searchclick6 virus

April 2, 2010 at 04:47:41
Specs: Windows XP
appeared two days ago, tried avast, malware, spyhunter, trojan remover - nothing seems to work. Still redirects. Need help.

See More: searchclick6 virus

Report •

#1
April 2, 2010 at 19:46:44
This will not remove it but will help find any bad files.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.


Report •

#2
April 3, 2010 at 05:27:53

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 8:25:30.01 on Sat 04/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3039.2232 [GMT -4:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CafeNews\CN.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Owner\Application Data\msplyi4d\msplyi4d.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Mssql\BinnMSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = onet.pl/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: i5 Browser Button Helper: {74549586-617f-448d-a0b9-332af8fcaf21} - c:\program files\i5 browser button\BolotoIEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: IEPluginBHO Class: {f5cc7f02-6f4e-4462-b5b1-394a57fd3e0d} - c:\documents and settings\all users\application data\gadu-gadu 10\_userdata\ggbho.2.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\i5\tbcore3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: &Tlumaczenie: {0d704fad-66e9-4f0a-bfed-4f665770ddb3} - c:\program files\techland\common\internettranslator\InternetTranslator.dll
TB: i5 Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\i5\tbcore3.dll
TB: {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: i5 Toolbar: {21b3866c-dd0c-4675-a87c-a62bf21366af} - c:\program files\i5 browser button\BolotoIEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [deskatm97] rundll32.exe "c:\documents and settings\owner\local settings\application data\deskatm97\deskatm97.dll", DllInit
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [msplyi4d] c:\documents and settings\owner\application data\msplyi4d\msplyi4d.exe
uRun: [mligebdrv] rundll32.exe "iiighe.dll",s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SetDefPrt] c:\program files\brother\brmflp03\BrStDvPt.exe
mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CafeNews] c:\program files\cafenews\CN.exe /autostart
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [ljihhedrv] rundll32.exe "iiighe.dll",s
mRun: [urppolsys] rundll32.exe "byyaab.dll",DllRegisterServer
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [fcbyxxdrv] rundll32.exe "iiighe.dll",s
dRun: [byvvvwsys] rundll32.exe "byyaab.dll",DllRegisterServer
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\owner\desktop\virus\virus removal tool\setup_9.0.0.722_01.04.2010_19-04\startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D} - c:\program files\i5 browser button\BolotoIEToolbar.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - c:\program files\techland\common\internettranslator\InternetTranslator.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266253328531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 byyaab.dll
Hosts: 89.149.210.50 www.google.com
Hosts: 89.149.210.50 www.google.de
Hosts: 89.149.210.50 www.google.fr
Hosts: 89.149.210.50 www.google.co.uk
Hosts: 89.149.210.50 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\tz3p0onm.default\
FF - prefs.js: browser.startup.homepage - hxxp://chomikuj.pl
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11145&client_id=d48af2bca8b99e34aeb88868&camp_id=324&install_time=2010-03-22T11:28:27Z&tb_version=2.4.2000%28F%29&pr=auto&q=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\tz3p0onm.default\extensions\{aca8f056-3300-45c0-a840-7fa4a93be78f}\components\bhelper.dll
FF - plugin: c:\documents and settings\all users\application data\gadu-gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\owner\application data\nowe gadu-gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcnmozillainterface.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 11300562;11300562 Boot Guard Driver;c:\windows\system32\drivers\11300562.sys [2010-4-1 37392]
R1 11300561;11300561;c:\windows\system32\drivers\11300561.sys [2010-4-1 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-15 162640]
R1 setup_9.0.0.722_01.04.2010_19-04drv;setup_9.0.0.722_01.04.2010_19-04drv;c:\windows\system32\drivers\1130056.sys [2010-4-1 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-15 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-15 40384]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2008-7-31 81920]
S2 FlexService;Remote Connections Service; [x]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-15 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-15 40384]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-2-16 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-2-16 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2010-2-16 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2010-2-16 10368]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]

=============== Created Last 30 ================

2010-04-03 11:19:28 1402368 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-04-03 11:16:33 0 d-----w- c:\program files\common files\Thraex Software
2010-04-03 11:16:32 0 d-----w- c:\program files\XSitePro2
2010-04-02 19:33:34 0 d-----w- c:\program files\InterActual
2010-04-02 19:19:55 0 d-----w- c:\program files\common files\SureThing Shared
2010-04-02 11:50:43 0 d-----w- c:\windows\system32\Xara
2010-04-02 11:50:42 876544 ----a-w- c:\windows\system32\XaraDocG.dll
2010-04-02 11:50:41 86016 ----a-w- c:\windows\system32\BinCoder.dll
2010-04-02 11:50:41 253952 ----a-w- c:\windows\system32\TemplOp.dll
2010-04-02 11:50:41 23552 ----a-w- c:\windows\system32\XFontMan.dll
2010-04-02 11:50:41 131072 ----a-w- c:\windows\system32\BmpImporter.dll
2010-04-02 11:50:41 126976 ----a-w- c:\windows\system32\TemplMan.dll
2010-04-02 11:50:41 118784 ----a-w- c:\windows\system32\XMUpload.dll
2010-04-02 11:50:40 0 d-----w- c:\program files\Xara
2010-04-02 09:02:02 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-04-01 20:59:40 50 ----a-w- c:\windows\brmx2001.ini
2010-04-01 16:44:38 37392 ----a-w- c:\windows\system32\drivers\11300562.sys
2010-04-01 16:44:38 315408 ----a-w- c:\windows\system32\drivers\1130056.sys
2010-04-01 16:44:38 128016 ----a-w- c:\windows\system32\drivers\11300561.sys
2010-03-31 13:18:37 0 d-----w- c:\windows\pss
2010-03-31 12:15:04 0 d-----w- c:\docume~1\owner\applic~1\AnvSoft
2010-03-31 01:38:42 88576 ---ha-w- c:\windows\system32\byyaab.dll
2010-03-30 20:05:10 0 d-----w- c:\program files\LEC
2010-03-30 19:58:13 0 d-----w- c:\program files\Power Translator 12
2010-03-30 14:04:47 0 d-----w- c:\program files\Enigma Software Group
2010-03-30 11:27:30 94208 ---ha-w- c:\windows\system32\iiighe.dll
2010-03-30 11:27:30 94208 ---ha-w- c:\windows\system32\iiighe(3).dll
2010-03-30 10:43:07 0 ---ha-w- c:\windows\system32\geeccb.dll
2010-03-30 00:06:56 94208 ----a-w- c:\windows\system32\xxyvts.dll.vir
2010-03-29 16:12:18 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-29 16:12:18 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-29 16:12:17 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-29 16:12:17 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-29 16:12:17 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-29 16:12:13 0 d-----w- c:\program files\Trojan Remover
2010-03-29 16:12:13 0 d-----w- c:\docume~1\owner\applic~1\Simply Super Software
2010-03-29 16:12:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-03-29 15:21:39 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-03-29 15:21:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-28 22:59:53 2 ----a-w- c:\documents and settings\owner\tenmy.ini
2010-03-28 22:59:52 0 d-----w- c:\docume~1\owner\applic~1\msplyi4d
2010-03-28 22:59:48 303097 ----a-w- c:\documents and settings\owner\mpod.exe
2010-03-28 22:59:44 373693 ------w- c:\documents and settings\owner\msplyi4d.exe
2010-03-28 13:24:53 6 ----a-w- c:\windows\system32\sitesecuredll.inf
2010-03-28 13:23:24 0 d-----w- c:\program files\TrendyFlash Site Builder
2010-03-28 13:17:49 6 ----a-w- c:\windows\system32\securedll.inf
2010-03-28 13:17:11 0 d-----w- c:\program files\TrendyFlash Intro Builder
2010-03-28 11:31:46 692224 ----a-w- c:\windows\system32\emx6.dat
2010-03-28 11:31:46 53248 ----a-w- c:\windows\system32\emx11.dat
2010-03-28 11:31:46 40960 ----a-w- c:\windows\system32\emx10.dat
2010-03-28 11:31:46 360448 ----a-w- c:\windows\system32\emx13.dat
2010-03-28 11:31:46 311296 ----a-w- c:\windows\system32\emx8.dat
2010-03-28 11:31:46 307200 ----a-w- c:\windows\system32\emx7.dat
2010-03-28 11:31:46 172032 ----a-w- c:\windows\system32\emx9.dat
2010-03-28 11:31:45 352256 ----a-w- c:\windows\system32\emx2.dat
2010-03-28 11:31:45 213092 ----a-w- c:\windows\system32\emx1.dat
2010-03-28 11:31:45 126976 ----a-w- c:\windows\system32\emx3.dat
2010-03-28 11:31:45 110592 ----a-w- c:\windows\system32\emx4.dat
2010-03-28 11:31:45 1024000 ----a-w- c:\windows\system32\emx5.dat
2010-03-28 11:31:45 0 d-----w- c:\program files\Business Letter Professional
2010-03-27 13:50:33 0 d-----w- c:\program files\SAP Manage
2010-03-27 13:46:35 0 d-----w- C:\Mssql
2010-03-27 13:23:41 0 d-----w- c:\windows\speech
2010-03-27 12:52:50 0 d-----w- c:\program files\FLVCodec
2010-03-26 18:10:53 0 d-----w- c:\windows\Replay Video Capture
2010-03-26 18:10:53 0 d-----w- c:\program files\Replay Video Capture
2010-03-25 13:08:29 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-03-25 13:08:29 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-03-25 13:05:54 0 d-----w- c:\windows\Applian Director
2010-03-25 13:05:54 0 d-----w- c:\program files\Applian Director
2010-03-25 13:05:14 0 d-----w- c:\windows\Replay Media Catcher
2010-03-25 13:05:14 0 d-----w- c:\program files\Replay Media Catcher
2010-03-24 23:12:40 0 d-----w- c:\docume~1\owner\applic~1\Thinstall
2010-03-24 12:48:04 0 d-----w- c:\docume~1\owner\applic~1\Zoner
2010-03-22 12:13:35 0 d-----w- c:\program files\CRM-Express Professional
2010-03-21 17:32:54 0 d-----w- c:\program files\i5 Browser Button
2010-03-21 16:00:39 0 d-----w- c:\program files\WinPcap
2010-03-21 15:50:14 0 d-----w- c:\program files\Neoretix
2010-03-21 14:54:23 0 d-----w- c:\program files\i5
2010-03-20 15:21:27 0 d-----w- c:\docume~1\owner\applic~1\POLENG4
2010-03-20 15:18:47 0 d-----w- c:\program files\poleng
2010-03-20 15:06:57 0 d-----w- c:\program files\Alcohol Soft
2010-03-20 15:02:47 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-20 11:36:11 0 d-----w- c:\program files\WebSite X5 Evolution
2010-03-20 11:34:03 6114 ----a-w- c:\windows\system32\SHELLLNK.TLB
2010-03-20 11:34:03 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2010-03-20 11:34:03 207872 ----a-w- c:\windows\system32\iwpsetup.exe
2010-03-19 22:24:34 0 d-----r- c:\program files\Skype
2010-03-19 17:01:13 0 d-----w- c:\docume~1\alluse~1\applic~1\regcure
2010-03-16 23:46:35 0 d-----w- C:\WFINST
2010-03-16 13:47:17 0 d-----w- c:\docume~1\owner\applic~1\Web Page Maker
2010-03-16 13:47:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Web Page Maker
2010-03-16 13:47:11 0 d-----w- c:\program files\Web Page Maker
2010-03-16 12:40:33 0 d-----w- c:\docume~1\owner\applic~1\mjusbsp
2010-03-16 12:40:18 60032 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-16 12:40:18 60032 ------w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-16 12:16:02 0 d-----w- c:\docume~1\owner\applic~1\eSkiMoS R2
2010-03-16 12:15:57 0 d-----w- c:\program files\eSkiMoS R2
2010-03-15 13:26:58 0 d-----w- c:\docume~1\owner\applic~1\Micrografx
2010-03-14 22:16:09 63 ------w- c:\windows\2pic.ini
2010-03-14 11:32:52 0 d-----w- c:\program files\Nuclear Coffee
2010-03-14 11:13:46 0 d-----w- c:\program files\EZPhotoCalendarCreatorPlus
2010-03-12 14:31:16 0 d-----w- c:\docume~1\owner\applic~1\SDL
2010-03-12 14:24:13 0 d-----w- c:\docume~1\alluse~1\applic~1\SDL International
2010-03-12 14:22:52 0 d-----w- c:\program files\common files\SDL
2010-03-12 14:20:49 0 d-----w- c:\docume~1\owner\applic~1\Passolo 2009
2010-03-12 14:20:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Passolo 2009
2010-03-12 14:20:04 44544 ------w- c:\windows\system32\msxml4a.dll
2010-03-12 14:19:59 262328 ------w- c:\windows\system32\msdatgrd.ocx
2010-03-12 14:19:48 0 d-----w- c:\program files\SDL Passolo 2009
2010-03-12 14:08:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SDL
2010-03-12 14:08:04 0 d-----w- c:\program files\SDL
2010-03-12 12:28:20 0 d-----w- c:\documents and settings\all users\Menu Start
2010-03-12 00:12:00 0 d-----w- c:\docume~1\alluse~1\applic~1\ashampoo
2010-03-12 00:11:54 0 d-----w- c:\program files\Ashampoo
2010-03-11 23:56:57 0 d-----w- c:\program files\SlySoft
2010-03-11 20:57:19 67 ------w- c:\windows\Easy Avi Divx Xvid to DVD Burner.INI
2010-03-11 20:57:13 0 d-----w- c:\program files\Easy Avi Divx Xvid to DVD Burner
2010-03-11 11:58:46 1588 ------w- c:\windows\debugrcfile.ini
2010-03-11 11:58:43 0 d-----w- c:\program files\Recomposit
2010-03-10 10:31:47 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 14:53:06 0 d--h--w- c:\windows\PIF
2010-03-05 15:19:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Classifieds Searcher
2010-03-05 14:54:49 0 d-----w- c:\documents and settings\owner\PressService
2010-03-05 14:54:42 0 d-----w- c:\program files\CafeNews
2010-03-04 21:07:43 0 d-----w- c:\docume~1\owner\applic~1\Artisteer
2010-03-04 21:05:01 0 d-----w- c:\program files\RapidBIT

==================== Find3M ====================

2010-04-03 12:23:08 848 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-03-28 09:58:01 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-03-02 22:04:05 72080 ------w- c:\documents and settings\owner\g2mdlhlpx.exe
2010-02-28 12:23:50 21504 ------w- c:\windows\jestertb.dll
2010-02-28 12:00:45 51712 ------w- c:\windows\wc98pp.dll
2010-02-27 10:43:02 72192 ------w- c:\windows\SSEUninstaller.exe
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-22 01:12:18 737280 ------w- c:\windows\iun6002.exe
2010-02-21 02:35:16 88 --sh--r- c:\docume~1\alluse~1\applic~1\1C6520113A.sys
2010-02-17 01:56:46 411368 ------w- c:\windows\system32\deploytk.dll
2010-02-15 16:58:10 23552 ------w- c:\windows\system32\drivers\psasrv.exe
2010-02-15 16:58:10 17536 ------w- c:\windows\system32\drivers\psadd.sys
2010-02-15 16:36:14 50 ------w- c:\windows\system32\drivers\LENOVO_7387_26U.MRK
2010-02-15 16:14:46 7012 ------w- c:\windows\system32\drivers\pmemnt.sys
2010-02-02 20:33:20 8192 ------w- c:\windows\system32\BioPdf.PdfWriter.Lib.dll
2010-01-26 13:38:34 135168 ------w- c:\windows\system32\bzpdfc.dll
2010-01-14 00:57:58 194560 ------w- c:\windows\system32\bzpdf.dll
2010-01-05 10:00:21 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2007-03-09 08:12:32 27648 --sh--w- c:\windows\system32\AVSredirect.dll

============= FINISH: 8:26:01.84 ===============


Report •

#3
April 3, 2010 at 08:00:29

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.

Under the Custom Scans/Fixes box at the bottom, paste in text between the X's
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:Commands
[resethosts]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Avast antivirus , SuperAntispyware and any other realtime antispyware that you may have must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

Related Solutions

#4
April 3, 2010 at 10:07:52
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.0 log created on 04032010_130643

Report •

#5
April 3, 2010 at 15:34:15
You're awesome. It worked. Thank you soooooooooo much!

Report •

#6
April 3, 2010 at 15:34:15
You're awesome. It worked. Thank you soooooooooo much!

Report •

#7
April 3, 2010 at 16:10:11
There is more work to do, we should make sure all of the virus is removed.

Report •

#8
April 3, 2010 at 17:06:00
So what do I need to do now?

Report •

#9
April 3, 2010 at 17:18:25
Resetting the hosts files only remove the restricted internet problem you had, it will return if we don't follow through with the removal procedure. A common mistake many people make when their computer appears normal again.

If you ran Combofix we need to see that log as often the newest variants of these viri create/morph and generate new files that can only be removed manually. If this happen the baddie will return plus there is some standard clean up that always needs to happen.

The log should be located at C:\Combo-Fix.txt


Report •

#10
April 3, 2010 at 18:17:38
Sending in two parts:
============================
ComboFix 10-04-02.01 - Owner 04/03/2010 13:36:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3039.2467 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Owner\Application Data\Desktopicon
c:\documents and settings\Owner\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe
c:\documents and settings\Owner\Local Settings\Application Data\deskatm97\deskatm97.dll
c:\program files\i5\tbHElper.dll
c:\program files\Power Search Tool
c:\program files\Power Search Tool\alert_plugin.dll
c:\program files\Power Search Tool\basis.xml
c:\program files\Power Search Tool\ebay.bmp
c:\program files\Power Search Tool\icons.bmp
c:\program files\Power Search Tool\logo-4.bmp
c:\program files\Power Search Tool\mbback.bmp
c:\program files\Power Search Tool\mbbigopen.bmp
c:\program files\Power Search Tool\mbclose.bmp
c:\program files\Power Search Tool\mbfwd.bmp
c:\program files\Power Search Tool\mbsep.bmp
c:\program files\Power Search Tool\nav1c.bmp
c:\program files\Power Search Tool\options.html
c:\program files\Power Search Tool\PowerSearchTool4_0.crc
c:\program files\Power Search Tool\tbu09971\alert_plugin.dll
c:\program files\Power Search Tool\tbu09971\basis.xml
c:\program files\Power Search Tool\tbu09971\ebay.bmp
c:\program files\Power Search Tool\tbu09971\icons.bmp
c:\program files\Power Search Tool\tbu09971\logo-4.bmp
c:\program files\Power Search Tool\tbu09971\mbback.bmp
c:\program files\Power Search Tool\tbu09971\mbbigopen.bmp
c:\program files\Power Search Tool\tbu09971\mbclose.bmp
c:\program files\Power Search Tool\tbu09971\mbfwd.bmp
c:\program files\Power Search Tool\tbu09971\mbsep.bmp
c:\program files\Power Search Tool\tbu09971\nav1c.bmp
c:\program files\Power Search Tool\tbu09971\options.html
c:\program files\Power Search Tool\tbu09971\PowerSearchTool4_0.crc
c:\program files\Power Search Tool\tbu09971\version.txt
c:\program files\Power Search Tool\Thumbs.db
c:\program files\Power Search Tool\version.txt
c:\recycler\S-1-5-21-920636304-538572360-635092425-1003
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\AppPatch\AcAdProc.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\jestertb.dll
c:\windows\system32\byyaab.dll
c:\windows\system32\gebxvt.dll
c:\windows\system32\geeccb.dll
c:\windows\system32\iiighe(3).dll
c:\windows\system32\iiighe.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\wc98pp.dll
D:\install.exe
J:\Autorun.inf
K:\autorun.inf
K:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-03 17:06 . 2010-04-03 17:06 -------- d-----w- C:\_OTL
2010-04-03 11:19 . 2010-04-03 11:19 1402368 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-04-03 11:16 . 2010-04-03 11:16 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-04-03 11:16 . 2010-04-03 11:17 -------- d-----w- c:\program files\XSitePro2
2010-04-02 19:33 . 2010-04-02 19:34 -------- d-----w- c:\program files\InterActual
2010-04-02 19:19 . 2010-04-02 19:19 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-02 19:15 . 2010-04-02 19:15 -------- d-----w- c:\program files\Google
2010-04-02 11:50 . 2010-04-02 11:50 -------- d-----w- c:\windows\system32\Xara
2010-04-02 11:50 . 2003-10-17 18:03 876544 ----a-w- c:\windows\system32\XaraDocG.dll
2010-04-02 11:50 . 2003-11-13 16:13 118784 ----a-w- c:\windows\system32\XMUpload.dll
2010-04-02 11:50 . 2003-10-17 18:03 126976 ----a-w- c:\windows\system32\TemplMan.dll
2010-04-02 11:50 . 2003-10-14 19:49 253952 ----a-w- c:\windows\system32\TemplOp.dll
2010-04-02 11:50 . 2003-10-06 18:45 23552 ----a-w- c:\windows\system32\XFontMan.dll
2010-04-02 11:50 . 2003-10-01 18:49 131072 ----a-w- c:\windows\system32\BmpImporter.dll
2010-04-02 11:50 . 2003-05-19 20:18 86016 ----a-w- c:\windows\system32\BinCoder.dll
2010-04-02 11:50 . 2010-04-02 11:50 -------- d-----w- c:\program files\Xara
2010-04-02 09:02 . 2002-01-10 07:01 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-04-01 16:44 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\11300562.sys
2010-04-01 16:44 . 2009-10-10 03:31 315408 ----a-w- c:\windows\system32\drivers\1130056.sys
2010-04-01 16:44 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\11300561.sys
2010-03-31 12:15 . 2010-03-31 12:15 -------- d-----w- c:\documents and settings\Owner\Application Data\AnvSoft
2010-03-30 20:05 . 2010-03-30 20:05 -------- d-----w- c:\program files\LEC
2010-03-30 19:58 . 2010-03-30 20:20 -------- d-----w- c:\program files\Power Translator 12
2010-03-30 14:04 . 2010-03-30 14:04 -------- d-----w- c:\program files\Enigma Software Group
2010-03-30 00:06 . 2010-03-30 10:26 94208 ----a-w- c:\windows\system32\xxyvts.dll.vir
2010-03-29 16:12 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-29 16:12 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-29 16:12 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-29 16:12 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-29 16:12 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-29 16:12 . 2010-04-03 12:20 -------- d-----w- c:\program files\Trojan Remover
2010-03-29 16:12 . 2010-03-29 16:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
2010-03-29 16:12 . 2010-03-29 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-29 15:21 . 2010-03-29 15:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-29 15:21 . 2010-03-29 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-28 22:59 . 2010-03-28 22:59 -------- d-----w- c:\documents and settings\Owner\Application Data\msplyi4d
2010-03-28 22:59 . 2010-04-03 06:38 303097 ----a-w- c:\documents and settings\Owner\mpod.exe
2010-03-28 22:59 . 2010-03-28 22:59 373693 ------w- c:\documents and settings\Owner\msplyi4d.exe
2010-03-28 13:23 . 2010-03-28 13:23 -------- d-----w- c:\program files\TrendyFlash Site Builder
2010-03-28 13:17 . 2010-03-28 13:17 -------- d-----w- c:\program files\TrendyFlash Intro Builder
2010-03-27 13:54 . 2010-03-27 13:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Scansoft
2010-03-27 13:50 . 2010-03-27 13:50 -------- d-----w- c:\program files\SAP Manage
2010-03-27 13:46 . 2010-03-27 13:46 -------- d-----w- C:\Mssql
2010-03-27 13:23 . 2010-03-31 10:54 -------- d-----w- c:\windows\speech
2010-03-27 12:52 . 2010-03-27 12:52 -------- d-----w- c:\program files\FLVCodec
2010-03-26 18:10 . 2010-03-26 18:10 -------- d-----w- c:\windows\Replay Video Capture
2010-03-26 18:10 . 2010-03-26 18:10 -------- d-----w- c:\program files\Replay Video Capture
2010-03-25 13:08 . 2010-04-02 18:10 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-03-25 13:08 . 2010-04-02 18:10 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-03-25 13:06 . 2010-03-29 11:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\mdnslib
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\windows\Applian Director
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\program files\Applian Director
2010-03-25 13:05 . 2010-04-03 10:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FLVService
2010-03-25 13:05 . 2010-04-02 18:35 -------- d-----w- c:\program files\Replay Media Catcher
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\windows\Replay Media Catcher
2010-03-24 23:12 . 2010-03-24 23:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Thinstall
2010-03-24 14:44 . 2010-03-24 14:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-24 12:48 . 2010-03-24 12:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Zoner
2010-03-22 15:05 . 2010-03-22 15:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-22 12:13 . 2010-03-30 14:08 -------- d-----w- c:\program files\CRM-Express Professional
2010-03-21 17:32 . 2010-03-30 14:08 -------- d-----w- c:\program files\i5 Browser Button
2010-03-21 16:00 . 2010-03-27 12:52 -------- d-----w- c:\program files\WinPcap
2010-03-21 15:50 . 2010-03-27 10:26 -------- d-----w- c:\program files\Neoretix
2010-03-21 14:54 . 2010-04-03 17:41 -------- d-----w- c:\program files\i5
2010-03-20 15:21 . 2010-03-20 15:21 -------- d-----w- c:\documents and settings\Owner\Application Data\POLENG4
2010-03-20 15:18 . 2010-03-20 15:18 -------- d-----w- c:\program files\poleng
2010-03-20 15:06 . 2010-03-20 15:06 -------- d-----w- c:\program files\Alcohol Soft
2010-03-20 15:02 . 2010-03-20 15:02 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-20 11:36 . 2010-03-20 12:19 -------- d-----w- c:\program files\WebSite X5 Evolution
2010-03-20 11:34 . 2009-05-14 20:26 207872 ----a-w- c:\windows\system32\iwpsetup.exe
2010-03-20 11:34 . 1997-01-16 04:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2010-03-19 22:24 . 2010-03-27 22:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-03-19 22:24 . 2010-03-19 22:24 -------- d-----w- c:\program files\Common Files\Skype
2010-03-19 22:24 . 2010-03-19 22:24 -------- d-----r- c:\program files\Skype
2010-03-19 21:20 . 2010-03-19 21:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\tjnet
2010-03-19 17:01 . 2010-03-23 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\regcure
2010-03-16 23:46 . 2010-03-16 23:46 -------- d-----w- C:\WFINST
2010-03-16 17:15 . 2010-03-16 17:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nero
2010-03-16 13:47 . 2010-03-16 14:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Web Page Maker
2010-03-16 13:47 . 2010-03-16 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Web Page Maker
2010-03-16 13:47 . 2010-03-16 13:47 -------- d-----w- c:\program files\Web Page Maker
2010-03-16 12:40 . 2010-03-16 12:55 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2010-03-16 12:40 . 2008-04-14 04:15 60032 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-16 12:40 . 2008-04-14 04:15 60032 ------w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\documents and settings\Owner\Application Data\eSkiMoS R2
2010-03-16 12:15 . 2010-03-20 10:43 -------- d-----w- c:\program files\eSkiMoS R2
2010-03-15 13:26 . 2010-03-15 13:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Micrografx
2010-03-14 11:32 . 2010-03-14 11:32 -------- d-----w- c:\program files\Nuclear Coffee
2010-03-14 11:13 . 2010-03-14 11:24 -------- d-----w- c:\program files\EZPhotoCalendarCreatorPlus
2010-03-12 14:31 . 2010-03-12 14:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SDL
2010-03-12 14:31 . 2010-03-12 14:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SDL
2010-03-12 14:24 . 2010-03-12 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SDL International
2010-03-12 14:22 . 2010-03-12 14:23 -------- d-----w- c:\program files\Common Files\SDL
2010-03-12 14:20 . 2010-03-12 17:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Passolo 2009
2010-03-12 14:20 . 2010-03-12 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Passolo 2009
2010-03-12 14:20 . 2003-04-18 21:29 44544 ------w- c:\windows\system32\msxml4a.dll
2010-03-12 14:19 . 2010-03-30 14:08 -------- d-----w- c:\program files\SDL Passolo 2009
2010-03-12 14:08 . 2010-03-12 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SDL
2010-03-12 14:08 . 2010-03-12 14:22 -------- d-----w- c:\program files\SDL
2010-03-12 12:28 . 2010-03-12 12:28 -------- d-----w- c:\documents and settings\All Users\Menu Start
2010-03-12 02:04 . 2010-03-12 02:04 -------- d-----w- c:\documents and settings\Owner\Application Data\InterVideo
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ashampoo
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-03-12 00:11 . 2010-03-12 00:11 -------- d-----w- c:\program files\Ashampoo
2010-03-12 00:02 . 2010-03-12 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-03-11 23:56 . 2010-03-12 00:10 -------- d-----w- c:\program files\SlySoft
2010-03-11 20:57 . 2010-03-12 00:10 -------- d-----w- c:\program files\Easy Avi Divx Xvid to DVD Burner
2010-03-11 12:18 . 2010-03-11 12:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\photoOptimizeHistoryDataBase
2010-03-11 12:18 . 2010-03-11 12:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ashampoo Photo Optimizer 2
2010-03-11 11:58 . 2010-03-11 12:17 -------- d-----w- c:\program files\Recomposit
2010-03-10 10:31 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 14:53 . 2010-03-06 14:53 -------- d--h--w- c:\windows\PIF
2010-03-05 15:19 . 2010-03-05 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Classifieds Searcher
2010-03-05 14:54 . 2010-03-05 14:54 -------- d-----w- c:\documents and settings\Owner\PressService
2010-03-05 14:54 . 2010-03-30 14:08 -------- d-----w- c:\program files\CafeNews
2010-03-04 21:07 . 2010-03-04 21:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Artisteer
2010-03-04 21:05 . 2010-03-12 18:01 -------- d-----w- c:\program files\RapidBIT

.


Report •

#11
April 3, 2010 at 18:18:22
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 17:49 . 2010-02-21 02:29 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-03 12:17 . 2010-02-18 23:24 -------- d-----w- c:\program files\RegCure
2010-04-03 11:24 . 2010-02-20 01:21 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-04-02 19:34 . 2010-02-15 17:49 142760 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 19:20 . 2010-02-15 16:10 -------- d-----w- c:\program files\Roxio
2010-04-02 19:20 . 2010-02-15 16:10 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-02 19:17 . 2010-02-17 11:05 -------- d-----w- c:\program files\SightSpeed
2010-04-02 19:12 . 2010-02-17 11:03 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-02 19:11 . 2010-02-17 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-02 11:50 . 2010-02-15 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 12:14 . 2010-02-16 16:58 -------- d-----w- c:\program files\Opera
2010-03-31 13:07 . 2010-02-18 12:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
2010-03-31 12:15 . 2010-03-01 13:45 -------- d-----w- c:\program files\Any Audio Converter
2010-03-31 10:52 . 2010-02-16 17:26 -------- d-----w- c:\program files\Common Files\scansoft shared
2010-03-30 14:08 . 2010-02-22 01:12 -------- d-----w- c:\program files\WYSIWYG Web Builder 6
2010-03-30 14:08 . 2010-02-18 15:12 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-30 14:08 . 2010-02-20 11:35 -------- d-----w- c:\program files\MagicISO
2010-03-30 14:08 . 2010-02-18 12:50 -------- d-----w- c:\program files\MetaTrader - CMS Forex
2010-03-30 14:08 . 2010-02-27 11:41 -------- d-----w- c:\program files\Quicken
2010-03-30 14:08 . 2010-02-21 01:02 -------- d-----w- c:\program files\Replay AV 8
2010-03-28 11:39 . 2010-03-28 11:31 -------- d-----w- c:\program files\Business Letter Professional
2010-03-28 09:58 . 2010-02-15 16:14 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-03-28 01:32 . 2010-02-17 17:55 1097048 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-27 20:21 . 2010-02-16 19:23 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-03-27 09:28 . 2010-02-16 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-20 08:46 . 2010-02-26 23:46 -------- d-----w- c:\program files\Techland
2010-03-19 22:24 . 2010-02-16 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-18 10:53 . 2010-03-01 13:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Audio Converter
2010-03-17 22:20 . 2010-02-17 11:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2010-03-13 20:23 . 2010-02-20 01:22 -------- d-----w- c:\program files\uTorrent
2010-03-12 18:16 . 2010-02-16 19:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-12 14:21 . 2010-02-15 16:08 -------- d-----w- c:\program files\Java
2010-03-11 08:03 . 2010-02-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 11:24 . 2010-02-15 17:51 153184 ------w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-15 17:52 46672 ------w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-15 17:52 162640 ------w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-15 17:52 23376 ------w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-15 17:52 100432 ------w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-15 17:52 94800 ------w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-15 17:52 19024 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-15 17:52 28880 ------w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 21:09 . 2010-03-01 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Craigslist Ultimate Reader
2010-03-03 11:52 . 2010-03-03 11:51 -------- d-----w- c:\program files\PhotoInstrument
2010-03-02 22:04 . 2010-02-19 01:37 72080 ------w- c:\documents and settings\Owner\g2mdlhlpx.exe
2010-03-02 15:00 . 2010-03-02 15:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Individual Software
2010-03-02 14:47 . 2010-03-02 14:47 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenFM
2010-03-02 10:19 . 2010-02-28 19:56 -------- d-----w- c:\program files\Microsoft Works
2010-03-02 10:14 . 2010-02-21 01:55 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-01 19:04 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-03-01 15:59 . 2010-03-01 15:53 -------- d-----w- c:\program files\Graboid
2010-03-01 15:58 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Launcher
2010-03-01 15:58 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Graboid Inc
2010-03-01 15:57 . 2010-03-01 15:57 -------- d-----w- c:\documents and settings\Owner\Application Data\MozillaControl
2010-03-01 15:53 . 2010-03-01 15:53 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-03-01 15:53 . 2010-03-01 15:53 -------- d-----w- c:\program files\VideoLAN
2010-03-01 14:03 . 2010-03-01 14:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Softplicity
2010-03-01 14:03 . 2010-03-01 14:03 -------- d-----w- c:\program files\TotalAudioConverter
2010-03-01 12:28 . 2010-03-01 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software
2010-03-01 12:26 . 2010-03-01 12:26 -------- d-----w- c:\program files\Common Files\Individual Software
2010-03-01 12:26 . 2010-03-01 12:26 -------- d-----w- c:\program files\Individual Software
2010-02-28 20:15 . 2010-02-28 20:15 -------- d-----w- c:\program files\Microsoft Expression
2010-02-28 19:56 . 2010-02-15 17:07 -------- d-----w- c:\program files\MSBuild
2010-02-28 19:50 . 2010-02-28 19:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-28 17:14 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\Owner\Application Data\ipla
2010-02-28 17:13 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ipla
2010-02-28 17:12 . 2010-02-28 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Gadu-Gadu 10
2010-02-28 17:12 . 2010-02-28 17:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Gadu-Gadu 10
2010-02-27 11:52 . 2010-02-27 11:49 -------- d-----w- c:\program files\Common Files\Config
2010-02-27 11:48 . 2010-02-27 11:48 -------- d-----w- c:\program files\Common Files\Inet
2010-02-27 11:42 . 2010-02-27 11:42 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-02-27 11:41 . 2010-02-27 11:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Intuit
2010-02-27 11:41 . 2010-02-21 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-02-27 10:44 . 2010-02-27 10:43 -------- d-----w- c:\program files\Nevitium 1.4
2010-02-27 10:43 . 2010-02-27 10:43 72192 ------w- c:\windows\SSEUninstaller.exe
2010-02-26 13:00 . 2010-02-26 13:00 -------- d-----w- c:\program files\Studio Astropsychologii
2010-02-26 12:55 . 2010-02-26 12:55 -------- d-----w- c:\program files\G DATA Software
2010-02-25 15:19 . 2010-02-25 15:19 -------- d-----w- c:\program files\DsNET Corp
2010-02-25 11:27 . 2010-02-25 11:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Corel
2010-02-25 06:24 . 2006-04-30 05:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 13:52 . 2010-02-22 13:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2010-02-22 13:32 . 2010-02-22 13:11 -------- d-----w- c:\program files\Common Files\Nero
2010-02-22 13:23 . 2010-02-22 13:12 -------- d-----w- c:\program files\Nero
2010-02-22 13:22 . 2010-02-22 13:22 -------- d-----w- c:\program files\Windows Sidebar
2010-02-22 13:17 . 2010-02-22 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-22 12:56 . 2010-02-22 12:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Nowe Gadu-Gadu
2010-02-22 12:49 . 2010-02-22 12:49 -------- d-----w- c:\program files\Ratajik Software
2010-02-22 01:12 . 2010-02-21 01:02 737280 ------w- c:\windows\iun6002.exe
2010-02-21 02:35 . 2010-02-21 02:29 88 --sh--r- c:\documents and settings\All Users\Application Data\1C6520113A.sys
2010-02-21 02:29 . 2010-02-21 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ACT
2010-02-21 02:29 . 2010-02-21 02:29 -------- d-----w- c:\documents and settings\Owner\Application Data\IsolatedStorage
2010-02-21 02:17 . 2010-02-21 02:17 -------- d-----w- c:\program files\Common Files\Protexis
2010-02-21 02:12 . 2010-02-15 17:50 -------- d-----w- c:\program files\Microsoft.NET
2010-02-21 02:10 . 2010-02-21 02:10 -------- d-----w- c:\program files\MSXML 6.0
2010-02-21 01:55 . 2010-02-21 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\ACT
2010-02-21 01:55 . 2010-02-21 01:55 -------- d-----w- c:\program files\ACT
2010-02-21 01:03 . 2010-02-21 01:03 -------- d-----w- c:\program files\YouSendIt
2010-02-21 01:02 . 2010-02-21 01:02 -------- d-----w- c:\program files\Replay Converter
2010-02-21 00:14 . 2010-02-21 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11
2010-02-21 00:07 . 2010-02-21 00:06 -------- d-----w- c:\program files\Common Files\Intuit
2010-02-21 00:06 . 2010-02-21 00:06 -------- d-----w- c:\program files\Intuit
2007-03-09 08:12 . 2007-03-09 08:12 27648 --sh--w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74549586-617F-448D-A0B9-332AF8FCAF21}]
2010-01-25 19:23 1179408 ----a-w- c:\program files\i5 Browser Button\BolotoIEToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"msplyi4d"="c:\documents and settings\Owner\Application Data\msplyi4d\msplyi4d.exe" [2010-03-28 373693]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"SetDefPrt"="c:\program files\Brother\Brmflp03\BrStDvPt.exe" [2003-03-28 45056]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-04-03 492840]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-08-01 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2008-08-01 393216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CafeNews"="c:\program files\CafeNews\CN.exe" [2008-07-22 1228800]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
setup_9.0.0.722_01.04.2010_19-04.lnk - c:\documents and settings\Owner\Desktop\Virus\Virus Removal Tool\setup_9.0.0.722_01.04.2010_19-04\startup.exe [2010-4-1 72208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 01:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 20:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 18:44 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2005-04-13 22:34 49152 ------w- c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-02 14:41 1519616 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 14:00 1116920 ------w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R0 11300562;11300562 Boot Guard Driver;c:\windows\system32\drivers\11300562.sys [4/1/2010 12:44 PM 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/20/2010 11:02 AM 685816]
R1 11300561;11300561;c:\windows\system32\drivers\11300561.sys [4/1/2010 12:44 PM 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/15/2010 1:52 PM 162640]
R1 setup_9.0.0.722_01.04.2010_19-04drv;setup_9.0.0.722_01.04.2010_19-04drv;c:\windows\system32\drivers\1130056.sys [4/1/2010 12:44 PM 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/15/2010 1:52 PM 19024]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 4:27 AM 29262680]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 7:55 PM 3968]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 2:57 PM 70952]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [7/31/2008 9:04 PM 81920]
S2 FlexService;Remote Connections Service; [x]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2/16/2010 1:32 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2/16/2010 1:30 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/16/2010 1:32 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/16/2010 1:32 PM 10368]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-03 c:\windows\Tasks\User_Feed_Synchronization-{5B7043C9-1BF9-460F-8C5F-CD452202DD4A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]


Report •

#12
April 3, 2010 at 18:18:53
.
.
------- Supplementary Scan -------
.
uStart Page = onet.pl/
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D} - c:\program files\i5 Browser Button\BolotoIEToolbar.dll
IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - c:\program files\Techland\Common\InternetTranslator\InternetTranslator.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tz3p0onm.default\
FF - prefs.js: browser.startup.homepage - hxxp://chomikuj.pl
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11145&client_id=d48af2bca8b99e34aeb88868&camp_id=324&install_time=2010-03-22T11:28Z&tb_version=2.4.2000%28F%29&pr=auto&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tz3p0onm.default\extensions\{ACA8F056-3300-45C0-A840-7FA4A93BE78F}\components\bhelper.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcnmozillainterface.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-deskatm97 - c:\documents and settings\Owner\Local Settings\Application Data\deskatm97\deskatm97.dll
HKCU-Run-mligebdrv - iiighe.dll
HKCU-Run-ddawxwdrv - gebxvt.dll
HKLM-Run-ljihhedrv - iiighe.dll
HKLM-Run-urppolsys - byyaab.dll
HKLM-Run-mlkkkidrv - gebxvt.dll
HKU-Default-Run-fcbyxxdrv - iiighe.dll
HKU-Default-Run-byvvvwsys - byyaab.dll
HKU-Default-Run-jkkkifdrv - gebxvt.dll
AddRemove-eBay Icon - c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 13:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8AEBE8AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba67dcb8
\Driver\atapi -> atapi.sys @ 0xba638b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Broadcom NetLink (TM) Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xba52bbb0
PacketIndicateHandler -> NDIS.sys @ 0xba538a21
SendHandler -> NDIS.sys @ 0xba51687b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\mssql\BinnMSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2010-04-03 13:57:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 17:57

Pre-Run: 39,931,842,560 bytes free
Post-Run: 42,618,658,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 56FEE5471D7555EB5F4577EDAA6F7DFD


Report •

#13
April 3, 2010 at 19:08:59
You need to uninstall these programs as they are known to harbor spyware, your option of course;


utorrent
the bar (toolbar)


Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\xxyvts.dll.vir

DIRLOOK::
c:\documents and settings\Owner\Application Data\msplyi4d
c:\program files\i5

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Please go to Virus Total and upload the following file for analysis:

c:\documents and settings\Owner\msplyi4d.exe

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file". If the file has already been analyzed click the reanalyze button to have it checked again.

Post the results in your reply.


Report •

#14
April 3, 2010 at 20:10:24
ComboFix 10-04-02.01 - Owner 04/03/2010 22:35:19.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3039.2472 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\xxyvts.dll.vir"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\POWERS~1\POWErs~1.dll
c:\program files\Power Search Tool
c:\program files\Power Search Tool\alert_plugin.dll
c:\program files\Power Search Tool\basis.xml
c:\program files\Power Search Tool\ebay.bmp
c:\program files\Power Search Tool\icons.bmp
c:\program files\Power Search Tool\logo-4.bmp
c:\program files\Power Search Tool\mbback.bmp
c:\program files\Power Search Tool\mbbigopen.bmp
c:\program files\Power Search Tool\mbclose.bmp
c:\program files\Power Search Tool\mbfwd.bmp
c:\program files\Power Search Tool\mbsep.bmp
c:\program files\Power Search Tool\nav1c.bmp
c:\program files\Power Search Tool\options.html
c:\program files\Power Search Tool\PowerSearchTool4_0.crc
c:\program files\Power Search Tool\PowerSearchTool4_0.dll
c:\program files\Power Search Tool\version.txt
c:\windows\system32\xxyvts.dll.vir

.
((((((((((((((((((((((((( Files Created from 2010-03-04 to 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-03 17:06 . 2010-04-03 17:06 -------- d-----w- C:\_OTL
2010-04-03 11:19 . 2010-04-03 11:19 1402368 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-04-03 11:16 . 2010-04-03 11:16 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-04-03 11:16 . 2010-04-03 11:17 -------- d-----w- c:\program files\XSitePro2
2010-04-02 19:33 . 2010-04-02 19:34 -------- d-----w- c:\program files\InterActual
2010-04-02 19:19 . 2010-04-02 19:19 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-02 19:15 . 2010-04-02 19:15 -------- d-----w- c:\program files\Google
2010-04-02 11:50 . 2010-04-02 11:50 -------- d-----w- c:\windows\system32\Xara
2010-04-02 11:50 . 2003-10-17 18:03 876544 ----a-w- c:\windows\system32\XaraDocG.dll
2010-04-02 11:50 . 2003-11-13 16:13 118784 ----a-w- c:\windows\system32\XMUpload.dll
2010-04-02 11:50 . 2003-10-17 18:03 126976 ----a-w- c:\windows\system32\TemplMan.dll
2010-04-02 11:50 . 2003-10-14 19:49 253952 ----a-w- c:\windows\system32\TemplOp.dll
2010-04-02 11:50 . 2003-10-06 18:45 23552 ----a-w- c:\windows\system32\XFontMan.dll
2010-04-02 11:50 . 2003-10-01 18:49 131072 ----a-w- c:\windows\system32\BmpImporter.dll
2010-04-02 11:50 . 2003-05-19 20:18 86016 ----a-w- c:\windows\system32\BinCoder.dll
2010-04-02 11:50 . 2010-04-02 11:50 -------- d-----w- c:\program files\Xara
2010-04-02 09:02 . 2002-01-10 07:01 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-04-01 16:44 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\11300562.sys
2010-04-01 16:44 . 2009-10-10 03:31 315408 ----a-w- c:\windows\system32\drivers\1130056.sys
2010-04-01 16:44 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\11300561.sys
2010-03-31 12:15 . 2010-03-31 12:15 -------- d-----w- c:\documents and settings\Owner\Application Data\AnvSoft
2010-03-30 20:05 . 2010-03-30 20:05 -------- d-----w- c:\program files\LEC
2010-03-30 19:58 . 2010-03-30 20:20 -------- d-----w- c:\program files\Power Translator 12
2010-03-30 14:04 . 2010-03-30 14:04 -------- d-----w- c:\program files\Enigma Software Group
2010-03-29 16:12 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-29 16:12 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-29 16:12 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-29 16:12 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-29 16:12 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-29 16:12 . 2010-04-03 12:20 -------- d-----w- c:\program files\Trojan Remover
2010-03-29 16:12 . 2010-03-29 16:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
2010-03-29 16:12 . 2010-03-29 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-29 15:21 . 2010-03-29 15:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-29 15:21 . 2010-03-29 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-28 22:59 . 2010-03-28 22:59 -------- d-----w- c:\documents and settings\Owner\Application Data\msplyi4d
2010-03-28 22:59 . 2010-04-03 06:38 303097 ----a-w- c:\documents and settings\Owner\mpod.exe
2010-03-28 22:59 . 2010-03-28 22:59 373693 ------w- c:\documents and settings\Owner\msplyi4d.exe
2010-03-28 13:23 . 2010-03-28 13:23 -------- d-----w- c:\program files\TrendyFlash Site Builder
2010-03-28 13:17 . 2010-03-28 13:17 -------- d-----w- c:\program files\TrendyFlash Intro Builder
2010-03-27 13:54 . 2010-03-27 13:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Scansoft
2010-03-27 13:50 . 2010-03-27 13:50 -------- d-----w- c:\program files\SAP Manage
2010-03-27 13:46 . 2010-03-27 13:46 -------- d-----w- C:\Mssql
2010-03-27 13:23 . 2010-03-31 10:54 -------- d-----w- c:\windows\speech
2010-03-27 12:52 . 2010-03-27 12:52 -------- d-----w- c:\program files\FLVCodec
2010-03-26 18:10 . 2010-03-26 18:10 -------- d-----w- c:\windows\Replay Video Capture
2010-03-26 18:10 . 2010-03-26 18:10 -------- d-----w- c:\program files\Replay Video Capture
2010-03-25 13:08 . 2010-04-04 01:27 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-03-25 13:08 . 2010-04-04 01:27 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-03-25 13:06 . 2010-04-04 01:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\mdnslib
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\windows\Applian Director
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\program files\Applian Director
2010-03-25 13:05 . 2010-04-04 01:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FLVService
2010-03-25 13:05 . 2010-04-04 02:19 -------- d-----w- c:\program files\Replay Media Catcher
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\windows\Replay Media Catcher
2010-03-24 23:12 . 2010-03-24 23:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Thinstall
2010-03-24 14:44 . 2010-03-24 14:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-24 12:48 . 2010-03-24 12:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Zoner
2010-03-22 15:05 . 2010-03-22 15:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-22 12:13 . 2010-03-30 14:08 -------- d-----w- c:\program files\CRM-Express Professional
2010-03-21 17:32 . 2010-04-04 02:27 -------- d-----w- c:\program files\i5 Browser Button
2010-03-21 16:00 . 2010-03-27 12:52 -------- d-----w- c:\program files\WinPcap
2010-03-21 15:50 . 2010-03-27 10:26 -------- d-----w- c:\program files\Neoretix
2010-03-21 14:54 . 2010-04-03 17:41 -------- d-----w- c:\program files\i5
2010-03-20 15:21 . 2010-03-20 15:21 -------- d-----w- c:\documents and settings\Owner\Application Data\POLENG4
2010-03-20 15:18 . 2010-03-20 15:18 -------- d-----w- c:\program files\poleng
2010-03-20 15:06 . 2010-03-20 15:06 -------- d-----w- c:\program files\Alcohol Soft
2010-03-20 15:02 . 2010-03-20 15:02 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-20 11:36 . 2010-03-20 12:19 -------- d-----w- c:\program files\WebSite X5 Evolution
2010-03-20 11:34 . 2009-05-14 20:26 207872 ----a-w- c:\windows\system32\iwpsetup.exe
2010-03-20 11:34 . 1997-01-16 04:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2010-03-19 22:24 . 2010-03-27 22:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-03-19 22:24 . 2010-03-19 22:24 -------- d-----w- c:\program files\Common Files\Skype
2010-03-19 22:24 . 2010-03-19 22:24 -------- d-----r- c:\program files\Skype
2010-03-19 21:20 . 2010-03-19 21:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\tjnet
2010-03-19 17:01 . 2010-03-23 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\regcure
2010-03-16 23:46 . 2010-03-16 23:46 -------- d-----w- C:\WFINST
2010-03-16 17:15 . 2010-03-16 17:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nero
2010-03-16 13:47 . 2010-03-16 14:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Web Page Maker
2010-03-16 13:47 . 2010-03-16 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Web Page Maker
2010-03-16 13:47 . 2010-03-16 13:47 -------- d-----w- c:\program files\Web Page Maker
2010-03-16 12:40 . 2010-03-16 12:55 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2010-03-16 12:40 . 2008-04-14 04:15 60032 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-16 12:40 . 2008-04-14 04:15 60032 ------w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\documents and settings\Owner\Application Data\eSkiMoS R2
2010-03-16 12:15 . 2010-03-20 10:43 -------- d-----w- c:\program files\eSkiMoS R2
2010-03-15 13:26 . 2010-03-15 13:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Micrografx
2010-03-14 11:32 . 2010-03-14 11:32 -------- d-----w- c:\program files\Nuclear Coffee
2010-03-14 11:13 . 2010-03-14 11:24 -------- d-----w- c:\program files\EZPhotoCalendarCreatorPlus
2010-03-12 14:31 . 2010-03-12 14:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SDL
2010-03-12 14:31 . 2010-03-12 14:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SDL
2010-03-12 14:24 . 2010-03-12 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SDL International
2010-03-12 14:22 . 2010-03-12 14:23 -------- d-----w- c:\program files\Common Files\SDL
2010-03-12 14:20 . 2010-03-12 17:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Passolo 2009
2010-03-12 14:20 . 2010-03-12 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Passolo 2009
2010-03-12 14:20 . 2003-04-18 21:29 44544 ------w- c:\windows\system32\msxml4a.dll
2010-03-12 14:19 . 2010-03-30 14:08 -------- d-----w- c:\program files\SDL Passolo 2009
2010-03-12 14:08 . 2010-03-12 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SDL
2010-03-12 14:08 . 2010-03-12 14:22 -------- d-----w- c:\program files\SDL
2010-03-12 12:28 . 2010-03-12 12:28 -------- d-----w- c:\documents and settings\All Users\Menu Start
2010-03-12 02:04 . 2010-03-12 02:04 -------- d-----w- c:\documents and settings\Owner\Application Data\InterVideo
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ashampoo
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-03-12 00:11 . 2010-03-12 00:11 -------- d-----w- c:\program files\Ashampoo
2010-03-12 00:02 . 2010-03-12 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-03-11 23:56 . 2010-03-12 00:10 -------- d-----w- c:\program files\SlySoft
2010-03-11 20:57 . 2010-03-12 00:10 -------- d-----w- c:\program files\Easy Avi Divx Xvid to DVD Burner
2010-03-11 12:18 . 2010-03-11 12:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\photoOptimizeHistoryDataBase
2010-03-11 12:18 . 2010-03-11 12:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ashampoo Photo Optimizer 2
2010-03-11 11:58 . 2010-03-11 12:17 -------- d-----w- c:\program files\Recomposit
2010-03-10 10:31 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 14:53 . 2010-03-06 14:53 -------- d--h--w- c:\windows\PIF
2010-03-05 15:19 . 2010-03-05 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Classifieds Searcher
2010-03-05 14:54 . 2010-03-05 14:54 -------- d-----w- c:\documents and settings\Owner\PressService
2010-03-05 14:54 . 2010-03-30 14:08 -------- d-----w- c:\program files\CafeNews

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 02:51 . 2010-02-21 02:29 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-04 02:26 . 2010-02-20 01:21 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-04-03 12:17 . 2010-02-18 23:24 -------- d-----w- c:\program files\RegCure
2010-04-02 19:34 . 2010-02-15 17:49 142760 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 19:20 . 2010-02-15 16:10 -------- d-----w- c:\program files\Roxio
2010-04-02 19:20 . 2010-02-15 16:10 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-02 19:17 . 2010-02-17 11:05 -------- d-----w- c:\program files\SightSpeed
2010-04-02 19:12 . 2010-02-17 11:03 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-02 19:11 . 2010-02-17 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-02 11:50 . 2010-02-15 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 12:14 . 2010-02-16 16:58 -------- d-----w- c:\program files\Opera
2010-03-31 13:07 . 2010-02-18 12:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
2010-03-31 12:15 . 2010-03-01 13:45 -------- d-----w- c:\program files\Any Audio Converter
2010-03-31 10:52 . 2010-02-16 17:26 -------- d-----w- c:\program files\Common Files\scansoft shared
2010-03-30 14:08 . 2010-02-22 01:12 -------- d-----w- c:\program files\WYSIWYG Web Builder 6
2010-03-30 14:08 . 2010-02-18 15:12 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-30 14:08 . 2010-02-20 11:35 -------- d-----w- c:\program files\MagicISO
2010-03-30 14:08 . 2010-02-18 12:50 -------- d-----w- c:\program files\MetaTrader - CMS Forex
2010-03-30 14:08 . 2010-02-27 11:41 -------- d-----w- c:\program files\Quicken
2010-03-30 14:08 . 2010-02-21 01:02 -------- d-----w- c:\program files\Replay AV 8
2010-03-28 11:39 . 2010-03-28 11:31 -------- d-----w- c:\program files\Business Letter Professional
2010-03-28 09:58 . 2010-02-15 16:14 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-03-28 01:32 . 2010-02-17 17:55 1097048 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-27 20:21 . 2010-02-16 19:23 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-03-27 09:28 . 2010-02-16 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-20 08:46 . 2010-02-26 23:46 -------- d-----w- c:\program files\Techland
2010-03-19 22:24 . 2010-02-16 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-18 10:53 . 2010-03-01 13:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Audio Converter
2010-03-17 22:20 . 2010-02-17 11:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2010-03-12 18:16 . 2010-02-16 19:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-12 18:01 . 2010-03-04 21:05 -------- d-----w- c:\program files\RapidBIT
2010-03-12 14:21 . 2010-02-15 16:08 -------- d-----w- c:\program files\Java
2010-03-11 08:03 . 2010-02-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 11:24 . 2010-02-15 17:51 153184 ------w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-15 17:52 46672 ------w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-15 17:52 162640 ------w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-15 17:52 23376 ------w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-15 17:52 100432 ------w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-15 17:52 94800 ------w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-15 17:52 19024 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-15 17:52 28880 ------w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 21:09 . 2010-03-01 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Craigslist Ultimate Reader
2010-03-04 21:07 . 2010-03-04 21:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Artisteer
2010-03-03 11:52 . 2010-03-03 11:51 -------- d-----w- c:\program files\PhotoInstrument
2010-03-02 22:04 . 2010-02-19 01:37 72080 ------w- c:\documents and settings\Owner\g2mdlhlpx.exe
2010-03-02 15:00 . 2010-03-02 15:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Individual Software
2010-03-02 14:47 . 2010-03-02 14:47 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenFM
2010-03-02 10:19 . 2010-02-28 19:56 -------- d-----w- c:\program files\Microsoft Works
2010-03-02 10:14 . 2010-02-21 01:55 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-01 19:04 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-03-01 15:59 . 2010-03-01 15:53 -------- d-----w- c:\program files\Graboid
2010-03-01 15:58 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Launcher
2010-03-01 15:58 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Graboid Inc
2010-03-01 15:57 . 2010-03-01 15:57 -------- d-----w- c:\documents and settings\Owner\Application Data\MozillaControl
2010-03-01 15:53 . 2010-03-01 15:53 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-03-01 15:53 . 2010-03-01 15:53 -------- d-----w- c:\program files\VideoLAN
2010-03-01 14:03 . 2010-03-01 14:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Softplicity
2010-03-01 14:03 . 2010-03-01 14:03 -------- d-----w- c:\program files\TotalAudioConverter
2010-03-01 12:28 . 2010-03-01 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software
2010-03-01 12:26 . 2010-03-01 12:26 -------- d-----w- c:\program files\Common Files\Individual Software
2010-03-01 12:26 . 2010-03-01 12:26 -------- d-----w- c:\program files\Individual Software
2010-02-28 20:15 . 2010-02-28 20:15 -------- d-----w- c:\program files\Microsoft Expression
2010-02-28 19:56 . 2010-02-15 17:07 -------- d-----w- c:\program files\MSBuild
2010-02-28 19:50 . 2010-02-28 19:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-28 17:14 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\Owner\Application Data\ipla
2010-02-28 17:13 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ipla
2010-02-28 17:12 . 2010-02-28 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Gadu-Gadu 10
2010-02-28 17:12 . 2010-02-28 17:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Gadu-Gadu 10
2010-02-27 11:52 . 2010-02-27 11:49 -------- d-----w- c:\program files\Common Files\Config
2010-02-27 11:48 . 2010-02-27 11:48 -------- d-----w- c:\program files\Common Files\Inet
2010-02-27 11:42 . 2010-02-27 11:42 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-02-27 11:41 . 2010-02-27 11:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Intuit
2010-02-27 11:41 . 2010-02-21 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-02-27 10:44 . 2010-02-27 10:43 -------- d-----w- c:\program files\Nevitium 1.4
2010-02-27 10:43 . 2010-02-27 10:43 72192 ------w- c:\windows\SSEUninstaller.exe
2010-02-26 13:00 . 2010-02-26 13:00 -------- d-----w- c:\program files\Studio Astropsychologii
2010-02-26 12:55 . 2010-02-26 12:55 -------- d-----w- c:\program files\G DATA Software
2010-02-25 15:19 . 2010-02-25 15:19 -------- d-----w- c:\program files\DsNET Corp
2010-02-25 11:27 . 2010-02-25 11:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Corel
2010-02-25 06:24 . 2006-04-30 05:11 916480 ------w- c:\windows\system32\wininet.dll
2010-02-22 13:52 . 2010-02-22 13:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2010-02-22 13:32 . 2010-02-22 13:11 -------- d-----w- c:\program files\Common Files\Nero
2010-02-22 13:23 . 2010-02-22 13:12 -------- d-----w- c:\program files\Nero
2010-02-22 13:22 . 2010-02-22 13:22 -------- d-----w- c:\program files\Windows Sidebar
2010-02-22 13:17 . 2010-02-22 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-22 12:56 . 2010-02-22 12:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Nowe Gadu-Gadu
2010-02-22 12:49 . 2010-02-22 12:49 -------- d-----w- c:\program files\Ratajik Software
2010-02-22 01:12 . 2010-02-21 01:02 737280 ------w- c:\windows\iun6002.exe
2010-02-21 02:35 . 2010-02-21 02:29 88 --sh--r- c:\documents and settings\All Users\Application Data\1C6520113A.sys
2010-02-21 02:29 . 2010-02-21 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ACT
2010-02-21 02:29 . 2010-02-21 02:29 -------- d-----w- c:\documents and settings\Owner\Application Data\IsolatedStorage
2010-02-21 02:17 . 2010-02-21 02:17 -------- d-----w- c:\program files\Common Files\Protexis
2010-02-21 02:12 . 2010-02-15 17:50 -------- d-----w- c:\program files\Microsoft.NET
2010-02-21 02:10 . 2010-02-21 02:10 -------- d-----w- c:\program files\MSXML 6.0
2010-02-21 01:55 . 2010-02-21 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\ACT
2010-02-21 01:55 . 2010-02-21 01:55 -------- d-----w- c:\program files\ACT
2010-02-21 01:03 . 2010-02-21 01:03 -------- d-----w- c:\program files\YouSendIt
2010-02-21 01:02 . 2010-02-21 01:02 -------- d-----w- c:\program files\Replay Converter
2010-02-21 00:14 . 2010-02-21 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11
2010-02-21 00:07 . 2010-02-21 00:06 -------- d-----w- c:\program files\Common Files\Intuit
2007-03-09 08:12 . 2007-03-09 08:12 27648 --sh--w- c:\windows\system32\AVSredirect.dll
.


Report •

#15
April 3, 2010 at 20:10:50
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Owner\Application Data\msplyi4d ----

2010-03-28 22:59 . 2010-04-03 06:38 160 ----a-w- c:\documents and settings\Owner\Application Data\msplyi4d\config.ini
2010-03-28 22:59 . 2010-03-28 22:59 373693 ------w- c:\documents and settings\Owner\Application Data\msplyi4d\msplyi4d.exe

---- Directory of c:\program files\i5 ----

2010-03-30 14:08 . 2010-03-30 14:08 7680 --sha-w- c:\program files\i5\Thumbs.db
2010-03-21 17:32 . 2010-03-21 17:32 76897 ----a-w- c:\program files\i5\UninstallToolbar.exe
2010-01-16 09:37 . 2010-01-16 09:37 49664 ----a-w- c:\program files\i5\ClearHist.exe
2010-01-15 21:58 . 2010-01-15 21:58 3635200 ----a-w- c:\program files\i5\tbcore3.dll
2010-01-15 21:58 . 2010-01-15 21:58 121856 ----a-w- c:\program files\i5\TheBarPlugin.dll
2010-01-15 09:22 . 2010-01-15 09:22 39137 ----a-w- c:\program files\i5\login.js
2010-01-15 08:43 . 2010-01-15 08:43 795 ----a-w- c:\program files\i5\amberAlert.htm
2010-01-09 04:37 . 2010-03-21 17:32 24931 ----a-w- c:\program files\i5\basis.xml
2010-01-05 00:02 . 2010-01-05 00:02 12914 ----a-w- c:\program files\i5\AmberAlert.png
2009-12-05 06:55 . 2009-12-05 06:55 370688 ----a-w- c:\program files\i5\custombuttons_plugin.dll
2009-12-05 06:22 . 2009-12-05 06:22 7189 ----a-w- c:\program files\i5\login.htm
2009-12-05 06:22 . 2009-12-05 06:22 2861 ----a-w- c:\program files\i5\login.html
2009-12-05 06:22 . 2009-12-05 06:22 57161 ----a-w- c:\program files\i5\share.htm
2009-12-03 21:41 . 2009-12-03 21:41 1286656 ----a-w- c:\program files\i5\emailchecker_plugin.dll
2009-12-02 01:28 . 2009-12-02 01:28 5974 ----a-w- c:\program files\i5\Logo.bmp
2009-12-02 01:28 . 2009-12-02 01:28 2453 ----a-w- c:\program files\i5\adultfilter.js
2009-12-02 01:28 . 2009-12-02 01:28 685 ----a-w- c:\program files\i5\arrow_refresh.png
2009-12-02 01:28 . 2009-12-02 01:28 3277 ----a-w- c:\program files\i5\autosignin.js
2009-12-02 01:28 . 2009-12-02 01:28 1064 ----a-w- c:\program files\i5\autoviewads.js
2009-12-02 01:28 . 2009-12-02 01:28 1231 ----a-w- c:\program files\i5\btn_sign_in_out.PNG
2009-12-02 01:28 . 2009-12-02 01:28 1326 ----a-w- c:\program files\i5\btn_sign_in_over.PNG
2009-12-02 01:28 . 2009-12-02 01:28 1080 ----a-w- c:\program files\i5\Classifieds.png
2009-12-02 01:28 . 2009-12-02 01:28 1234 ----a-w- c:\program files\i5\CloseImage.bmp
2009-12-02 01:28 . 2009-12-02 01:28 26987 ----a-w- c:\program files\i5\CloseImage.png
2009-12-02 01:28 . 2009-12-02 01:28 512 ----a-w- c:\program files\i5\cog.png
2009-12-02 01:28 . 2009-12-02 01:28 775 ----a-w- c:\program files\i5\computer_delete.png
2009-12-02 01:28 . 2009-12-02 01:28 328 ----a-w- c:\program files\i5\cross.png
2009-12-02 01:28 . 2009-12-02 01:28 707 ----a-w- c:\program files\i5\Enter.png
2009-12-02 01:28 . 2009-12-02 01:28 934 ----a-w- c:\program files\i5\ER.png
2009-12-02 01:28 . 2009-12-02 01:28 1224 ----a-w- c:\program files\i5\header_sign_in.PNG
2009-12-02 01:28 . 2009-12-02 01:28 174134 ----a-w- c:\program files\i5\icons.bmp
2009-12-02 01:28 . 2009-12-02 01:28 296 ----a-w- c:\program files\i5\lock.gif
2009-12-02 01:28 . 2009-12-02 01:28 735 ----a-w- c:\program files\i5\Login.png
2009-12-02 01:28 . 2009-12-02 01:28 5136 ----a-w- c:\program files\i5\Logo.png
2009-12-02 01:28 . 2009-12-02 01:28 4049 ----a-w- c:\program files\i5\logout.js
2009-12-02 01:28 . 2009-12-02 01:28 2720 ----a-w- c:\program files\i5\Logo_bar.gif
2009-12-02 01:28 . 2009-12-02 01:28 5974 ----a-w- c:\program files\i5\Logo_hot.bmp
2009-12-02 01:28 . 2009-12-02 01:28 1894 ----a-w- c:\program files\i5\MyCrowd.bmp
2009-12-02 01:28 . 2009-12-02 01:28 765 ----a-w- c:\program files\i5\MyMoney.png
2009-12-02 01:28 . 2009-12-02 01:28 209 ----a-w- c:\program files\i5\myshare.css
2009-12-02 01:28 . 2009-12-02 01:28 736 ----a-w- c:\program files\i5\next.png
2009-12-02 01:28 . 2009-12-02 01:28 650 ----a-w- c:\program files\i5\notifyLogin.htm
2009-12-02 01:28 . 2009-12-02 01:28 9300 ----a-w- c:\program files\i5\notifyLogin.png
2009-12-02 01:28 . 2009-12-02 01:28 717 ----a-w- c:\program files\i5\play.png
2009-12-02 01:28 . 2009-12-02 01:28 721 ----a-w- c:\program files\i5\pouse.png
2009-12-02 01:28 . 2009-12-02 01:28 651 ----a-w- c:\program files\i5\radio_01.gif
2009-12-02 01:28 . 2009-12-02 01:28 641 ----a-w- c:\program files\i5\radio_02.gif
2009-12-02 01:28 . 2009-12-02 01:28 149 ----a-w- c:\program files\i5\radio_03.gif
2009-12-02 01:28 . 2009-12-02 01:28 645 ----a-w- c:\program files\i5\radio_on_01.gif
2009-12-02 01:28 . 2009-12-02 01:28 637 ----a-w- c:\program files\i5\radio_on_02.gif
2009-12-02 01:28 . 2009-12-02 01:28 691 ----a-w- c:\program files\i5\rss.png
2009-12-02 01:28 . 2009-12-02 01:28 610 ----a-w- c:\program files\i5\Search.png
2009-12-02 01:28 . 2009-12-02 01:28 736 ----a-w- c:\program files\i5\searchrun.js
2009-12-02 01:28 . 2009-12-02 01:28 548 ----a-w- c:\program files\i5\share.png
2009-12-02 01:28 . 2009-12-02 01:28 21636 ----a-w- c:\program files\i5\sign_in.png
2009-12-02 01:28 . 2009-12-02 01:28 43 ----a-w- c:\program files\i5\spaclear.gif
2009-12-02 01:28 . 2009-12-02 01:28 1034 ----a-w- c:\program files\i5\split.gif
2009-12-02 01:28 . 2009-12-02 01:28 1036 ----a-w- c:\program files\i5\spliton.gif
2009-12-02 01:28 . 2009-12-02 01:28 1033 ----a-w- c:\program files\i5\splitw.gif
2009-12-02 01:28 . 2009-12-02 01:28 1031 ----a-w- c:\program files\i5\splitwon.gif
2009-12-02 01:28 . 2009-12-02 01:28 206 ----a-w- c:\program files\i5\stations.js
2009-11-20 19:05 . 2009-11-20 19:05 411648 ----a-w- c:\program files\i5\loginmanager_plugin.dll
2009-10-28 00:47 . 2009-10-28 00:47 818 ----a-w- c:\program files\i5\myshare.xul


((((((((((((((((((((((((((((( SnapShot@2010-04-03_17.48.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-04 02:50 . 2010-04-04 02:50 16384 c:\windows\Temp\Perflib_Perfdata_b54.dat
+ 2010-04-04 02:50 . 2010-04-04 02:50 16384 c:\windows\Temp\Perflib_Perfdata_9b8.dat
+ 2010-04-04 02:50 . 2010-04-04 02:50 16384 c:\windows\Temp\Perflib_Perfdata_910.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"msplyi4d"="c:\documents and settings\Owner\Application Data\msplyi4d\msplyi4d.exe" [2010-03-28 373693]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"SetDefPrt"="c:\program files\Brother\Brmflp03\BrStDvPt.exe" [2003-03-28 45056]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-04-04 492840]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-08-01 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2008-08-01 393216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CafeNews"="c:\program files\CafeNews\CN.exe" [2008-07-22 1228800]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
setup_9.0.0.722_01.04.2010_19-04.lnk - c:\documents and settings\Owner\Desktop\Virus\Virus Removal Tool\setup_9.0.0.722_01.04.2010_19-04\startup.exe [2010-4-1 72208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 01:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 20:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 18:44 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2005-04-13 22:34 49152 ------w- c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-02 14:41 1519616 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 14:00 1116920 ------w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R0 11300562;11300562 Boot Guard Driver;c:\windows\system32\drivers\11300562.sys [4/1/2010 12:44 PM 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/20/2010 11:02 AM 685816]
R1 11300561;11300561;c:\windows\system32\drivers\11300561.sys [4/1/2010 12:44 PM 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/15/2010 1:52 PM 162640]
R1 setup_9.0.0.722_01.04.2010_19-04drv;setup_9.0.0.722_01.04.2010_19-04drv;c:\windows\system32\drivers\1130056.sys [4/1/2010 12:44 PM 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/15/2010 1:52 PM 19024]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 4:27 AM 29262680]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 7:55 PM 3968]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 2:57 PM 70952]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [7/31/2008 9:04 PM 81920]
S2 FlexService;Remote Connections Service; [x]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2/16/2010 1:32 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2/16/2010 1:30 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/16/2010 1:32 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/16/2010 1:32 PM 10368]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-03 c:\windows\Tasks\User_Feed_Synchronization-{5B7043C9-1BF9-460F-8C5F-CD452202DD4A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = onet.pl/
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D} - c:\program files\i5 Browser Button\BolotoIEToolbar.dll
IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - c:\program files\Techland\Common\InternetTranslator\InternetTranslator.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tz3p0onm.default\
FF - prefs.js: browser.startup.homepage - hxxp://chomikuj.pl
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11145&client_id=d48af2bca8b99e34aeb88868&camp_id=324&install_time=2010-03-22T11:28Z&tb_version=2.4.2000%28F%29&pr=auto&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tz3p0onm.default\extensions\{ACA8F056-3300-45C0-A840-7FA4A93BE78F}\components\bhelper.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcnmozillainterface.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{74549586-617F-448D-A0B9-332AF8FCAF21} - c:\program files\i5 Browser Button\BolotoIEToolbar.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 22:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8AEFB8AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba67dcb8
\Driver\atapi -> atapi.sys @ 0xba638b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Broadcom NetLink (TM) Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xba52bbb0
PacketIndicateHandler -> NDIS.sys @ 0xba538a21
SendHandler -> NDIS.sys @ 0xba51687b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\mssql\BinnMSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-03 22:59:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-04 02:59
ComboFix2.txt 2010-04-03 17:57

Pre-Run: 39,570,825,216 bytes free
Post-Run: 39,591,800,832 bytes free

- - End Of File - - 50E3F23EAE74B697ADF2CD7FDBA1410D


Report •

#16
April 3, 2010 at 20:12:53
File has already been analysed:
MD5: c0b0cb9652d0f5dfbdcbdf8228c35f2c
First received: 2010.03.29 10:37:14 UTC
Date: 2010.03.29 10:37:14 UTC [>5D]
Results: 4/42
Permalink: analisis/91e68a3afa3c8f1c2a39007e67cf6bb7aae6d65a930c7ed04dcba5af209dedb0-1269859034

Report •

#17
April 3, 2010 at 20:38:02
Run the file again on Virus Total and be sure to click the re-analyze button. You should get a list of various antivirus mfgs. and their info on the msplyi4d.exe file.

Report •

#18
April 3, 2010 at 20:55:05
It is a baddie.

As you can see several files/folders have been recreated by the virus, thus the reason for the extra hard look at the logs.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\documents and settings\Owner\Application Data\msplyi4d\msplyi4d.exe
c:\documents and settings\Owner\Application Data\msplyi4d\config.ini

Folder::
c:\documents and settings\Owner\Application Data\msplyi4d

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msplyi4d"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#19
April 4, 2010 at 03:04:06
File msplyi4d.exe received on 2010.04.04 10:02:02 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 9/42 (21.43%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 49 and 70 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.04 Trojan.SuspectCRC!IK
AhnLab-V3 5.0.0.2 2010.04.03 -
AntiVir 7.10.6.24 2010.04.03 -
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.03 -
Avast 4.8.1351.0 2010.04.03 -
Avast5 5.0.332.0 2010.04.03 -
AVG 9.0.0.787 2010.04.04 Generic2_c.XAA
BitDefender 7.2 2010.04.04 -
CAT-QuickHeal 10.00 2010.04.03 -
ClamAV 0.96.0.0-git 2010.04.03 -
Comodo 4495 2010.04.04 Heur.Suspicious
DrWeb 5.0.2.03300 2010.04.04 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet None 2010.04.02 -
F-Prot 4.5.1.85 2010.04.03 -
F-Secure 9.0.15370.0 2010.04.03 -
Fortinet 4.0.14.0 2010.04.03 -
GData 19 2010.04.04 -
Ikarus T3.1.1.80.0 2010.04.04 Trojan.SuspectCRC
Jiangmin 13.0.900 2010.04.04 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.04 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.03 -
Microsoft 1.5605 2010.04.04 -
NOD32 4997 2010.04.03 -
Norman 6.04.10 2010.04.03 -
nProtect 2009.1.8.0 2010.04.04 -
Panda 10.0.2.2 2010.04.03 Suspicious file
PCTools 7.0.3.5 2010.04.04 -
Prevx 3.0 2010.04.04 Low Risk Adware
Rising 22.41.04.05 2010.04.02 -
Sophos 4.52.0 2010.04.04 -
Sunbelt 6136 2010.04.04 Trojan.Win32.Generic!SB.0
Symantec 20091.2.0.41 2010.04.04 Suspicious.Insight
TheHacker 6.5.2.0.252 2010.04.04 -
TrendMicro 9.120.0.1004 2010.04.04 -
VBA32 3.12.12.4 2010.04.02 -
ViRobot 2010.4.3.2259 2010.04.04 Trojan.Win32.Autoit.373721
VirusBuster 5.0.27.0 2010.04.03 -
Additional information
File size: 373693 bytes
MD5...: c0b0cb9652d0f5dfbdcbdf8228c35f2c
SHA1..: 946e4eb6ee8cca19ffc6751cc24f546ba34e198e
SHA256: 91e68a3afa3c8f1c2a39007e67cf6bb7aae6d65a930c7ed04dcba5af209dedb0
ssdeep: 6144:vCxOET2PRA8A3bLeQh81uhTx8+WYbwWVJqjhLzgAmw7VFyJ4IN2GpPGbxHR
8Fg:v1PO8MeQh81uhNmq+jhfgKBC0uObxKFg

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xb51c0
timedatestamp.....: 0x4b2a6d7c (Thu Dec 17 17:42:20 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x72000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x73000 0x43000 0x42400 7.93 f96b025fd9e19e2fb532b48f09951137
.rsrc 0xb6000 0x8000 0x7400 5.90 04f42862c50b79dd844d7523aa14dbc4

( 16 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: GetAce
> COMCTL32.dll: ImageList_Remove
> COMDLG32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetGetConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> PSAPI.DLL: EnumProcesses
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> USERENV.dll: LoadUserProfileW
> VERSION.dll: VerQueryValueW
> WININET.dll: FtpOpenFileW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
packers (Kaspersky): PE_Patch.UPX, UPX
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..:
original name: n/a
internal name: n/a
file version.: 3, 3, 2, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://info.prevx.com/aboutprogramtext.asp?PX5=2E08D4DEBD895CC3B30305EF897665004765A4B8
packers (F-Prot): UPX


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


Report •

#20
April 4, 2010 at 04:18:46
ComboFix 10-04-02.01 - Owner 04/04/2010 6:54.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3039.2199 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Owner\Application Data\msplyi4d\config.ini"
"c:\documents and settings\Owner\Application Data\msplyi4d\msplyi4d.exe"
.

((((((((((((((((((((((((( Files Created from 2010-03-04 to 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-03 17:06 . 2010-04-03 17:06 -------- d-----w- C:\_OTL
2010-04-03 11:19 . 2010-04-03 11:19 1402368 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-04-03 11:16 . 2010-04-03 11:16 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-04-03 11:16 . 2010-04-03 11:17 -------- d-----w- c:\program files\XSitePro2
2010-04-02 19:33 . 2010-04-02 19:34 -------- d-----w- c:\program files\InterActual
2010-04-02 19:19 . 2010-04-02 19:19 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-02 19:15 . 2010-04-02 19:15 -------- d-----w- c:\program files\Google
2010-04-02 11:50 . 2010-04-02 11:50 -------- d-----w- c:\windows\system32\Xara
2010-04-02 11:50 . 2003-10-17 18:03 876544 ----a-w- c:\windows\system32\XaraDocG.dll
2010-04-02 11:50 . 2003-11-13 16:13 118784 ----a-w- c:\windows\system32\XMUpload.dll
2010-04-02 11:50 . 2003-10-17 18:03 126976 ----a-w- c:\windows\system32\TemplMan.dll
2010-04-02 11:50 . 2003-10-14 19:49 253952 ----a-w- c:\windows\system32\TemplOp.dll
2010-04-02 11:50 . 2003-10-06 18:45 23552 ----a-w- c:\windows\system32\XFontMan.dll
2010-04-02 11:50 . 2003-10-01 18:49 131072 ----a-w- c:\windows\system32\BmpImporter.dll
2010-04-02 11:50 . 2003-05-19 20:18 86016 ----a-w- c:\windows\system32\BinCoder.dll
2010-04-02 11:50 . 2010-04-02 11:50 -------- d-----w- c:\program files\Xara
2010-04-02 09:02 . 2002-01-10 07:01 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-04-01 16:44 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\11300562.sys
2010-04-01 16:44 . 2009-10-10 03:31 315408 ----a-w- c:\windows\system32\drivers\1130056.sys
2010-04-01 16:44 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\11300561.sys
2010-03-31 12:15 . 2010-03-31 12:15 -------- d-----w- c:\documents and settings\Owner\Application Data\AnvSoft
2010-03-30 20:05 . 2010-03-30 20:05 -------- d-----w- c:\program files\LEC
2010-03-30 19:58 . 2010-03-30 20:20 -------- d-----w- c:\program files\Power Translator 12
2010-03-30 14:04 . 2010-03-30 14:04 -------- d-----w- c:\program files\Enigma Software Group
2010-03-29 16:12 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-29 16:12 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-29 16:12 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-29 16:12 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-29 16:12 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-29 16:12 . 2010-04-03 12:20 -------- d-----w- c:\program files\Trojan Remover
2010-03-29 16:12 . 2010-03-29 16:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
2010-03-29 16:12 . 2010-03-29 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-29 15:21 . 2010-03-29 15:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-29 15:21 . 2010-03-29 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-28 22:59 . 2010-04-03 06:38 303097 ----a-w- c:\documents and settings\Owner\mpod.exe
2010-03-28 22:59 . 2010-03-28 22:59 373693 ------w- c:\documents and settings\Owner\msplyi4d.exe
2010-03-28 13:23 . 2010-03-28 13:23 -------- d-----w- c:\program files\TrendyFlash Site Builder
2010-03-28 13:17 . 2010-03-28 13:17 -------- d-----w- c:\program files\TrendyFlash Intro Builder
2010-03-27 13:54 . 2010-03-27 13:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Scansoft
2010-03-27 13:50 . 2010-03-27 13:50 -------- d-----w- c:\program files\SAP Manage
2010-03-27 13:46 . 2010-03-27 13:46 -------- d-----w- C:\Mssql
2010-03-27 13:23 . 2010-03-31 10:54 -------- d-----w- c:\windows\speech
2010-03-27 12:52 . 2010-03-27 12:52 -------- d-----w- c:\program files\FLVCodec
2010-03-26 18:10 . 2010-03-26 18:10 -------- d-----w- c:\windows\Replay Video Capture
2010-03-26 18:10 . 2010-03-26 18:10 -------- d-----w- c:\program files\Replay Video Capture
2010-03-25 13:08 . 2010-04-04 01:27 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-03-25 13:08 . 2010-04-04 01:27 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-03-25 13:06 . 2010-04-04 01:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\mdnslib
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\windows\Applian Director
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\program files\Applian Director
2010-03-25 13:05 . 2010-04-04 03:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FLVService
2010-03-25 13:05 . 2010-04-04 02:19 -------- d-----w- c:\program files\Replay Media Catcher
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-----w- c:\windows\Replay Media Catcher
2010-03-24 23:12 . 2010-03-24 23:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Thinstall
2010-03-24 14:44 . 2010-03-24 14:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-24 12:48 . 2010-03-24 12:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Zoner
2010-03-22 15:05 . 2010-03-22 15:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-22 12:13 . 2010-03-30 14:08 -------- d-----w- c:\program files\CRM-Express Professional
2010-03-21 17:32 . 2010-04-04 02:27 -------- d-----w- c:\program files\i5 Browser Button
2010-03-21 16:00 . 2010-03-27 12:52 -------- d-----w- c:\program files\WinPcap
2010-03-21 15:50 . 2010-03-27 10:26 -------- d-----w- c:\program files\Neoretix
2010-03-21 14:54 . 2010-04-03 17:41 -------- d-----w- c:\program files\i5
2010-03-20 15:21 . 2010-03-20 15:21 -------- d-----w- c:\documents and settings\Owner\Application Data\POLENG4
2010-03-20 15:18 . 2010-03-20 15:18 -------- d-----w- c:\program files\poleng
2010-03-20 15:06 . 2010-03-20 15:06 -------- d-----w- c:\program files\Alcohol Soft
2010-03-20 15:02 . 2010-03-20 15:02 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-20 11:36 . 2010-03-20 12:19 -------- d-----w- c:\program files\WebSite X5 Evolution
2010-03-20 11:34 . 2009-05-14 20:26 207872 ----a-w- c:\windows\system32\iwpsetup.exe
2010-03-20 11:34 . 1997-01-16 04:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2010-03-19 22:24 . 2010-03-27 22:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-03-19 22:24 . 2010-03-19 22:24 -------- d-----w- c:\program files\Common Files\Skype
2010-03-19 22:24 . 2010-03-19 22:24 -------- d-----r- c:\program files\Skype
2010-03-19 21:20 . 2010-03-19 21:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\tjnet
2010-03-19 17:01 . 2010-03-23 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\regcure
2010-03-16 23:46 . 2010-03-16 23:46 -------- d-----w- C:\WFINST
2010-03-16 17:15 . 2010-03-16 17:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nero
2010-03-16 13:47 . 2010-03-16 14:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Web Page Maker
2010-03-16 13:47 . 2010-03-16 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Web Page Maker
2010-03-16 13:47 . 2010-03-16 13:47 -------- d-----w- c:\program files\Web Page Maker
2010-03-16 12:40 . 2010-03-16 12:55 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2010-03-16 12:40 . 2008-04-14 04:15 60032 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-16 12:40 . 2008-04-14 04:15 60032 ------w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\documents and settings\Owner\Application Data\eSkiMoS R2
2010-03-16 12:15 . 2010-03-20 10:43 -------- d-----w- c:\program files\eSkiMoS R2
2010-03-15 13:26 . 2010-03-15 13:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Micrografx
2010-03-14 11:32 . 2010-03-14 11:32 -------- d-----w- c:\program files\Nuclear Coffee
2010-03-14 11:13 . 2010-03-14 11:24 -------- d-----w- c:\program files\EZPhotoCalendarCreatorPlus
2010-03-12 14:31 . 2010-03-12 14:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SDL
2010-03-12 14:31 . 2010-03-12 14:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SDL
2010-03-12 14:24 . 2010-03-12 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SDL International
2010-03-12 14:22 . 2010-03-12 14:23 -------- d-----w- c:\program files\Common Files\SDL
2010-03-12 14:20 . 2010-03-12 17:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Passolo 2009
2010-03-12 14:20 . 2010-03-12 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Passolo 2009
2010-03-12 14:20 . 2003-04-18 21:29 44544 ------w- c:\windows\system32\msxml4a.dll
2010-03-12 14:19 . 2010-03-30 14:08 -------- d-----w- c:\program files\SDL Passolo 2009
2010-03-12 14:08 . 2010-03-12 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SDL
2010-03-12 14:08 . 2010-03-12 14:22 -------- d-----w- c:\program files\SDL
2010-03-12 12:28 . 2010-03-12 12:28 -------- d-----w- c:\documents and settings\All Users\Menu Start
2010-03-12 02:04 . 2010-03-12 02:04 -------- d-----w- c:\documents and settings\Owner\Application Data\InterVideo
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ashampoo
2010-03-12 00:12 . 2010-03-12 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-03-12 00:11 . 2010-03-12 00:11 -------- d-----w- c:\program files\Ashampoo
2010-03-12 00:02 . 2010-03-12 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-03-11 23:56 . 2010-03-12 00:10 -------- d-----w- c:\program files\SlySoft
2010-03-11 20:57 . 2010-03-12 00:10 -------- d-----w- c:\program files\Easy Avi Divx Xvid to DVD Burner
2010-03-11 12:18 . 2010-03-11 12:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\photoOptimizeHistoryDataBase
2010-03-11 12:18 . 2010-03-11 12:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ashampoo Photo Optimizer 2
2010-03-11 11:58 . 2010-03-11 12:17 -------- d-----w- c:\program files\Recomposit
2010-03-10 10:31 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 14:53 . 2010-03-06 14:53 -------- d--h--w- c:\windows\PIF
2010-03-05 15:19 . 2010-03-05 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Classifieds Searcher
2010-03-05 14:54 . 2010-03-05 14:54 -------- d-----w- c:\documents and settings\Owner\PressService
2010-03-05 14:54 . 2010-03-30 14:08 -------- d-----w- c:\program files\CafeNews

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 11:08 . 2010-02-21 02:29 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-04 04:00 . 2010-02-15 16:14 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-04-04 02:26 . 2010-02-20 01:21 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-04-03 12:17 . 2010-02-18 23:24 -------- d-----w- c:\program files\RegCure
2010-04-02 19:34 . 2010-02-15 17:49 142760 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 19:20 . 2010-02-15 16:10 -------- d-----w- c:\program files\Roxio
2010-04-02 19:20 . 2010-02-15 16:10 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-02 19:17 . 2010-02-17 11:05 -------- d-----w- c:\program files\SightSpeed
2010-04-02 19:12 . 2010-02-17 11:03 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-02 19:11 . 2010-02-17 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-02 11:50 . 2010-02-15 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 12:14 . 2010-02-16 16:58 -------- d-----w- c:\program files\Opera
2010-03-31 13:07 . 2010-02-18 12:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
2010-03-31 12:15 . 2010-03-01 13:45 -------- d-----w- c:\program files\Any Audio Converter
2010-03-31 10:52 . 2010-02-16 17:26 -------- d-----w- c:\program files\Common Files\scansoft shared
2010-03-30 14:08 . 2010-02-22 01:12 -------- d-----w- c:\program files\WYSIWYG Web Builder 6
2010-03-30 14:08 . 2010-02-18 15:12 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-30 14:08 . 2010-02-20 11:35 -------- d-----w- c:\program files\MagicISO
2010-03-30 14:08 . 2010-02-18 12:50 -------- d-----w- c:\program files\MetaTrader - CMS Forex
2010-03-30 14:08 . 2010-02-27 11:41 -------- d-----w- c:\program files\Quicken
2010-03-30 14:08 . 2010-02-21 01:02 -------- d-----w- c:\program files\Replay AV 8
2010-03-28 11:39 . 2010-03-28 11:31 -------- d-----w- c:\program files\Business Letter Professional
2010-03-28 01:32 . 2010-02-17 17:55 1097048 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-27 20:21 . 2010-02-16 19:23 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-03-27 09:28 . 2010-02-16 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-20 08:46 . 2010-02-26 23:46 -------- d-----w- c:\program files\Techland
2010-03-19 22:24 . 2010-02-16 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-18 10:53 . 2010-03-01 13:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Audio Converter
2010-03-17 22:20 . 2010-02-17 11:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2010-03-12 18:16 . 2010-02-16 19:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-12 18:01 . 2010-03-04 21:05 -------- d-----w- c:\program files\RapidBIT
2010-03-12 14:21 . 2010-02-15 16:08 -------- d-----w- c:\program files\Java
2010-03-11 08:03 . 2010-02-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 11:24 . 2010-02-15 17:51 153184 ------w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-15 17:52 46672 ------w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-15 17:52 162640 ------w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-15 17:52 23376 ------w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-15 17:52 100432 ------w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-15 17:52 94800 ------w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-15 17:52 19024 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-15 17:52 28880 ------w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 21:09 . 2010-03-01 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Craigslist Ultimate Reader
2010-03-04 21:07 . 2010-03-04 21:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Artisteer
2010-03-03 11:52 . 2010-03-03 11:51 -------- d-----w- c:\program files\PhotoInstrument
2010-03-02 22:04 . 2010-02-19 01:37 72080 ------w- c:\documents and settings\Owner\g2mdlhlpx.exe
2010-03-02 15:00 . 2010-03-02 15:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Individual Software
2010-03-02 14:47 . 2010-03-02 14:47 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenFM
2010-03-02 10:19 . 2010-02-28 19:56 -------- d-----w- c:\program files\Microsoft Works
2010-03-02 10:14 . 2010-02-21 01:55 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-01 19:04 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-03-01 15:59 . 2010-03-01 15:53 -------- d-----w- c:\program files\Graboid
2010-03-01 15:58 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Launcher
2010-03-01 15:58 . 2010-03-01 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Graboid Inc
2010-03-01 15:57 . 2010-03-01 15:57 -------- d-----w- c:\documents and settings\Owner\Application Data\MozillaControl
2010-03-01 15:53 . 2010-03-01 15:53 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-03-01 15:53 . 2010-03-01 15:53 -------- d-----w- c:\program files\VideoLAN
2010-03-01 14:03 . 2010-03-01 14:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Softplicity
2010-03-01 14:03 . 2010-03-01 14:03 -------- d-----w- c:\program files\TotalAudioConverter
2010-03-01 12:28 . 2010-03-01 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software
2010-03-01 12:26 . 2010-03-01 12:26 -------- d-----w- c:\program files\Common Files\Individual Software
2010-03-01 12:26 . 2010-03-01 12:26 -------- d-----w- c:\program files\Individual Software
2010-02-28 20:15 . 2010-02-28 20:15 -------- d-----w- c:\program files\Microsoft Expression
2010-02-28 19:56 . 2010-02-15 17:07 -------- d-----w- c:\program files\MSBuild
2010-02-28 19:50 . 2010-02-28 19:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-28 17:14 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\Owner\Application Data\ipla
2010-02-28 17:13 . 2010-02-28 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ipla
2010-02-28 17:12 . 2010-02-28 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Gadu-Gadu 10
2010-02-28 17:12 . 2010-02-28 17:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Gadu-Gadu 10
2010-02-27 11:52 . 2010-02-27 11:49 -------- d-----w- c:\program files\Common Files\Config
2010-02-27 11:48 . 2010-02-27 11:48 -------- d-----w- c:\program files\Common Files\Inet
2010-02-27 11:42 . 2010-02-27 11:42 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-02-27 11:41 . 2010-02-27 11:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Intuit
2010-02-27 11:41 . 2010-02-21 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-02-27 10:44 . 2010-02-27 10:43 -------- d-----w- c:\program files\Nevitium 1.4
2010-02-27 10:43 . 2010-02-27 10:43 72192 ------w- c:\windows\SSEUninstaller.exe
2010-02-26 13:00 . 2010-02-26 13:00 -------- d-----w- c:\program files\Studio Astropsychologii
2010-02-26 12:55 . 2010-02-26 12:55 -------- d-----w- c:\program files\G DATA Software
2010-02-25 15:19 . 2010-02-25 15:19 -------- d-----w- c:\program files\DsNET Corp
2010-02-25 11:27 . 2010-02-25 11:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Corel
2010-02-25 06:24 . 2006-04-30 05:11 916480 ------w- c:\windows\system32\wininet.dll
2010-02-22 13:52 . 2010-02-22 13:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2010-02-22 13:32 . 2010-02-22 13:11 -------- d-----w- c:\program files\Common Files\Nero
2010-02-22 13:23 . 2010-02-22 13:12 -------- d-----w- c:\program files\Nero
2010-02-22 13:22 . 2010-02-22 13:22 -------- d-----w- c:\program files\Windows Sidebar
2010-02-22 13:17 . 2010-02-22 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-22 12:56 . 2010-02-22 12:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Nowe Gadu-Gadu
2010-02-22 12:49 . 2010-02-22 12:49 -------- d-----w- c:\program files\Ratajik Software
2010-02-22 01:12 . 2010-02-21 01:02 737280 ------w- c:\windows\iun6002.exe
2010-02-21 02:35 . 2010-02-21 02:29 88 --sh--r- c:\documents and settings\All Users\Application Data\1C6520113A.sys
2010-02-21 02:29 . 2010-02-21 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ACT
2010-02-21 02:29 . 2010-02-21 02:29 -------- d-----w- c:\documents and settings\Owner\Application Data\IsolatedStorage
2010-02-21 02:17 . 2010-02-21 02:17 -------- d-----w- c:\program files\Common Files\Protexis
2010-02-21 02:12 . 2010-02-15 17:50 -------- d-----w- c:\program files\Microsoft.NET
2010-02-21 02:10 . 2010-02-21 02:10 -------- d-----w- c:\program files\MSXML 6.0
2010-02-21 01:55 . 2010-02-21 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\ACT
2010-02-21 01:55 . 2010-02-21 01:55 -------- d-----w- c:\program files\ACT
2010-02-21 01:03 . 2010-02-21 01:03 -------- d-----w- c:\program files\YouSendIt
2010-02-21 01:02 . 2010-02-21 01:02 -------- d-----w- c:\program files\Replay Converter
2010-02-21 00:14 . 2010-02-21 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11
2010-02-21 00:07 . 2010-02-21 00:06 -------- d-----w- c:\program files\Common Files\Intuit
2007-03-09 08:12 . 2007-03-09 08:12 27648 --sh--w- c:\windows\system32\AVSredirect.dll
.


Report •

#21
April 4, 2010 at 04:19:12
((((((((((((((((((((((((((((( SnapShot@2010-04-03_17.48.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-04 11:07 . 2010-04-04 11:07 16384 c:\windows\temp\Perflib_Perfdata_c3c.dat
+ 2010-04-04 11:07 . 2010-04-04 11:07 16384 c:\windows\temp\Perflib_Perfdata_b94.dat
+ 2010-04-04 11:06 . 2010-04-04 11:06 16384 c:\windows\temp\Perflib_Perfdata_b10.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ------w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"SetDefPrt"="c:\program files\Brother\Brmflp03\BrStDvPt.exe" [2003-03-28 45056]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-04-04 492840]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-08-01 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2008-08-01 393216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CafeNews"="c:\program files\CafeNews\CN.exe" [2008-07-22 1228800]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
setup_9.0.0.722_01.04.2010_19-04.lnk - c:\documents and settings\Owner\Desktop\Virus\Virus Removal Tool\setup_9.0.0.722_01.04.2010_19-04\startup.exe [2010-4-1 72208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 01:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 20:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 18:44 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2005-04-13 22:34 49152 ------w- c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-02 14:41 1519616 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 14:00 1116920 ------w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R0 11300562;11300562 Boot Guard Driver;c:\windows\system32\drivers\11300562.sys [4/1/2010 12:44 PM 37392]
R1 11300561;11300561;c:\windows\system32\drivers\11300561.sys [4/1/2010 12:44 PM 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/15/2010 1:52 PM 162640]
R1 setup_9.0.0.722_01.04.2010_19-04drv;setup_9.0.0.722_01.04.2010_19-04drv;c:\windows\system32\drivers\1130056.sys [4/1/2010 12:44 PM 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/15/2010 1:52 PM 19024]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 4:27 AM 29262680]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 7:55 PM 3968]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 2:57 PM 70952]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [7/31/2008 9:04 PM 81920]
S2 FlexService;Remote Connections Service; [x]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2/16/2010 1:32 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2/16/2010 1:30 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/16/2010 1:32 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/16/2010 1:32 PM 10368]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/20/2010 11:02 AM 685816]
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-04 c:\windows\Tasks\User_Feed_Synchronization-{5B7043C9-1BF9-460F-8C5F-CD452202DD4A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = onet.pl/
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D} - c:\program files\i5 Browser Button\BolotoIEToolbar.dll
IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - c:\program files\Techland\Common\InternetTranslator\InternetTranslator.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tz3p0onm.default\
FF - prefs.js: browser.startup.homepage - hxxp://chomikuj.pl
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11145&client_id=d48af2bca8b99e34aeb88868&camp_id=324&install_time=2010-03-22T11:28Z&tb_version=2.4.2000%28F%29&pr=auto&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tz3p0onm.default\extensions\{ACA8F056-3300-45C0-A840-7FA4A93BE78F}\components\bhelper.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcnmozillainterface.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 07:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\mssql\BinnMSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2010-04-04 07:16:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-04 11:16
ComboFix2.txt 2010-04-04 10:46
ComboFix3.txt 2010-04-04 02:59
ComboFix4.txt 2010-04-03 17:57

Pre-Run: 39,554,129,920 bytes free
Post-Run: 39,512,477,696 bytes free

- - End Of File - - A1A6EAA9B1695F77DC8D13CCED3C2EFA


Report •

#22
April 4, 2010 at 05:55:29
Much better..

Delete DDS from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Please run both tmp file cleaners.

Please download TFC by Old Timer from the following link and save it to your desktop.

TFC by Old Timer



1. Save any unsaved work. TFC will close ALL open programs including your browser

2. Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.

3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

4. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#23
April 4, 2010 at 06:57:58
Thank you so much! Your assistance is priceless!
Happy Easter.
Les

Report •

#24
April 4, 2010 at 07:05:01
Happy Easter Les...jabuck

Report •

Ask Question