Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

username.exe Trojan [Solved]

Started by Snicla , Oct 14 2009 08:09 AM

  • This topic is locked This topic is locked

#1
Snicla
Posted 14 October 2009 - 08:09 AM

Snicla

    New Member

  • Member
  • Pip
  • 6 posts
Hey guys,

I've somehow picked up the username.exe trojan, and it seems to be copying itself on to all of my external drives and trying to infect other computers. Can you please help me out with this? I'm a computer noob, but I can follow instructions. I have scanned the computer with MBAM and it didn't turn up anything.
  • 0

Advertisements

#2
handhfan
Posted 14 October 2009 - 08:51 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, Snicla, and welcome to GeeksToGo! Before I can help you, please do the following:

Please follow the steps in this topic, and post back with the following logs if you are still having problems and I will look over the log for you:

  • Malwarebytes' Anti-Malware log
  • OTL.txt and Extras.txt
  • RootRepeal.txt

If something doesn't work, make a note of it, and move on to the next step. Tell me if anything doesn't work, but make sure you tried everything first. :)
  • 0

#3
Snicla
Posted 14 October 2009 - 09:44 AM

Snicla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi handhfan,

Thank you for your help. I've done the following, downloaded MBAM, updated and scanned with it. It found 4 things. About to restart. Will scan with rest in a minute.


Edit: Ran OTL, pasted the 'Custom Scan/Fixes', Added OTL.txt, the Extras.txt file did not show up. Ran RootRepeal, Added RootRepeal.txt

Attached Files


Edited by Snicla, 14 October 2009 - 10:00 AM.

  • 0

#4
Snicla
Posted 14 October 2009 - 10:13 AM

Snicla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL logfile created on: 10/14/2009 12:12:14 PM - Run 4
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Miroslav\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 65.49% Memory free
2.10 Gb Paging File | 1.75 Gb Available in Paging File | 83.40% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.17 Gb Total Space | 10.07 Gb Free Space | 19.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 14.92 Gb Total Space | 14.26 Gb Free Space | 95.53% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIROSLAV
Current User Name: Miroslav
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/14 12:10:13 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miroslav\My Documents\Downloads\OTL.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/07/03 20:25:50 | 01,037,800 | ---- | M] (Pro Softnet Corporation) -- C:\IBackup for Windows\IBMonitor.exe
PRC - [2008/07/03 15:38:40 | 00,046,568 | ---- | M] ( Pro-Softnet) -- C:\IBackup for Windows\IBackupWebM.exe
PRC - [2008/06/23 19:50:14 | 00,124,392 | ---- | M] (Pro Softnet Corporation) -- C:\IBackup for Windows\IBWin Service_952.exe
PRC - [2008/06/23 19:45:58 | 00,034,280 | ---- | M] (Pro Softnet Corporation) -- C:\IBackup for Windows\IBackground_952.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/12 13:06:46 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/05/04 12:16:18 | 02,629,632 | ---- | M] (http://www.pbus-167.com) -- C:\Program Files\Notebook Hardware Control\nhc.exe
PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/04/05 21:52:52 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/04/05 21:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/01/31 17:35:42 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/01/31 17:35:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2004/10/12 17:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 17:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2003/08/29 05:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009/08/27 11:20:10 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/03 15:38:40 | 00,046,568 | ---- | M] ( Pro-Softnet) -- C:\IBackup for Windows\IBackupWebM.exe -- (IBackupWeb [Auto | Running])
SRV - [2008/06/23 19:50:14 | 00,124,392 | ---- | M] (Pro Softnet Corporation) -- C:\IBackup for Windows\IBWin Service_952.exe -- (IBWin Service [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2006/06/07 09:11:26 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/04/05 21:52:52 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090813W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.backup.ftp: "169.235.24.133"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "169.235.24.133"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "169.235.24.133"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "169.235.24.133"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "203.178.133.003 "
FF - prefs.js..network.proxy.ftp_port: 3124
FF - prefs.js..network.proxy.gopher: "203.178.133.003 "
FF - prefs.js..network.proxy.gopher_port: 3124
FF - prefs.js..network.proxy.http: "203.178.133.003 "
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "203.178.133.003 "
FF - prefs.js..network.proxy.socks_port: 3124
FF - prefs.js..network.proxy.ssl: "203.178.133.003 "
FF - prefs.js..network.proxy.ssl_port: 3124
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/22 13:32:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 10:00:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 14:29:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 12:18:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/10/14 10:27:13 | 00,000,000 | ---D | M]

[2008/08/26 14:53:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Extensions
[2008/08/26 14:53:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/14 10:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Firefox\Profiles\trrgrywx.default\extensions
[2009/09/10 09:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Firefox\Profiles\trrgrywx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/14 09:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Firefox\Profiles\trrgrywx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/09/28 11:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Firefox\Profiles\trrgrywx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/08/18 10:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Firefox\Profiles\trrgrywx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/05 10:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Firefox\Profiles\trrgrywx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/10/14 09:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\mozilla\Firefox\Profiles\trrgrywx.default\extensions\staged-xpis
[2009/10/14 10:07:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/08/10 10:37:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/10 12:18:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/22 13:33:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/23 08:34:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/19 13:09:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 12:18:00 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 12:18:00 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/10 12:18:02 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/12 13:06:57 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/09/24 16:07:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/09/24 16:07:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/09/24 16:07:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/09/24 16:07:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/09/24 16:07:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/09/24 16:07:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/09/24 16:07:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/12 13:07:09 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/04/12 13:06:53 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/06/30 12:11:48 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/30 12:11:48 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/30 12:11:48 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/30 12:11:48 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/30 12:11:48 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/30 12:11:48 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/30 12:11:48 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IBWin Background process] C:\IBackup for Windows\IBackground_952.exe (Pro Softnet Corporation)
O4 - HKLM..\Run: [IBWin Monitor] C:\IBackup for Windows\IBMonitor.exe (Pro Softnet Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logme...scueControl.cab (Rescue Technician Console)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by16fd.bay16....es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1129124097097 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.181.101.4 207.181.101.5
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/28 13:25:41 | 01,795,374 | ---- | M] (Pollen Software) - C:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2008/08/28 13:25:41 | 00,000,047 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/09/02 10:57:16 | 00,002,288 | ---- | M] () - C:\Autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{f5e184d4-8a50-11dd-a5da-0012f01e6987}\Shell - "" = AutoRun
O33 - MountPoints2\{f5e184d4-8a50-11dd-a5da-0012f01e6987}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f5e184d4-8a50-11dd-a5da-0012f01e6987}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\Autorun.exe -- [2008/08/28 13:25:41 | 01,795,374 | ---- | M] (Pollen Software)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/14 10:26:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/10/14 10:24:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/10/14 10:26:26 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/10/14 11:27:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/13 15:45:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/14 10:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/10/14 12:08:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/14 11:28:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/14 11:27:59 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/14 10:25:37 | 00,227,344 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/10/14 09:22:37 | 00,000,000 | ---D | C] -- C:\HostsXpert
[2009/10/02 15:48:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\WLANProfiles
[2009/10/02 15:48:49 | 00,000,000 | -H-D | C] -- C:\Settings

========== Files - Modified Within 14 Days ==========

[2 C:\Documents and Settings\Miroslav\My Documents\*.tmp files]
[2009/10/14 11:53:52 | 02,007,072 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/14 11:53:50 | 00,016,760 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/10/14 11:50:39 | 00,491,552 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/10/14 11:50:39 | 00,002,760 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/10/14 11:48:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/14 11:46:36 | 00,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys
[2009/10/14 11:46:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/14 11:46:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/14 11:28:04 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/14 10:40:05 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/10/14 10:40:05 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/10/14 10:25:37 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/10/14 10:11:50 | 00,000,927 | ---- | M] () -- C:\Documents and Settings\Miroslav\Desktop\Revo Uninstaller.lnk
[2009/10/13 15:45:45 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Miroslav\Desktop\HijackThis.lnk
[2009/10/09 11:32:43 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Miroslav\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/09 11:06:33 | 16,704,512 | ---- | M] () -- C:\Documents and Settings\Miroslav\My Documents\TM Disc label.zdl
[2009/10/08 16:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/08 16:34:03 | 00,113,362 | ---- | M] () -- C:\Documents and Settings\Miroslav\Desktop\mailer_ringer_sept_14_09.jpg
[2009/10/06 09:58:55 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\Miroslav\My Documents\My Sharing Folders.lnk
[2009/10/05 12:06:35 | 00,072,183 | ---- | M] () -- C:\Documents and Settings\Miroslav\Desktop\freecookies001.jpg
[2009/10/02 15:48:49 | 00,000,516 | ---- | M] () -- C:\Settings.ini
[2009/09/30 14:09:08 | 00,031,643 | ---- | M] () -- C:\Documents and Settings\Miroslav\Desktop\hof.jpg

========== Files - No Company Name ==========
[2009/10/14 11:28:04 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/14 10:27:53 | 00,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/10/14 10:27:53 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/10/14 10:26:27 | 02,007,072 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/14 10:26:27 | 00,491,552 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/10/14 10:26:27 | 00,016,760 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/10/14 10:26:27 | 00,002,760 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/10/14 10:11:50 | 00,000,927 | ---- | C] () -- C:\Documents and Settings\Miroslav\Desktop\Revo Uninstaller.lnk
[2009/10/13 15:45:45 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Miroslav\Desktop\HijackThis.lnk
[2009/10/08 16:34:02 | 00,113,362 | ---- | C] () -- C:\Documents and Settings\Miroslav\Desktop\mailer_ringer_sept_14_09.jpg
[2009/10/05 12:06:34 | 00,072,183 | ---- | C] () -- C:\Documents and Settings\Miroslav\Desktop\freecookies001.jpg
[2009/10/02 15:48:49 | 00,000,516 | ---- | C] () -- C:\Settings.ini
[2009/09/30 14:09:07 | 00,031,643 | ---- | C] () -- C:\Documents and Settings\Miroslav\Desktop\hof.jpg
[2009/01/08 12:48:19 | 00,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/08/11 09:53:29 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/05 11:08:54 | 00,000,170 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/23 14:43:08 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Miroslav\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/14 16:28:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\IBPatch.dll
[2008/07/14 16:27:59 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IBSSubTmr.dll
[2008/07/11 09:29:47 | 00,135,392 | ---- | C] () -- C:\Documents and Settings\Miroslav\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/07/04 12:00:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Miroslav\Application Data\desktop.ini
[2008/07/04 12:00:39 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Miroslav\Application Data\QSPMShare
[2008/07/04 12:00:32 | 04,312,860 | -H-- | C] () -- C:\Documents and Settings\Miroslav\Local Settings\Application Data\IconCache.db
[2008/03/04 12:27:41 | 00,000,035 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll
[2008/03/04 12:27:33 | 00,000,001 | ---- | C] () -- C:\WINDOWS\tmtdla3z.dll
[2007/11/09 07:01:59 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/10/04 22:02:45 | 00,000,240 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/05/11 15:59:24 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/17 02:10:37 | 00,003,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/06 16:53:06 | 00,000,183 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/03/01 19:30:46 | 00,007,904 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2005/12/12 14:35:16 | 00,000,181 | ---- | C] () -- C:\WINDOWS\System32\Kedsp282.drv
[2005/12/02 17:11:49 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2005/11/05 16:53:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/10 11:37:24 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/05/02 09:51:22 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\Prtserv.dll
[2005/04/05 21:12:01 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/05 21:07:04 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/05 20:50:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/05 20:18:52 | 00,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 09:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 18:24:19 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 18:00:37 | 00,000,802 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/16 20:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL
[2002/01/11 10:59:08 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2009/10/14 10:26:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/09/24 09:25:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
[2008/09/24 16:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/17 10:11:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2008/08/05 11:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/17 15:31:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESTsoft
[2005/04/05 20:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2005/10/14 16:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MirrorFolder
[2005/05/04 13:21:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/01/18 10:16:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/02/02 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2004/08/11 18:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/10 09:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/09 10:47:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/11/17 10:49:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2007/04/23 14:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/21 09:55:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Miroslav\Application Data
[2008/11/17 10:28:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\AccurateRip
[2009/01/08 12:43:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Canon
[2009/10/13 14:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\CoreFTP
[2008/08/26 13:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\CyberLink
[2008/11/24 13:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\dBpoweramp
[2008/08/19 10:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\DeepBurner
[2009/05/07 15:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Download Manager
[2008/12/10 20:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\dvdcss
[2008/08/05 11:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\ESET
[2009/03/17 15:31:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\ESTsoft
[2009/07/03 15:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\gtk-2.0
[2009/06/24 15:04:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Inkscape
[2005/04/05 20:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Intel
[2008/07/30 10:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Leadertech
[2008/07/11 09:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\NCH Swift Sound
[2008/09/30 10:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\PenProtect
[2008/07/09 08:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Publish Providers
[2009/02/02 11:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\River Past G5
[2008/09/24 09:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Seven Zip
[2009/02/18 11:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Sony
[2008/07/18 13:47:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Sony Setup
[2008/08/05 13:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\TmpRecentIcons
[2008/12/10 18:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\U3
[2008/07/18 10:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\Ulead Systems
[2009/10/13 15:17:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\uTorrent
[2005/04/05 20:46:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Miroslav\Application Data\You've Got Pictures Screensaver
[2009/10/08 16:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/14 11:46:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/08/28 13:25:41 | 01,795,374 | ---- | M] (Pollen Software) -- C:\Autorun.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:664FE078
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C119EC96
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#5
handhfan
Posted 14 October 2009 - 11:49 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#6
Snicla
Posted 14 October 2009 - 02:58 PM

Snicla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have started the scan and it's taking it's sweet time. I will post the results tomorrow. Thanks again for your help.
  • 0

#7
handhfan
Posted 14 October 2009 - 10:16 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Okay, no problem. It's known to be a long, but very thorough scan. :)
  • 0

#8
Snicla
Posted 15 October 2009 - 06:50 AM

Snicla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
It definitely seems very thorough. I've finished running it and it didn't find anything. Which I hope means that the computer is clean now.
  • 0

#9
handhfan
Posted 15 October 2009 - 08:22 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Yes, if you are experiencing no other problems, you are looking good to go. :)

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Please update Adobe Reader, by downloading and installing Adobe Reader 9.2.

Next, let's clean your restore points and set a new one:

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!
  • 0

#10
Snicla
Posted 15 October 2009 - 01:49 PM

Snicla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, So I've done everything except the last stage, which is the system restore. Whenever I click on 'System Restore' the following message appears 'System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again.'

I've restarted twice since and am still unable to create a system restore point. Any ideas?

Edit: Google is a powerful tool. The service was disabled. Thank you very much for all of your help. The computer is working like a charm. Please consider this topic closed.

Edited by Snicla, 15 October 2009 - 01:57 PM.

  • 0

#11
handhfan
Posted 15 October 2009 - 02:22 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Glad you got it resolved. :)
  • 0

#12
handhfan
Posted 15 October 2009 - 02:23 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP