FUD trojan
  • 0

#40
sempai
Posted 17 April 2011 - 08:26 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please tell me how's the computer running after doing the fix below:


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box. 

    :OTL
O2 - BHO: (adfavwsqpr Object) - {C348BB9A-995C-404A-8185-76325B4BED9F} - C:\Windows\$XNTUninstall643$\mbdwt.dll ()
O2 - BHO: (brumavwsqgrm Object) - {F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} - C:\Windows\$XNTUninstall643$\xgoir.dll ()
O4 - HKLM..\Run: [bipro] C:\Windows\$XNTUninstall643$\mbdwt.dll ()
[2011/04/10 14:43:02 | 000,000,000 | ---D | C] -- C:\Windows\$XNTUninstall643$
[2011/04/10 01:57:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Tiuli
[2011/04/10 01:57:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Arols
[2011/04/10 01:43:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}
[2011/04/10 01:41:59 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP] 
[EMPTYFLASH] 
[CLEARALLRESTOREPOINTS]
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


2. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

Advertisements

#41
Joolker
Posted 17 April 2011 - 09:52 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C348BB9A-995C-404A-8185-76325B4BED9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C348BB9A-995C-404A-8185-76325B4BED9F}\ not found.
File C:\Windows\$XNTUninstall643$\mbdwt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8}\ not found.
File C:\Windows\$XNTUninstall643$\xgoir.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bipro not found.
File C:\Windows\$XNTUninstall643$\mbdwt.dll not found.
Folder C:\Windows\$XNTUninstall643$\ not found.
Folder C:\Users\Josh\AppData\Roaming\Tiuli\ not found.
Folder C:\Users\Josh\AppData\Roaming\Arols\ not found.
Folder C:\Users\Josh\AppData\Local\{CC0341EE-174B-49B4-B69B-F32D0D9F0D06}\ not found.
Folder C:\Users\Josh\AppData\Roaming\4181B5927921A3FAE6F9FA591213E41C\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Josh\Desktop\cmd.bat deleted successfully.
C:\Users\Josh\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Josh
->Temp folder emptied: 799017 bytes
->Temporary Internet Files folder emptied: 826133 bytes
->Java cache emptied: 43894 bytes
->FireFox cache emptied: 53936302 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1451 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526840 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3632047 bytes

Total Files Cleaned = 57.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Josh
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 04172011_164206

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

---------

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Adobe Flash Player 10.2.153.1
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
  • 0

#42
sempai
Posted 18 April 2011 - 07:02 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
How's the computer running now?


Update Adobe Reader so you will not become vulnerable for infections.
  • Uninstall your old version of Adobe Reader.
  • Download the latest version of Adobe Reader. --> HERE
  • Unchecked any optional download like Free Google Toolbar or Free McAfee® Security Scan Plus.
  • Click download to download the file and install it by following the prompts.

  • 0

#43
Joolker
Posted 18 April 2011 - 12:23 PM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Done that, thanks. The computer has been running quite well for the past few days now
  • 0

#44
sempai
Posted 19 April 2011 - 06:47 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi Joolker,

You have an outdated service pack and I really recommend that you install the latest service pack for your OS.

How to obtain the latest Windows Vista service pack -> http://support.microsoft.com/kb/935791



Uninstall:

1. ComboFix

  • Click Start > Run > copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall


2. ESET online scanner
  • Go to Control Panel > Programs > Programs and Features > locate and remove ESET Online Scanner.



Delete:

1. MBRCheck
2. TDSSKiller
3. Gmer
4. Security check
5. Rootkit Unhooker



Clean-up with OTL:
  • Run OTL
  • Click on the CleanUp! button.


Your Log is Clean, please change all your offline and online passwords.

Take the time to read below to secure your machine and take the necessary steps to keep it Clean :D

How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


  • 0

#45
Joolker
Posted 19 April 2011 - 11:21 AM

Joolker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Completed all of your instructions and read through tips/links, thankyou so much for all of your help! I would never have done it without you. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP