Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infection similar to "Antivirus System Pro"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 26th, 2011, 1:46 pm

Hi deltalima,

I ran RKill and HijackThis. I checked all the entries except for these, because they weren't present:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

When I right-clicked on my "Start" button, I clicked "Explore" rather than "Explore All Users." I hope that was correct.

I didn't see any lsass.exe, mowmd32.dll and aqijuxap.dll files. All I saw was a Programs folder and a desktop.ini file.

So, then I ran TFC. It took about half an hour. There were a couple of times when I thought it wasn't working, but it was. After it finished, I allowed it to reboot.

Upon rebooting, I noticed that the errors that I was getting before on start up were gone. (They were "Error loading C:\WINDOWS\mowmd32.dll "The specified module could not be found" and Error loading C:\WINDOWS\aqijuxap.dll "The specified module could not be found.")

The computer seems to be running much better than it did before. I do not see any errors and pop-ups and I'm allowed to access programs again, but I'll await further instructions before I say that it's "clean."
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm
Advertisement
Register to Remove

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 26th, 2011, 3:02 pm

Hi via,

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Malwarebytes' Anti-Malware

Now reboot your PC.

Next.

  • Download and run This utility
  • it will ask to restart your computer (please allow it to).
  • Next install the latest version of malwarebytes Anti-Malware from Here.
  • Now please run a quick scan and post the log in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 26th, 2011, 3:14 pm

Hi deltalima,

I don't see "Run" under "Accessories."

When I click the "Start" button on my task bar, I see a "Run" there, though. Is that the same thing?

Thanks.
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 26th, 2011, 3:40 pm

Yes that's the one.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 26th, 2011, 4:52 pm

OK, while I was uninstalling Malwarebytes Anti-Malware, I got an error that said "vbAccelerator SGrid II Control Run-time error '0'". Then another one popped up and said "Malwarebyes' Anti-Malware Run-time Error '440': Automation Error." Both of these errors happened about three times each, one after the other, but I uninstalled the program. I successfully installed the new version of Malwarebytes Anti-Malware and performed a quick scan. The results are posted below:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5611

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/26/2011 2:47:07 PM
mbam-log-2011-01-26 (14-46-58).txt

Scan type: Quick scan
Objects scanned: 168847
Time elapsed: 10 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Owner\application data\systemproc (Trojan.Agent) -> No action taken.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d} (Trojan.Swisyn) -> No action taken.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome (Trojan.Swisyn) -> No action taken.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content (Trojan.Swisyn) -> No action taken.

Files Infected:
c:\documents and settings\Owner\application data\Adobe\plugs\kb174212375.exe (Trojan.Agent) -> No action taken.
c:\confin.sys (Malware.Trace) -> No action taken.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome.manifest (Trojan.Swisyn) -> No action taken.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\install.rdf (Trojan.Swisyn) -> No action taken.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content\timer.xul (Trojan.Swisyn) -> No action taken.
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 26th, 2011, 5:07 pm

Hi via,

Please run a quick scan with Malwarebytes and remove any infected items detected then save the log to post in your next reply.

Next run a new scan with OTL and post the OTL.txt log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 26th, 2011, 5:33 pm

Hi deltalima,

Here is the Malwarebytes Anti-malware log:


Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5611

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/26/2011 3:10:28 PM
mbam-log-2011-01-26 (15-10-28).txt

Scan type: Quick scan
Objects scanned: 168847
Time elapsed: 10 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Owner\application data\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d} (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Owner\application data\Adobe\plugs\kb174212375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.

Here is the OTL log:

OTL logfile created on: 1/26/2011 3:17:59 PM - Run 3
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 64.49 Gb Free Space | 57.69% Space Free | Partition Type: NTFS

Computer Name: OWNER-F4B70D02B | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Alwil Software\Avast5\Setup\avast.setup (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
PRC - C:\Documents and Settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GE6DWA3 Product Registration.exe (Leader Technologies/Seagate)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (69CA956E) -- C:\WINDOWS\system32\69CA956E.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-583907252-1580818891-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-583907252-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-583907252-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {960BE052-4847-422b-9AD6-8631D3D0A607}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {E9AE265A-1885-4143-BDC3-2783D9124418}:1.9.8
FF - prefs.js..extensions.enabledItems: {97c7d43c-4182-49b8-9b04-b78fed89d7fb}:1.2.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: {8C1ED365-1623-474A-A1C8-848669CFBD75}:1.9.1
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{8C1ED365-1623-474A-A1C8-848669CFBD75}: C:\Documents and Settings\Owner\Local Settings\Application Data\{8C1ED365-1623-474A-A1C8-848669CFBD75} [2011/01/21 13:53:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 11:57:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 20:11:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/15 17:04:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/20 01:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/01/26 10:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions
[2008/12/18 15:37:29 | 000,000,000 | ---D | M] ("Tab URL Copier") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{007C7BD8-3DB5-41e5-A7D9-7021B464CC9D}
[2011/01/22 08:31:01 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/27 01:45:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/01 22:58:43 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/12/09 16:38:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/04/10 11:34:52 | 000,000,000 | ---D | M] (CopyAllUrls) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{960BE052-4847-422b-9AD6-8631D3D0A607}
[2008/10/30 16:02:07 | 000,000,000 | ---D | M] (Word Count Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{97c7d43c-4182-49b8-9b04-b78fed89d7fb}
[2010/11/26 14:17:37 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/05/13 13:37:53 | 000,000,000 | ---D | M] (Mute Flash) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{ae1dd71f-660f-43bb-8a0b-8c87b7b8276d}
[2010/10/14 22:10:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/24 00:35:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/18 05:53:47 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/09/03 08:55:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/12 12:08:34 | 000,000,000 | ---D | M] (Text2Link) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418}
[2010/10/14 22:10:21 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\foxmarks@kei.com
[2009/10/23 23:28:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\moveplayer@movenetworks.com
[2008/01/07 04:38:51 | 000,000,000 | ---D | M] (VideoDownloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\extensions\videodowloader@videodownloader.net
[2008/05/29 18:36:23 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\dictionarycom.xml
[2011/01/20 01:12:08 | 000,004,778 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\ehow.xml
[2011/01/22 12:55:33 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\etsy.xml
[2008/05/27 19:19:14 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\halfcom.xml
[2011/01/19 12:53:37 | 000,001,101 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\iherb.xml
[2008/06/19 14:34:32 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\imdb.xml
[2008/08/03 23:52:10 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\netflix.xml
[2011/01/19 12:53:37 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\rotten-tomatoes.xml
[2011/01/22 12:55:33 | 000,003,855 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\technorati-search.xml
[2008/06/06 00:04:51 | 000,004,884 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\urbandictionarycom.xml
[2011/01/19 12:53:36 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\weathercom.xml
[2008/06/25 15:05:21 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\webster.xml
[2008/06/20 02:59:09 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\wikipedia-en.xml
[2011/01/20 01:12:08 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\czpoxw1d.default\searchplugins\youtube.xml
[2011/01/25 18:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/02 15:20:17 | 000,000,000 | ---D | M] (Firefox Campus Edition Settings) -- C:\Program Files\Mozilla Firefox\extensions\mozilla-campus@partners.mozilla.com
[2011/01/21 13:53:09 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{8C1ED365-1623-474A-A1C8-848669CFBD75}
[2009/04/24 22:04:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/03/05 15:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/01/22 15:47:40 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-583907252-1580818891-725345543-1003..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-583907252-1580818891-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Seagate 2GE6DWA3 Product Registration.lnk = C:\Documents and Settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GE6DWA3 Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1580818891-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/28 12:55:41 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aa1ae16b-9d33-11dc-8d1e-0014a5add396}\Shell - "" = AutoRun
O33 - MountPoints2\{aa1ae16b-9d33-11dc-8d1e-0014a5add396}\Shell\Auto\command - "" = C:\WINDOWS\System32\setup.exe -- [2004/08/04 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{aa1ae16b-9d33-11dc-8d1e-0014a5add396}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/26 14:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/01/26 14:20:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/26 14:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/26 14:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/26 14:19:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/26 14:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/26 10:49:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2011/01/25 15:42:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/25 15:34:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/24 18:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2011/01/23 16:17:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/22 16:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/01/22 15:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/01/22 10:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/01/22 10:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/22 08:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/22 07:27:03 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/22 07:27:03 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/22 07:27:03 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/22 07:27:03 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/22 07:27:03 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/22 07:27:03 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/22 07:27:03 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/22 07:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/22 07:26:56 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/22 07:26:56 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/21 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/21 21:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/21 19:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/01/21 19:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/21 19:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/21 19:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/21 13:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{8C1ED365-1623-474A-A1C8-848669CFBD75}
[2010/12/28 21:01:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Dropbox
[2010/12/28 20:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
[2010/12/28 20:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[7 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[290 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/26 15:19:46 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/26 15:16:51 | 000,000,824 | -HS- | M] () -- C:\hpqp.ini
[2011/01/26 15:16:49 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/01/26 15:16:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/26 15:16:29 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/26 15:09:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1580818891-725345543-1003UA.job
[2011/01/26 14:20:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/26 14:02:29 | 000,480,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/26 14:02:28 | 000,090,324 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/26 11:36:13 | 000,006,526 | ---- | M] () -- C:\WINDOWS\Scwriter.ini
[2011/01/26 10:49:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2011/01/26 10:26:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/01/25 15:16:31 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
[2011/01/24 13:43:51 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\69CA956E.exe
[2011/01/24 13:28:32 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/01/23 18:09:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\٣٣
[2011/01/23 18:01:19 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2011/01/23 18:00:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/23 16:57:05 | 000,001,313 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Seagate 2GE6DWA3 Product Registration.lnk
[2011/01/23 16:17:42 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\8k6tmoek.exe
[2011/01/23 16:17:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/22 07:27:04 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/22 07:27:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/22 07:09:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1580818891-725345543-1003Core.job
[2011/01/21 19:49:51 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/21 15:56:28 | 000,003,056 | ---- | M] () -- C:\WINDOWS\Ejohojoqoziyijev.dat
[2011/01/21 13:53:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wyucoyex.bin
[2011/01/20 17:27:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/18 13:28:09 | 000,000,204 | ---- | M] () -- C:\WINDOWS\struct~.ini
[2011/01/13 20:11:38 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/01/13 02:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 02:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 02:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 02:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 02:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 02:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 02:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 02:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 02:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/08 23:53:47 | 000,004,809 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/01/08 23:48:46 | 000,006,852 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mrmarch.jpg
[2011/01/06 23:04:50 | 004,579,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ladt3.mp3
[2010/12/28 22:56:57 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ScottNotes.doc
[2010/12/28 21:01:10 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/12/28 20:53:47 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2010/12/27 17:51:23 | 000,213,629 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LEALTA.SCW
[2010/12/27 17:24:31 | 000,213,629 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LEALTA.BK
[290 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/26 14:20:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/25 15:21:43 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.LOC
[2011/01/25 15:21:42 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERDNT.E_E
[2011/01/25 15:21:42 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.EXE
[2011/01/25 15:21:42 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.EXE
[2011/01/25 15:21:42 | 000,005,417 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LOC_GER.ZIP
[2011/01/25 15:21:42 | 000,004,090 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.LOC
[2011/01/25 15:21:42 | 000,003,275 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERDNTWIN.LOC
[2011/01/25 15:21:42 | 000,002,815 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERDNTDOS.LOC
[2011/01/25 15:21:41 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AUTOBACK.EXE
[2011/01/25 15:16:28 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
[2011/01/25 14:50:32 | 526,503,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/24 13:43:51 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\69CA956E.exe
[2011/01/24 13:28:36 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/01/23 18:09:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\٣٣
[2011/01/23 18:01:09 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2011/01/23 16:17:39 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\8k6tmoek.exe
[2011/01/22 10:53:56 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/01/22 07:27:04 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/21 19:49:51 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/21 13:53:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wyucoyex.bin
[2011/01/21 13:53:13 | 000,003,056 | ---- | C] () -- C:\WINDOWS\Ejohojoqoziyijev.dat
[2011/01/08 23:53:46 | 000,004,809 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/01/08 23:48:46 | 000,006,852 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mrmarch.jpg
[2011/01/06 23:25:09 | 004,579,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ladt3.mp3
[2010/12/28 22:56:55 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ScottNotes.doc
[2010/12/28 21:01:10 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/12/28 20:53:47 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2010/11/05 02:31:08 | 000,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini
[2010/05/06 17:29:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/12/04 18:48:30 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2008/12/08 09:47:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008/01/13 18:59:48 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/04 15:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 15:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/23 07:51:20 | 000,000,272 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/21 09:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/12/06 07:08:53 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/12/05 03:09:53 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/05 00:37:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/02 21:37:20 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/28 13:21:20 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/28 12:53:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/11/27 16:58:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2007/11/27 16:26:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QSwitch.txt
[2007/11/27 16:26:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DSwitch.txt
[2007/11/27 16:26:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\AtStart.txt
[2007/11/27 05:20:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/02 04:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 14:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004331_.tmp.dll
[2004/08/04 14:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004299_.tmp.dll
[2003/04/21 16:49:38 | 000,006,526 | ---- | C] () -- C:\WINDOWS\Scwriter.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/27 05:30:32 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\Owner\Desktop\LEALTA.pdf:SummaryInformation

< End of report >

I forgot to add that I still had the Malawarebyes Anti-Malware Program open, so I just deleted the items from the first scan. I hope that's OK...
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 26th, 2011, 5:44 pm

Hi via,

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 23.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 23 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 26th, 2011, 6:54 pm

Hi deltalima,

I installed the latest version of Adobe Reader, but I'm having trouble with the Java stuff. On that page, there is only one orange button, and it is for JDK + Java EE Bundle.

I see a Java SE 6 Update 23 update, and it gives JDK and JRE downloads. Is this the JRE I'm supposed to download?

Thanks.
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 26th, 2011, 7:05 pm

Use the button on the left hand side that just says "Java" it may look red. It's just the JRE that needs to be installed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 27th, 2011, 1:15 am

I actually lost a reply that I was trying to type out. I'll try to summarize below:

I installed the new version of Adobe.

After that, I clicked on the red "Java" button and downloaded the linked file. When I looked at the file name, I saw that it started with "JDK", so I went back to the site and looked underneath the red button for a file that started with "JRE". I downloaded that one, but saw that the file name was "jre-6u23-windows-i586.exe." It didn't have the "P" in the file name, like the one you suggested. I figured that was the right one, anyway, and installed it.

Here's the ESET scanner log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=880bd8cfd07d474f9ca6cf582cb7f960
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-27 01:48:21
# local_time=2011-01-26 07:48:21 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 22029221 22029221 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=11729
# found=0
# cleaned=0
# scan_time=4494
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=880bd8cfd07d474f9ca6cf582cb7f960
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-27 05:01:46
# local_time=2011-01-26 11:01:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 22034359 22034359 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=74802
# found=0
# cleaned=0
# scan_time=10954
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 27th, 2011, 5:58 am

Hi via,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 27th, 2011, 10:43 am

Hi deltalima,

Here is the TDSKiller log:

2011/01/27 08:37:29.0343 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/27 08:37:29.0343 ================================================================================
2011/01/27 08:37:29.0343 SystemInfo:
2011/01/27 08:37:29.0343
2011/01/27 08:37:29.0343 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/27 08:37:29.0343 Product type: Workstation
2011/01/27 08:37:29.0343 ComputerName: OWNER-F4B70D02B
2011/01/27 08:37:29.0343 UserName: Owner
2011/01/27 08:37:29.0343 Windows directory: C:\WINDOWS
2011/01/27 08:37:29.0343 System windows directory: C:\WINDOWS
2011/01/27 08:37:29.0343 Processor architecture: Intel x86
2011/01/27 08:37:29.0343 Number of processors: 1
2011/01/27 08:37:29.0343 Page size: 0x1000
2011/01/27 08:37:29.0343 Boot type: Normal boot
2011/01/27 08:37:29.0343 ================================================================================
2011/01/27 08:37:35.0890 Initialize success
2011/01/27 08:38:18.0812 ================================================================================
2011/01/27 08:38:18.0812 Scan started
2011/01/27 08:38:18.0812 Mode: Manual;
2011/01/27 08:38:18.0812 ================================================================================
2011/01/27 08:38:20.0484 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/27 08:38:20.0593 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/27 08:38:20.0656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/27 08:38:20.0734 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/01/27 08:38:20.0812 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/27 08:38:20.0875 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/01/27 08:38:21.0218 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/01/27 08:38:21.0265 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/27 08:38:21.0328 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/27 08:38:21.0375 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/27 08:38:21.0421 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/27 08:38:21.0468 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/27 08:38:21.0515 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/27 08:38:21.0578 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/27 08:38:21.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/27 08:38:21.0718 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/27 08:38:21.0781 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/27 08:38:21.0875 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/27 08:38:21.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/27 08:38:22.0015 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/27 08:38:22.0078 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/27 08:38:22.0156 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/27 08:38:22.0234 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/27 08:38:22.0390 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/27 08:38:22.0453 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/27 08:38:22.0531 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/27 08:38:22.0578 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/27 08:38:22.0625 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/27 08:38:22.0703 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/27 08:38:22.0796 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/27 08:38:22.0843 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/01/27 08:38:22.0890 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
2011/01/27 08:38:22.0968 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/27 08:38:23.0015 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/27 08:38:23.0046 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/27 08:38:23.0093 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/27 08:38:23.0140 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/27 08:38:23.0203 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/27 08:38:23.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/27 08:38:23.0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/27 08:38:23.0343 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/27 08:38:23.0406 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/01/27 08:38:23.0468 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/01/27 08:38:23.0531 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/27 08:38:23.0656 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/27 08:38:23.0703 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/27 08:38:23.0765 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/27 08:38:23.0828 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/01/27 08:38:23.0890 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/27 08:38:24.0000 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/27 08:38:24.0125 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/27 08:38:24.0218 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/27 08:38:24.0312 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/27 08:38:24.0375 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/27 08:38:24.0484 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/27 08:38:24.0531 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/27 08:38:24.0578 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/27 08:38:24.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/27 08:38:24.0671 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/27 08:38:24.0734 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/27 08:38:24.0781 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/27 08:38:24.0828 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/27 08:38:24.0875 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/27 08:38:24.0921 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/27 08:38:24.0953 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/27 08:38:25.0015 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/27 08:38:25.0062 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/27 08:38:25.0203 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/27 08:38:25.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/27 08:38:25.0296 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/27 08:38:25.0328 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/27 08:38:25.0375 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/27 08:38:25.0437 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/27 08:38:25.0515 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/27 08:38:25.0562 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/27 08:38:25.0625 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/27 08:38:25.0671 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/27 08:38:25.0687 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/27 08:38:25.0734 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/27 08:38:25.0781 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/27 08:38:25.0843 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/27 08:38:25.0875 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/27 08:38:25.0921 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/27 08:38:25.0968 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/27 08:38:26.0015 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/27 08:38:26.0046 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/27 08:38:26.0109 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/27 08:38:26.0218 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/27 08:38:26.0265 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/27 08:38:26.0343 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/27 08:38:26.0390 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/27 08:38:26.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/27 08:38:26.0515 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/27 08:38:26.0546 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/27 08:38:26.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/27 08:38:26.0625 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/27 08:38:26.0718 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/27 08:38:26.0765 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/27 08:38:27.0015 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/27 08:38:27.0078 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/27 08:38:27.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/27 08:38:27.0187 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/27 08:38:27.0375 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/27 08:38:27.0421 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/27 08:38:27.0468 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/27 08:38:27.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/27 08:38:27.0531 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/27 08:38:27.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/27 08:38:27.0656 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/27 08:38:27.0687 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/27 08:38:27.0828 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/27 08:38:27.0859 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/27 08:38:27.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/27 08:38:28.0000 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/27 08:38:28.0062 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/27 08:38:28.0187 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/27 08:38:28.0250 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/27 08:38:28.0328 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/27 08:38:28.0390 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/27 08:38:28.0437 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/27 08:38:28.0578 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/27 08:38:28.0640 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/27 08:38:28.0687 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/27 08:38:28.0718 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/27 08:38:28.0765 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/27 08:38:28.0859 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/27 08:38:28.0968 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/27 08:38:29.0078 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/27 08:38:29.0109 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/27 08:38:29.0156 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/27 08:38:29.0203 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/27 08:38:29.0250 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/27 08:38:29.0296 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/27 08:38:29.0343 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/27 08:38:29.0375 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/27 08:38:29.0421 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/27 08:38:29.0453 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/27 08:38:29.0531 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/27 08:38:29.0578 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/27 08:38:29.0656 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/27 08:38:29.0750 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/27 08:38:29.0859 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/27 08:38:29.0937 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/27 08:38:30.0015 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/27 08:38:30.0078 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/27 08:38:30.0343 ================================================================================
2011/01/27 08:38:30.0343 Scan finished
2011/01/27 08:38:30.0343 ================================================================================
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm

Re: Malware infection similar to "Antivirus System Pro"

Unread postby deltalima » January 27th, 2011, 10:58 am

Hi via,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Delete the RKill icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

It is VITAL that you upgrade Windows XP to Service Pack 3
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware infection similar to "Antivirus System Pro"

Unread postby via » January 27th, 2011, 3:28 pm

Hi deltalima,

I'm following the list, but I have a few questions...

I noticed that when I open "My Documents", I see transparent icons that start with the "~" or "~$" symbols. Is that normal?

I have an external hard drive on which I backed up all my files. Should I have scanned that hard drive with any of the tools you suggested in this thread?

When I ran WinPatrol, it said "A change had been detected in the following Registry Location which you've asked to be monitored. Is changing this value OK? Software]Microsoft\Internet Explorer\Download CheckExeSignatures:no" Should I click "Yes" or "No" for that?

Thanks.
via
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 5:06 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 273 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware