Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Autorun.inf Virus on a mobile HDD

Started by vorazechul , Mar 05 2011 09:44 AM

Please log in to reply

#1
vorazechul

Posted 05 March 2011 - 09:44 AM

New Member

Member
7 posts

Hi,

last Sunday the 28. I used my mobile HDD to help a friend reinstall his system as it was running quite slow. The Icon of my HDD changed when I was using his machine. After getting back home I checked the autorun.inf file to see why the Icon isn't showing anymore and found a reference to a hidden, unknown to me, file in:

X:\veliki\heroj.exe (checked in google translate and it means \great\hero.exe in Slovenian

)
Both the directory and the file were hidden.

The autorun.inf contained every possible references and commands to the file including shell; open; shellexecute; icon
(included was also a command with a reference to a particular personal activity that was probably not meant for my PC

)

I tried a scan with MSEssentials but the file was not recognized as a threat.
I then tried to rename it to .txt and open it with notepad, but the content was not readable that way.
Then I uploaded the file to virustotal.com and received positive identification as a threat from 30% of the software tools used to scan it.
Sadly I did not save a log file from virustotal and deleted the files personally. Only afterwards did I search on-line for help and stumbled upon "Geeks to go".

I also uninstalled MSEssentials and installed Avast free Antivirus.
Upon a deep scan with Avast two positive results came up and were both deleted by the program.
Here's a screen from the Scan log file:
http://dl.dropbox.co...51091/avast.JPG

I fear that I might have executed the virus file when I plugged my HDD, and therefore compromised my PC. And I need your help to find out for sure.

A few small bugs have popped up since the incident.
Once the space bar was not registering on my VLC player and at the same time I had zero traffic through my LAN connection (could not download or open any site). Both symptoms disappeared within a few hours.
There hasn't been anything else noteworthy.

Here is also my OTL log file
(scaning options set as in http://www.geekstogo...e_icons/otl.png):

====================================== OTL Log File ==============================================

OTL logfile created on: 05/03/2011 16:00:44 - Run 4
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Dimitar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 190.37 Gb Free Space | 63.86% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 226.38 Gb Free Space | 75.94% Space Free | Partition Type: NTFS

Computer Name: DIMI | User Name: Dimitar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dimitar\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Documents and Settings\Dimitar\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dimitar\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)

========== Driver Services (SafeList) ==========

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (hidusbf) -- C:\WINDOWS\system32\drivers\hidusbf.sys (SweetLow)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Thpdrv) -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Thpevm) -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2.20110110
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.4
FF - prefs.js..extensions.enabledItems: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8}:0.2.2
FF - prefs.js..extensions.enabledItems: {966762eb-7132-4081-ac70-20d20161ad96}:3.2.1
FF - prefs.js..extensions.enabledItems: {21cfaec0-dbb3-11dc-95ff-0800200c9a66}:1.1.2.4
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.85
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.4

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/22 10:43:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/02/28 14:21:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/19 22:10:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/22 10:44:36 | 000,000,000 | ---D | M]

[2011/02/22 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Extensions
[2011/02/22 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/03/05 15:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions
[2011/02/28 16:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2011/02/28 11:35:43 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011/02/27 00:47:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/27 04:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
[2011/02/28 11:35:43 | 000,000,000 | ---D | M] (Easy DragToGo) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
[2011/02/28 11:35:42 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2011/02/26 17:02:03 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/02/27 04:13:51 | 000,000,000 | ---D | M] ("Stop-or-Reload Button") -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
[2011/02/28 16:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2011/02/27 04:13:51 | 000,000,000 | ---D | M] (Clip to OneNote) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{966762eb-7132-4081-ac70-20d20161ad96}
[2011/02/25 10:04:41 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/02/21 01:38:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/19 02:45:08 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/02/28 16:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2011/02/26 05:49:53 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/24 11:01:31 | 000,000,000 | ---D | M] (Bulgarian Dictionary) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/27 00:47:50 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 16:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/24 11:01:31 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/24 11:01:31 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/26 17:02:04 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\FasterFox_Lite@BigRedBrent
[2011/02/27 00:47:50 | 000,000,000 | ---D | M] (FireGestures) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 11:35:41 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 11:01:35 | 000,000,000 | ---D | M] (Foxdie (Graphite)) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 11:35:42 | 000,000,000 | ---D | M] ("Lazy Click") -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/27 00:26:04 | 000,000,000 | ---D | M] (Omnibar) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 16:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 11:35:42 | 000,000,000 | ---D | M] (Saved Passwords Button) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 16:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 10:57:53 | 000,000,000 | ---D | M] (Strata RELOADED) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]
[2011/02/28 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]\chrome\3.5x\mozapps\extensions
[2011/02/28 10:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]\chrome\3.6x\mozapps\extensions
[2011/02/28 10:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]\chrome\3.6x\mozapps_old\extensions
[2011/02/28 10:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]\chrome\4.0x\mozapps\extensions
[2011/02/28 10:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]\chrome\imageres\mozapps\extensions
[2011/02/28 10:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\[email protected]\chrome\imageres\mozapps\extensions\3.6
[2011/02/22 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\SeaMonkey\Profiles\msoh7otm.default\extensions
[2011/02/26 05:50:39 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\searchplugins\hyperdictionarycom.xml
[2011/02/21 03:00:33 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\searchplugins\imdb.xml
[2011/03/01 07:42:10 | 000,004,873 | ---- | M] () -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\searchplugins\isohunt--bt-search.xml
[2011/03/01 13:50:08 | 000,002,612 | ---- | M] () -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\searchplugins\kickasstorrents.xml
[2011/02/26 05:55:51 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\searchplugins\zamundanet.xml
[2011/03/05 15:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/20 08:31:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/20 08:31:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/20 08:31:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 19:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 19:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 19:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 19:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/02/22 10:33:59 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Dimitar\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Dimitar\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298088958086 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dimitar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dimitar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/09 15:59:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/28 13:48:15 | 000,000,076 | R--- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 19:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/04 16:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\dvdcss
[2011/03/03 12:26:43 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dimitar\Desktop\OTL.exe
[2011/03/03 11:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel Corporation
[2011/03/03 11:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2011/03/02 15:24:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dimitar\Recent
[2011/03/02 09:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/03/02 09:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/02 08:09:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/02 07:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Desktop\VirusScan
[2011/03/02 07:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/03/02 05:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\PayPal
[2011/03/02 05:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/03/01 18:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\My Art
[2011/03/01 18:22:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\My Documents\Dropbox
[2011/03/01 18:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Dropbox
[2011/03/01 18:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Dropbox
[2011/02/28 14:21:20 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/28 14:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/02/28 14:21:19 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/28 14:21:18 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/28 14:21:17 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/28 14:21:17 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/28 14:21:16 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/28 14:21:16 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/28 14:21:15 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/28 14:21:04 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/28 14:21:04 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/28 14:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/02/28 14:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/26 08:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/02/26 07:31:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/02/26 07:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/02/26 07:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/02/26 07:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011/02/26 07:27:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/02/26 07:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/02/25 11:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\EA Games
[2011/02/25 10:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\EA Games
[2011/02/25 10:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DeadSpace 2 Collectors Edition
[2011/02/25 10:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\DeadSpace 2 Collectors Edition
[2011/02/25 08:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\Professional
[2011/02/25 08:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Jaangle
[2011/02/25 08:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Jaangle
[2011/02/25 08:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\Personal
[2011/02/24 01:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/02/24 01:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/02/24 01:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trine
[2011/02/23 00:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\CV
[2011/02/23 00:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\Temp
[2011/02/23 00:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/02/22 11:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\WebKit-r79284
[2011/02/22 10:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/02/22 10:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle ES2
[2011/02/22 01:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/02/22 01:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/21 18:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/02/21 18:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\SystemRequirementsLab
[2011/02/21 18:34:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/02/21 05:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/02/20 08:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/20 08:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Sun
[2011/02/20 00:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2011/02/19 23:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Apple Computer
[2011/02/19 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/02/19 22:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/19 22:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/02/19 22:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/19 22:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\Apple
[2011/02/19 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/19 21:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/02/19 21:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\Apple Computer
[2011/02/19 19:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Windows Search
[2011/02/19 19:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/02/19 19:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/19 19:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\Identities
[2011/02/19 19:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Windows Desktop Search
[2011/02/19 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/02/19 08:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/02/19 08:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/02/19 08:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/02/19 08:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/02/19 08:18:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\My Documents\My Videos
[2011/02/19 08:18:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/02/19 08:02:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/02/19 07:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/02/19 07:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/19 07:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/02/19 06:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/02/19 06:57:25 | 000,026,880 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\System32\drivers\WOWHD_kern_i386.sys
[2011/02/19 06:57:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/02/19 06:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/02/19 06:22:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/02/19 06:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung New PC Studio
[2011/02/19 06:20:39 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2011/02/19 06:20:39 | 000,098,432 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2011/02/19 06:20:39 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2011/02/19 06:20:39 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2011/02/19 06:20:39 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys
[2011/02/19 06:20:39 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2011/02/19 06:20:39 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys
[2011/02/19 06:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/02/19 06:19:40 | 000,238,952 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2011/02/19 06:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Samsung
[2011/02/19 06:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\My NPS Files
[2011/02/19 06:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\Samsung
[2011/02/19 06:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011/02/19 06:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/02/19 06:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\Downloaded Installations
[2011/02/19 05:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/02/19 05:56:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dimitar\IECompatCache
[2011/02/19 05:54:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dimitar\PrivacIE
[2011/02/19 05:53:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/02/19 05:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Thinstall
[2011/02/19 03:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2011/02/19 03:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/02/19 03:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/02/19 03:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/02/19 03:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/02/19 03:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/02/19 03:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011/02/19 03:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
[2011/02/19 03:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/02/19 03:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/02/19 02:59:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/02/19 02:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\Downloads
[2011/02/19 02:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/02/19 02:52:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/02/19 02:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\uTorrent
[2011/02/19 02:51:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/02/19 02:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\Mozilla
[2011/02/19 02:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Mozilla
[2011/02/19 02:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/02/19 02:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/19 02:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\vlc
[2011/02/19 02:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/19 02:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/02/19 02:41:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dimitar\IETldCache
[2011/02/18 22:56:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/18 22:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\My Notebook
[2011/02/18 22:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\AdobeUM
[2011/02/18 22:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Nethood
[2011/02/18 22:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
[2011/02/18 22:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011/02/18 22:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Intel
[2011/02/18 22:39:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/02/18 22:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Macromedia
[2011/02/18 22:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Identities
[2011/02/18 22:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\ATI
[2011/02/18 22:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Adobe
[2011/02/18 22:37:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dimitar\Application Data\Microsoft
[2011/02/18 22:37:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dimitar\SendTo
[2011/02/18 22:37:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dimitar\Application Data
[2011/02/18 22:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Startup
[2011/02/18 22:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\Start Menu
[2011/02/18 22:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\My Documents\My Pictures
[2011/02/18 22:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\My Documents\My Music
[2011/02/18 22:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\My Documents
[2011/02/18 22:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\Favorites
[2011/02/18 22:37:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Accessories
[2011/02/18 22:37:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dimitar\Cookies
[2011/02/18 22:37:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dimitar\Templates
[2011/02/18 22:37:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dimitar\PrintHood
[2011/02/18 22:37:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dimitar\Local Settings
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\WINDOWS
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\toshiba
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Application Data\Sonic
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\Microsoft
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Desktop
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\ATI
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\ApplicationHistory
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\Adobe
[2011/02/18 22:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}
[2011/02/18 22:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dimitar\My Documents\My Received Files
[2011/02/18 22:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/18 22:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/18 22:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/02/18 22:10:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/18 22:10:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/18 22:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/02/18 22:08:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/18 22:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/18 22:05:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/18 22:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/02/16 00:42:08 | 000,004,544 | ---- | C] (SweetLow) -- C:\WINDOWS\System32\drivers\hidusbf.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/05 03:50:12 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/04 20:05:02 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intel Processor Diagnostic Tool.lnk
[2011/03/04 19:41:04 | 000,279,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/03/04 19:41:03 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/03/04 17:22:43 | 000,562,393 | ---- | M] () -- C:\Documents and Settings\Dimitar\My Documents\GetTRDoc.pdf
[2011/03/04 09:29:39 | 000,201,666 | ---- | M] () -- C:\Documents and Settings\Dimitar\My Documents\Thermostatic Radiator Valve Heads RT56.05.pdf
[2011/03/03 12:26:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dimitar\Desktop\OTL.exe
[2011/03/03 10:35:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/03 09:32:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/03 09:32:52 | 3219,247,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/02 10:40:24 | 000,062,644 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/02 09:56:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/02 08:11:22 | 000,002,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Search Toolbar Take a tour.lnk
[2011/03/02 08:11:22 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TOSHIBA Services and Options.lnk
[2011/03/02 08:11:22 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HDtogo.LNK
[2011/03/02 08:11:22 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office OneNote 2003.lnk
[2011/03/02 08:11:22 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TOSHIBA Warranty.lnk
[2011/03/02 08:11:22 | 000,001,524 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create Drivers & Tools CD-ROM.lnk
[2011/03/02 07:59:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dimitar\defogger_reenable
[2011/03/02 07:57:42 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dimitar\Desktop\Defogger.exe
[2011/03/01 18:22:53 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Dimitar\Desktop\Dropbox.lnk
[2011/03/01 18:21:07 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Startup\Dropbox.lnk
[2011/02/28 14:21:21 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/02/28 14:21:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/28 14:20:21 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/27 05:48:50 | 000,487,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/27 05:48:50 | 000,087,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/25 10:20:46 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dead Space 2.lnk
[2011/02/25 10:01:46 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Dimitar\Desktop\Windows Media Player.lnk
[2011/02/25 08:46:17 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/02/25 08:36:50 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Dimitar\Application Data\Microsoft\Internet Explorer\Quick Launch\Jaangle.lnk
[2011/02/25 08:01:20 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/24 01:09:16 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Dimitar\Desktop\trine.lnk
[2011/02/23 17:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 17:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 16:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 16:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 16:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 16:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 16:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 16:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 16:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 16:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/22 21:33:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Dimitar\Desktop\WebKit.lnk
[2011/02/22 10:44:36 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[2011/02/19 20:37:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/19 20:37:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/19 08:23:07 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/02/19 08:21:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/02/19 08:20:35 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/02/19 08:00:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/19 06:21:10 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2011/02/19 06:19:35 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Dimitar\Application Data\$_hpcst$.hpc
[2011/02/19 03:14:34 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/02/19 03:05:51 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2011/02/19 02:53:25 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/02/19 02:43:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/02/19 02:43:40 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Dimitar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/19 02:43:40 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/18 22:44:54 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
[2011/02/18 22:43:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TPTray.INI
[2011/02/18 22:42:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\CeEKey.INI
[2011/02/18 22:40:07 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\fusioncache.dat
[2011/02/18 22:39:48 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\System32\drivers\TOSHIBA_SATELLITE M100_04139-G3_PSMA1E-01W00.MRK
[2011/02/18 22:37:05 | 000,000,445 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/18 22:37:02 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/02/18 22:08:03 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/18 20:13:27 | 000,040,517 | ---- | M] () -- C:\Documents and Settings\Dimitar\My Documents\DayX.html
[2011/02/07 17:35:50 | 000,123,165 | ---- | M] () -- C:\Documents and Settings\Dimitar\My Documents\bookmarks_09_02_2011.html
[2011/02/06 09:32:26 | 000,128,708 | ---- | M] () -- C:\Documents and Settings\Dimitar\My Documents\Zoho.com Whats-new.pdf
[2011/02/05 15:04:39 | 017,391,222 | ---- | M] () -- C:\Documents and Settings\Dimitar\My Documents\101223_energy_report_final_print_2.pdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/04 19:41:04 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/03/04 19:41:03 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/03/04 17:22:43 | 000,562,393 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\GetTRDoc.pdf
[2011/03/04 09:29:39 | 000,201,666 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\Thermostatic Radiator Valve Heads RT56.05.pdf
[2011/03/03 11:09:54 | 000,002,531 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intel Processor Diagnostic Tool.lnk
[2011/03/02 09:56:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/02 07:59:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dimitar\defogger_reenable
[2011/03/02 07:57:42 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dimitar\Desktop\Defogger.exe
[2011/03/01 18:22:53 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Dimitar\Desktop\Dropbox.lnk
[2011/03/01 18:21:07 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Startup\Dropbox.lnk
[2011/02/28 14:21:21 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/02/25 10:20:46 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dead Space 2.lnk
[2011/02/25 08:36:50 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Dimitar\Application Data\Microsoft\Internet Explorer\Quick Launch\Jaangle.lnk
[2011/02/24 01:09:16 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Dimitar\Desktop\trine.lnk
[2011/02/22 21:33:10 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Dimitar\Desktop\WebKit.lnk
[2011/02/22 10:44:36 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011/02/22 10:44:36 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2011/02/22 10:44:36 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[2011/02/22 01:48:05 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/02/22 01:48:05 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/02/20 23:04:05 | 000,062,644 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/20 00:12:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2011/02/19 22:00:01 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/02/19 08:23:07 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/02/19 08:23:07 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/02/19 08:20:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/02/19 08:00:12 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/19 08:00:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/19 06:57:25 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2011/02/19 06:57:25 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2011/02/19 06:21:10 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2011/02/19 06:19:40 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/02/19 06:19:40 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/02/19 06:19:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dimitar\Application Data\$_hpcst$.hpc
[2011/02/19 05:57:55 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/02/19 04:03:17 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/19 03:05:51 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2011/02/19 02:53:25 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/02/19 02:43:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/19 02:43:40 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Dimitar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/19 02:43:40 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/18 22:44:54 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
[2011/02/18 22:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2011/02/18 22:42:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2011/02/18 22:40:09 | 003,072,054 | ---- | C] () -- C:\WINDOWS\TOSHIBA SATELLITE.bmp
[2011/02/18 22:39:56 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Dimitar\Desktop\Windows Media Player.lnk
[2011/02/18 22:39:48 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\drivers\TOSHIBA_SATELLITE M100_04139-G3_PSMA1E-01W00.MRK
[2011/02/18 22:37:25 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Remote Assistance.lnk
[2011/02/18 22:37:25 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Internet Explorer.lnk
[2011/02/18 22:37:25 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Windows Media Player.lnk
[2011/02/18 22:37:25 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Dimitar\Start Menu\Programs\Outlook Express.lnk
[2011/02/18 22:37:25 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Dimitar\Local Settings\Application Data\fusioncache.dat
[2011/02/18 22:37:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dimitar\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/18 22:37:03 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HDtogo.LNK
[2011/02/18 22:30:13 | 3219,247,104 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/18 22:08:13 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/02/18 22:08:13 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/02/18 22:08:12 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/02/18 20:16:03 | 000,040,517 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\DayX.html
[2011/02/07 17:35:49 | 000,123,165 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\bookmarks_09_02_2011.html
[2011/02/07 17:30:47 | 000,128,708 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\Zoho.com Whats-new.pdf
[2011/02/07 17:30:04 | 000,454,414 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\Brochure_BG.pdf
[2011/02/07 17:30:02 | 017,391,222 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\101223_energy_report_final_print_2.pdf
[2011/02/07 17:29:58 | 004,985,193 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\Mathematik_Stochastik.pdf
[2011/02/07 17:29:58 | 000,452,276 | ---- | C] () -- C:\Documents and Settings\Dimitar\My Documents\Fragenkatalog_mitAntwortenLWBMetall2Lj.pdf
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/13 14:36:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/10 15:49:11 | 000,132,584 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/10 13:33:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/10 13:15:57 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/02/10 12:47:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/10 11:58:37 | 000,000,218 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/10 11:50:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/10 11:50:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/10 11:50:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/10 11:50:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/10 11:50:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/10 11:50:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/10 11:45:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/10 09:51:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/02/10 09:22:42 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/10 09:22:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/10 09:22:42 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/10 09:22:42 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/10 09:20:44 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/02/10 09:20:44 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/02/10 09:20:41 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/10 09:20:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/09 16:02:36 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/09 16:01:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/09 15:57:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/09 15:52:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/09 15:51:26 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/09 14:46:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2006/02/09 14:46:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/02/09 14:46:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/09 14:45:31 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/09 14:45:28 | 000,487,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/09 14:45:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/09 14:45:28 | 000,087,260 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/09 14:45:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/09 14:45:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/09 14:45:25 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/09 14:45:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/09 14:45:21 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/09 14:45:21 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/09 14:45:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/09 14:45:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/12/09 16:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/29 05:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/23 15:41:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/11/23 13:42:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/28 14:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/22 11:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/02/19 06:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/03/03 09:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dimitar\Application Data\Dropbox
[2011/02/19 06:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dimitar\Application Data\Samsung
[2011/03/03 10:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dimitar\Application Data\SystemRequirementsLab
[2011/02/19 05:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dimitar\Application Data\Thinstall
[2011/02/19 05:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dimitar\Application Data\toshiba
[2011/03/05 16:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dimitar\Application Data\uTorrent
[2011/02/19 19:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dimitar\Application Data\Windows Desktop Search
[2011/02/19 19:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dimitar\Application Data\Windows Search

========== Purity Check ==========

< End of report >

Edited by vorazechul, 05 March 2011 - 09:54 AM.

#2
RKinner

Posted 05 March 2011 - 11:41 AM

Malware Expert

Expert
24,625 posts

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

Close the Command Prompt window.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Also install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron

#3
vorazechul

Posted 05 March 2011 - 03:34 PM

New Member

Topic Starter
Member
7 posts

Hi,

1. I connected my mobile Hard Disc Drive and my two Flash Drives to the PC.
I ran the Flash_Disinfector.exe but it created an autorun directory only in one of the Flash drives. The other two drives have autorun.inf files that I have created and are unaltered. Should i delete these and run the Flash_Disinfector.exe again?

2. I downloaded and installed AutoRun Eater v2.5 and it is as of now part of the System.

3. I downloaded MalwareBytes', installed it, updated it, an ran it with the following results:

====================================== MalwareBytes' log file =================================

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5966

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/03/2011 21:20:57
mbam-log-2011-03-05 (21-20-57).txt

Scan type: Full scan (C:\|E:\|G:\|H:\|)
Objects scanned: 241499
Time elapsed: 55 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4. I downloaded ComboFix.exe and renamed it to george.exe, and saved it to the Desktop.
I ran it and it installed the Microsoft Recovery Console after which it started scanning.
Around "scanning faze 44" (not sure if I've written the exact formulation) the system simply rebooted on its own.

5. I downloaded MBRCheck.exe an ran it with following results:

=============================== MBRCheck log file ===========================================

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74A2000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7482000 fltmgr.sys
0xF7470000 sr.sys
0xF745A000 DRVMCDB.SYS
0xF7717000 PxHelp20.sys
0xF7443000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7416000 NDIS.sys
0xF798B000 Thpevm.SYS
0xF7667000 thpdrv.sys
0xBA7E6000 Mup.sys
0xBA648000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9D4C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9D38000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9D10000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9CEC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA638000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9CC4000 \SystemRoot\system32\drivers\tifm21.sys
0xB9CB0000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB9C88000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA7AA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA628000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9C6F000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7677000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7807000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA7A6000 \SystemRoot\system32\drivers\pfc.sys
0xF79C9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF7687000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9C4C000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9F29000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7547000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA78E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9C35000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7537000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7527000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7797000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9C24000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7517000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF779F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7507000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF74F7000 \SystemRoot\system32\DRIVERS\VClone.sys
0xB9B6C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF79CB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9B0E000 \SystemRoot\system32\DRIVERS\update.sys
0xBA782000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA6B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9668000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA9644000 \SystemRoot\system32\drivers\portcls.sys
0xBA688000 \SystemRoot\system32\drivers\drmk.sys
0xBA678000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xBA668000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xA94E1000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF79D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77CF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB9AE6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA76D000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF775F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF776F000 \SystemRoot\System32\drivers\vga.sys
0xF79FB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7767000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9ADE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA93BE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9365000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7587000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA933F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9317000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7577000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7787000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA92F5000 \SystemRoot\System32\drivers\afd.sys
0xF7567000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7557000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9AC2000 \SystemRoot\System32\Drivers\TPwSav.sys
0xA92CA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA925A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9C14000 \SystemRoot\System32\Drivers\Fips.SYS
0xF777F000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA9212000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA918C000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xA963C000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA91FA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9BB4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9BA4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA91F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA905C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7991000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9188000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7817000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB9EF8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09B000 \SystemRoot\System32\atikvmag.dll
0xBF0DF000 \SystemRoot\System32\ati3duag.dll
0xBF323000 \SystemRoot\System32\ativvaxx.dll
0xBF563000 \SystemRoot\System32\ATMFD.DLL
0xA702C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9104000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB9F2A000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA6EDE000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA7020000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF799D000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xA9154000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA6EC6000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA6EB0000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA9114000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA6F14000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA6E94000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6BC9000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA6B7D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA65A0000 \SystemRoot\system32\drivers\wdmaud.sys
0xA687D000 \SystemRoot\system32\drivers\sysaudio.sys
0xA6343000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA6300000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA962C000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA61B8000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5D8F000 \SystemRoot\System32\Drivers\HTTP.sys
0xA5DE0000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 SYSTEM
736 C:\WINDOWS\system32\smss.exe
808 csrss.exe
836 C:\WINDOWS\system32\winlogon.exe
880 C:\WINDOWS\system32\services.exe
900 C:\WINDOWS\system32\lsass.exe
1108 C:\WINDOWS\system32\ati2evxx.exe
1128 C:\WINDOWS\system32\svchost.exe
1212 svchost.exe
1324 C:\WINDOWS\system32\svchost.exe
1384 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1416 C:\WINDOWS\system32\ati2evxx.exe
1492 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1692 svchost.exe
1728 svchost.exe
1876 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1932 C:\WINDOWS\explorer.exe
216 C:\WINDOWS\agrsmmsg.exe
224 C:\Program Files\Apoint2K\Apoint.exe
244 C:\WINDOWS\system32\ZoomingHook.exe
252 C:\WINDOWS\system32\TCtrlIOHook.exe
264 C:\WINDOWS\system32\TPSMain.exe
380 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
396 C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
416 C:\WINDOWS\system32\TDispVol.exe
444 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
452 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
460 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
468 C:\Program Files\Toshiba\Tvs\TvsTray.exe
516 C:\WINDOWS\RTHDCPL.exe
556 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
564 C:\Program Files\AVAST Software\Avast\AvastUI.exe
576 C:\Program Files\Autorun Eater\oldmcdonald.exe
592 C:\WINDOWS\system32\ctfmon.exe
600 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
640 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
668 C:\WINDOWS\system32\TPSBattM.exe
744 C:\Program Files\Apoint2K\ApntEx.exe
760 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
772 C:\Documents and Settings\Dimitar\Application Data\Dropbox\bin\Dropbox.exe
780 C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
1524 C:\Program Files\Autorun Eater\billy.exe
2132 C:\WINDOWS\system32\spoolsv.exe
2844 svchost.exe
2880 C:\Program Files\Bonjour\mDNSResponder.exe
3060 C:\WINDOWS\system32\FsUsbExService.Exe
3144 C:\Program Files\Java\jre6\bin\jqs.exe
3172 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
3216 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3520 C:\WINDOWS\system32\searchindexer.exe
2292 alg.exe
652 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
628 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1008 C:\Program Files\Mozilla Firefox\firefox.exe
2040 C:\WINDOWS\system32\igfxsrvc.exe
1836 C:\Documents and Settings\Dimitar\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEKT-08PVMT1, Rev: 02.01A02
PhysicalDrive3 Model Number: TOSHIBAUSB 2.5"-HDD, Rev: 100

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive3 MBR Code Faked!
SHA1: 8D0918FC805658D413FCD376CDC96F8B2711B10C

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

And thanks for the prompt response.
I'll be waiting for further instructions.

Dimitar

Edited by vorazechul, 05 March 2011 - 05:50 PM.

#4
RKinner

Posted 05 March 2011 - 06:28 PM

Malware Expert

Expert
24,625 posts

It is supposed to replace all autorun.inf files with autorun.inf directories but Autorun Eater will prevent any it misses from doing anything so it's up to you.

Run MBRCheck again and this time hit Enter and select 1
([1] Dump the MBR of a physical disk to file.}

You want to dump 3 and then save it to c:\mbrdumpvora.txt

This file is not a text file so do not open it. Just attach it to your next post and I will look at it.

Try booting into Safe Mode with Networking and try running combofix again.

http://www.microsoft...e.mspx?mfr=true

If it still fails:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

#5
vorazechul

Posted 06 March 2011 - 04:25 AM

New Member

Topic Starter
Member
7 posts

Hi,

1. I made the dump file and it is attached to the post

2. ComboFix ran in safemode but wanted me to stop Avast even when I could not find it in the Task Manager so I uninstalled Avast.
And here is the log file from the scan:

=========================================== ComboFix log file =====================================================

ComboFix 11-03-05.01 - Dimitar 05/03/2011 22:26:07.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1251.359.1033.18.3070.2794 [GMT 2:00]
Running from: c:\documents and settings\Dimitar\Desktop\george.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-05 18:23 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 18:23 . 2011-03-05 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-05 18:23 . 2011-03-05 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 18:23 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 18:13 . 2011-03-05 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2011-03-05 18:13 . 2011-03-05 18:13 -------- d-----w- c:\program files\Autorun Eater
2011-03-04 17:41 . 2011-03-04 17:41 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-03-04 17:41 . 2011-03-04 17:41 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-03-03 09:09 . 2011-03-03 09:09 -------- d-----w- c:\program files\Intel Corporation
2011-03-02 07:56 . 2011-03-02 07:56 -------- d-----w- c:\program files\CCleaner
2011-03-02 06:21 . 2008-04-14 02:23 79360 ----a-w- c:\windows\system32\tasklist.exe
2011-03-02 05:50 . 2011-03-02 05:50 -------- d-----w- c:\program files\trend micro
2011-03-02 03:11 . 2011-03-02 03:11 -------- d-----w- c:\program files\EASEUS
2011-02-28 12:21 . 2011-03-05 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-02-28 12:21 . 2011-02-28 12:21 -------- d-----w- c:\program files\AVAST Software
2011-02-26 05:32 . 2011-02-26 05:32 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-02-26 05:31 . 2011-02-26 05:31 -------- d-----w- c:\windows\system32\XPSViewer
2011-02-26 05:31 . 2011-02-26 05:31 -------- d-----w- c:\program files\MSBuild
2011-02-26 05:31 . 2011-02-26 05:31 -------- d-----w- c:\program files\Reference Assemblies
2011-02-26 05:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-02-26 05:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-26 05:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-26 05:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-26 05:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-26 05:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-26 05:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-26 05:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-26 05:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-26 05:27 . 2011-02-26 05:27 -------- d-----w- c:\windows\system32\xlive
2011-02-26 05:27 . 2011-02-26 05:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-02-25 08:20 . 2011-02-25 08:20 -------- d--h--w- c:\windows\msdownld.tmp
2011-02-25 08:16 . 2011-02-25 08:53 -------- d-----w- c:\program files\DeadSpace 2 Collectors Edition
2011-02-25 08:01 . 2008-04-14 03:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-02-25 06:36 . 2011-03-06 00:24 -------- d-----w- c:\program files\Jaangle
2011-02-23 23:14 . 2011-02-23 23:14 -------- d-----w- c:\program files\NVIDIA Corporation
2011-02-23 23:14 . 2011-02-26 05:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-02-23 23:08 . 2011-02-23 23:18 -------- d-----w- c:\program files\Trine
2011-02-22 22:01 . 2011-02-23 00:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-02-22 08:58 . 2011-02-22 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-21 23:47 . 2011-02-21 23:48 -------- d-----w- c:\program files\Safari
2011-02-21 23:47 . 2011-02-21 23:47 -------- d-----w- c:\program files\Bonjour
2011-02-21 16:42 . 2011-03-03 08:52 -------- d-----w- c:\program files\SystemRequirementsLab
2011-02-21 16:34 . 2011-02-21 16:34 -------- d-----w- c:\windows\Sun
2011-02-21 03:31 . 2011-02-21 03:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-02-20 06:31 . 2011-02-20 06:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-20 06:31 . 2011-02-20 06:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-20 01:01 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-19 22:12 . 2006-03-25 11:39 40 ----a-w- c:\windows\system32\drivers\RtkHDAud.dat
2011-02-19 22:12 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
2011-02-19 20:01 . 2011-02-19 21:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-19 20:01 . 2011-02-19 21:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-19 20:01 . 2011-02-19 21:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-19 20:01 . 2011-02-19 21:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-19 20:01 . 2011-02-19 21:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-19 20:01 . 2011-02-19 21:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-19 20:01 . 2011-02-19 21:39 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-19 20:00 . 2011-02-19 20:01 -------- d-----w- c:\program files\QuickTime
2011-02-19 20:00 . 2011-02-19 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-02-19 20:00 . 2011-02-19 20:00 -------- d-----w- c:\program files\Common Files\Apple
2011-02-19 19:59 . 2011-02-19 20:00 -------- d-----w- c:\program files\Apple Software Update
2011-02-19 19:59 . 2011-02-19 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-02-19 17:40 . 2011-03-02 07:53 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-19 17:39 . 2011-02-19 17:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-19 06:22 . 2011-02-19 23:01 -------- d-----w- c:\program files\Windows Desktop Search
2011-02-19 06:22 . 2011-02-19 06:22 -------- d-----w- c:\windows\system32\GroupPolicy
2011-02-19 06:22 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-02-19 06:22 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-02-19 06:22 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-02-19 06:21 . 2011-02-19 06:21 -------- d-----w- c:\program files\Windows Media Connect 2
2011-02-19 06:20 . 2011-02-19 06:21 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-19 06:20 . 2011-02-19 06:20 -------- d-----w- c:\windows\system32\LogFiles
2011-02-19 06:19 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-19 06:02 . 2011-02-19 06:02 -------- d-----w- c:\windows\system32\Adobe
2011-02-19 05:59 . 2011-02-22 08:45 -------- d-----w- c:\program files\Common Files\Adobe
2011-02-19 05:58 . 2011-02-19 05:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-19 05:57 . 2011-02-19 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-19 05:13 . 2005-12-19 17:14 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-02-19 05:13 . 2005-12-19 17:14 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-02-19 05:13 . 2005-12-19 17:14 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-02-19 05:13 . 2005-12-19 17:11 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-02-19 05:13 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-02-19 05:13 . 2011-02-19 05:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-02-19 05:13 . 2011-02-19 05:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-02-19 04:58 . 2011-02-19 04:58 -------- d-----w- c:\program files\MSXML 4.0
2011-02-19 04:57 . 2006-05-30 14:42 45696 ----a-w- c:\windows\system32\drivers\Tvs.sys
2011-02-19 04:57 . 2005-10-25 15:33 36736 ----a-w- c:\windows\system32\drivers\CSIIDecoder_kern_i386.sys
2011-02-19 04:57 . 2005-08-18 07:45 26880 ----a-w- c:\windows\system32\drivers\WOWHD_kern_i386.sys
2011-02-19 04:57 . 2005-01-25 12:35 29184 ----a-w- c:\windows\system32\drivers\TSXT_kern_i386.sys
2011-02-19 04:51 . 2011-02-19 04:51 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-02-19 04:49 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-19 04:49 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-19 04:49 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-19 04:49 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-19 04:49 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-19 04:49 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-19 04:48 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-19 04:47 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-19 04:47 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-02-19 04:46 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-19 04:46 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-02-19 04:46 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-19 04:46 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-19 04:44 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-02-19 04:44 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-19 04:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-19 04:42 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-19 04:41 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-19 04:40 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-19 04:40 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-19 04:40 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-19 04:39 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-02-19 04:37 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-02-19 04:33 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-19 04:33 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-02-19 04:31 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-19 04:31 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-02-19 03:59 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-19 01:14 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-02-19 01:14 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2011-02-19 01:13 . 2011-02-19 01:13 -------- d-----w- c:\program files\Common Files\L&H
2011-02-19 01:13 . 2011-02-19 01:13 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-02-19 01:13 . 2011-02-19 01:16 -------- d-----w- c:\program files\Microsoft Works
2011-02-19 01:12 . 2011-02-19 01:13 -------- d-----w- c:\windows\SHELLNEW
2011-02-19 01:05 . 2011-02-19 01:05 -------- d-----w- c:\program files\Elaborate Bytes
2011-02-19 01:05 . 2011-02-19 01:05 -------- d-----w- c:\program files\7-Zip
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2006-02-09 12:45 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-09 12:45 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-09 12:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-02-09 12:45 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-02-09 12:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2006-02-09 12:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2006-02-09 12:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2006-02-09 12:45 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-02-09 12:45 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2006-02-09 12:45 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2006-02-09 12:45 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2006-02-09 12:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Dimitar\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Dimitar\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Dimitar\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Dimitar\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"Zooming"="ZoomingHook.exe" [2005-06-06 24576]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 28672]
"TPSMain"="TPSMain.exe" [2005-08-11 266240]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-27 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Dimitar\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Dimitar\Application Data\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DeadSpace 2 Collectors Edition\\deadspace2.exe"=
"c:\\Documents and Settings\\Dimitar\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [28/12/2004 01:31 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [15/02/2006 08:27 6144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [19/02/2011 06:19 238952]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [19/02/2011 06:19 36608]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [16/02/2011 00:42 4544]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [19/02/2011 06:20 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [19/02/2011 06:20 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [19/02/2011 06:20 123648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {87DF6853-A61D-4015-A3B6-082E7E4552F5} = 89.190.209.253,89.190.209.254
FF - ProfilePath - c:\documents and settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Bulgarian Dictionary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: United States English Spellchecker: [email protected] - %profile%\extensions\[email protected]
FF - Ext: German Dictionary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Add to Search Bar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent
FF - Ext: Omnibar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FireGestures: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Foxdie for Firefox: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Stop-or-Reload Button: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8} - %profile%\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
FF - Ext: Clip to OneNote: {966762eb-7132-4081-ac70-20d20161ad96} - %profile%\extensions\{966762eb-7132-4081-ac70-20d20161ad96}
FF - Ext: Easy DragToGo: {21cfaec0-dbb3-11dc-95ff-0800200c9a66} - %profile%\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
FF - Ext: GoogleEnhancer: {21e48e29-f574-4619-b65d-0f00eea92e5b} - %profile%\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
FF - Ext: Strata RELOADED: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Foxdie (Graphite): [email protected] - %profile%\extensions\[email protected]
FF - Ext: Lazy Click: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Saved Passwords Button: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 22:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-03-05 22:31:35
ComboFix-quarantined-files.txt 2011-03-05 20:31
.
Pre-Run: 227,444,441,088 bytes free
Post-Run: 227,489,443,840 bytes free
.
- - End Of File - - 746199A71F947C79B3429EC06E882E0A

3. As ComboFix did work, I didn't perform the "Check disk" procedure.
But i did make the other file integrity tests.

--- sigverif(in Windows normal mode):

files found 3406; Signed files 2453; Unsigned files 1; Files not scanned 952
vclone.sys c:\windows\system32\drivers 09.08.2009 SYS file 5.4.3.5

--- "sfc /scannow" ended without showing any result

4. Event viewer:

===================================== Event View - System =========================================

Vino's Event Viewer v01c run on Windows XP in English
Report run at 06/03/2011 12:07:56

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/03/2011 22:32:20
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 05/03/2011 22:23:53
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: ElbyCDIO Fips intelppm TPwSav

Log: 'System' Date/Time: 05/03/2011 22:22:33
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 05/03/2011 22:31:39
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 05/03/2011 22:29:54
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Log: 'System' Date/Time: 05/03/2011 22:23:53
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi ElbyCDIO Fips intelppm TPwSav

Log: 'System' Date/Time: 05/03/2011 22:22:39
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 02/03/2011 15:03:28
Type: error Category: 0
Event: 34 Source: W32Time
The time service has detected that the system time needs to be changed by +65590 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source 0.bg.pool.ntp.org (ntp.m|0x1|***IPAddress***->85.130.119.200:123) is working properly.

Log: 'System' Date/Time: 02/03/2011 05:51:56
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 59 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 02/03/2011 05:51:56
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '0.bg.pool.ntp.org,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 02/03/2011 05:21:56
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 02/03/2011 05:21:56
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '0.bg.pool.ntp.org,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 02/03/2011 05:06:50
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 02/03/2011 05:06:50
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '0.bg.pool.ntp.org,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 02/03/2011 05:06:35
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 02/03/2011 05:06:35
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '0.bg.pool.ntp.org,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 02/03/2011 05:05:46
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 02/03/2011 05:05:46
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '0.bg.pool.ntp.org,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 28/02/2011 14:05:25
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2011 08:35:13
Type: error Category: 0
Event: 34 Source: W32Time
The time service has detected that the system time needs to be changed by +109486 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source 0.bg.pool.ntp.org (ntp.m|0x1|***IPAddress***->87.120.42.2:123) is working properly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/03/2011 04:32:32
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 06/03/2011 02:35:10
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 06/03/2011 00:23:06
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 06/03/2011 00:09:04
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 04/03/2011 22:51:26
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 04/03/2011 05:58:17
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 03/03/2011 22:34:11
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 03/03/2011 18:51:35
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 03/03/2011 16:02:15
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 03/03/2011 14:46:14
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 03/03/2011 14:04:00
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 03/03/2011 13:45:34
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/03/2011 21:45:53
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/03/2011 19:35:29
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/03/2011 18:38:14
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/03/2011 17:58:04
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/03/2011 16:37:19
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/03/2011 11:34:18
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/03/2011 10:40:06
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/03/2011 06:50:22
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

======================================= Event View - Applications ==================================

Vino's Event Viewer v01c run on Windows XP in English
Report run at 06/03/2011 12:08:29

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/03/2011 05:00:38
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 4015

Log: 'Application' Date/Time: 06/03/2011 05:00:38
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 4015

Log: 'Application' Date/Time: 06/03/2011 05:00:38
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 06/03/2011 05:00:36
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 1984

Log: 'Application' Date/Time: 06/03/2011 05:00:36
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 1984

Log: 'Application' Date/Time: 06/03/2011 05:00:36
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 05/03/2011 23:54:15
Type: error Category: 3
Event: 3013 Source: Windows Search Service
The entry <C:\DOCUMENTS AND SETTINGS\DIMITAR\RECENT\SEXY.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 05/03/2011 23:54:15
Type: error Category: 3
Event: 3013 Source: Windows Search Service
The entry <C:\DOCUMENTS AND SETTINGS\DIMITAR\RECENT\SEXY.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 05/03/2011 19:51:32
Type: error Category: 3
Event: 3013 Source: Windows Search Service
The entry <C:\GEORGE\TEMP00> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 05/03/2011 22:09:22
Type: error Category: 3
Event: 3013 Source: Windows Search Service
The entry <C:\GEORGE\TEMP0002> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 05/03/2011 22:09:21
Type: error Category: 3
Event: 3013 Source: Windows Search Service
The entry <C:\GEORGE\TEMP0001> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 05/03/2011 22:09:21
Type: error Category: 3
Event: 3013 Source: Windows Search Service
The entry <C:\GEORGE\TEMP0001> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 05/03/2011 04:43:03
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 4172

Log: 'Application' Date/Time: 05/03/2011 04:43:03
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 4172

Log: 'Application' Date/Time: 05/03/2011 04:43:03
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 05/03/2011 04:43:00
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 1984

Log: 'Application' Date/Time: 05/03/2011 04:43:00
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 1984

Log: 'Application' Date/Time: 05/03/2011 04:43:00
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 04/03/2011 09:14:46
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 04/03/2011 09:14:24
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application AcroRd32.exe, version 10.0.1.434, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/03/2011 05:01:10
Type: warning Category: 3
Event: 3086 Source: Windows Search Service
The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Application, SystemIndex Catalog

Log: 'Application' Date/Time: 27/02/2011 05:49:16
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 27/02/2011 05:49:16
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 27/02/2011 05:49:16
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 27/02/2011 05:49:16
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Log: 'Application' Date/Time: 27/02/2011 05:49:10
Type: warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.3615 - Executable "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\17179b71d7680399c00ce88ddc310209\mscorlib.ni.dll"

Log: 'Application' Date/Time: 27/02/2011 05:48:51
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 27/02/2011 05:45:31
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 27/02/2011 05:43:04
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 27/02/2011 05:40:50
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 27/02/2011 05:40:50
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 27/02/2011 05:40:50
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 27/02/2011 05:40:49
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Log: 'Application' Date/Time: 27/02/2011 05:40:24
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 27/02/2011 05:37:59
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 26/02/2011 07:31:26
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
HttpModules node ServiceModel does not exist in System.Web section group.

Log: 'Application' Date/Time: 26/02/2011 07:31:26
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
HttpHandlers node *.svc does not exist in System.Web section group.

Log: 'Application' Date/Time: 26/02/2011 07:31:26
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
All compilation assembly nodes do not exist in System.Web section group.

Log: 'Application' Date/Time: 26/02/2011 07:31:26
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.

Log: 'Application' Date/Time: 26/02/2011 07:31:25
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

5. Upon starting Gmer the system reboots.

Attached Files

mbrdumpvora.txt 512bytes 168 downloads

Edited by vorazechul, 06 March 2011 - 04:43 AM.

#6
RKinner

Posted 06 March 2011 - 09:47 AM

Malware Expert

Expert
24,625 posts

MBR seems to be OK.

Since GMER won't run let's try RootRepeal

Download RootRepeal from the one of the following locations and save it to your desktop.
Zip Mirrors (Recommended)
Secondary Mirror
Secondary Mirror

[*]Extract RootRepeal.exe from the archive.
[*]Open Posted Image

on your desktop.
[*]Click the Posted Image

tab.
[*]Click the Posted Image

button.
[*]Check all seven boxes: Posted Image

[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image

button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
Ron

#7
vorazechul

Posted 06 March 2011 - 10:47 AM

New Member

Topic Starter
Member
7 posts

Hi,

And here is the RootRepeal report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2011/03/06 18:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9325000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A01000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA58F8000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xba7702ee

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba7702e4

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xba7702f3

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xba7702fd

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0xba77031b

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xba770302

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba7702d0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba7702d5

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xba77030c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xba770307

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0xba770320

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xba7702f8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xba7702df

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xba7702da

==EOF==

Dimitar

#8
RKinner

Posted 06 March 2011 - 11:15 AM

Malware Expert

Expert
24,625 posts

It found something but doesn't know what it is.

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

#9
vorazechul

Posted 06 March 2011 - 12:06 PM

New Member

Topic Starter
Member
7 posts

Hi,

As it seems my dropbox got killed by RogueKiller. Dropbox is a service for storing data on an on-line server: http://www.dropbox.com

Also Bit Defender did not find anything threatening (or so it says)

====================================== RogueKiller report =============================

RogueKiller V4.1.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Dimitar [Admin rights]
Mode: Scan -- Date : 03/06/2011 19:49:09

Bad processes: 1
[APPDT/TMP/DESKTOP] Dropbox.exe -- c:\documents and settings\dimitar\application data\dropbox\bin\dropbox.exe -> KILLED

Registry Entries: 2
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{87DF6853-A61D-4015-A3B6-082E7E4552F5} : NameServer (89.190.209.253,89.190.209.254) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{87DF6853-A61D-4015-A3B6-082E7E4552F5} : NameServer (89.190.209.253,89.190.209.254) -> FOUND

HOSTS File:
127.0.0.1 localhost

Finished

======================================== BitDefender Report ==================================

QuickScan Beta 32-bit v0.9.9.77
-------------------------------
Scan date: Sun Mar 06 20:00:26 2011
Machine ID: E45F2338

No infection found.
-------------------

Processes
---------
(unsigned) Agere SoftModem Messaging Applet 996 C:\WINDOWS\agrsmmsg.exe
(unsigned) Billy The Goat 712 C:\Program Files\Autorun Eater\billy.exe
(unsigned) Catalyst Control Centre 2644 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(unsigned) Catalyst Control Centre 2388 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(unsigned) Catalyst Control Centre 1912 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(unsigned) Drive Letter Access Component 1268 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(unsigned) Intel® PROSet/Wireless 1484 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(unsigned) Intel® PROSet/Wireless Event Log 1352 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(unsigned) Intel® PROSet/Wireless Registry Servi 2404 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(unsigned) Intel® PROSet/Wireless Service 1460 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(unsigned) Old McDonald 1996 C:\Program Files\Autorun Eater\oldmcdonald.exe
(unsigned) TDispVol 1388 C:\WINDOWS\system32\TDispVol.exe
(unsigned) TFncKy 1328 C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
(unsigned) TOSHIBA Control Utility Hotkey Hook 1232 C:\WINDOWS\system32\TCtrlIOHook.exe
(unsigned) TOSHIBA Power Saver 152 C:\WINDOWS\system32\TPSBattM.exe
(unsigned) TOSHIBA Power Saver 1256 C:\WINDOWS\system32\TPSMain.exe
(unsigned) TOSHIBA Virtual Sound 1548 C:\Program Files\Toshiba\Tvs\TvsTray.exe
(unsigned) TOSHIBA Zooming Utility Hotkey Hook 1132 C:\WINDOWS\system32\ZoomingHook.exe
(unsigned) ZeroCfgSvc Application 1424 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

(verified) AcroTray - Adobe Acrobat Distiller help 1808 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(verified) Alps Pointing-device Driver 868 C:\Program Files\Apoint2K\Apoint.exe
(verified) Alps Pointing-device Driver for Windows 1860 C:\Program Files\Apoint2K\ApntEx.exe
(verified) AntiVir Desktop 244 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) AntiVir Desktop 436 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(verified) AntiVir Desktop 3628 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(verified) AntiVir Desktop 2184 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(verified) AntiVir Desktop 3668 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(verified) AntiVir Desktop 1848 C:\Program Files\Avira\AntiVir Desktop\sched.exe
(verified) ATI External Event Utility for Windows 1392 C:\WINDOWS\system32\ati2evxx.exe
(verified) ATI External Event Utility for Windows 1080 C:\WINDOWS\system32\ati2evxx.exe
(verified) Bonjour 928 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) CwService 2144 C:\WINDOWS\system32\FsUsbExService.Exe
(verified) Firefox 6316 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Intel® Common User Interface 2056 C:\WINDOWS\system32\igfxsrvc.exe
(verified) Java™ Platform SE 6 U24 2236 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Microsoft Office OneNote 700 C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
(verified) Microsoft® Visual Studio .NET 2348 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(verified) Microsoft® Windows® Operating System 1236 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(verified) Microsoft® Windows® Operating System 404 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3040 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 776 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 544 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 864 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 2748 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 852 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1796 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 188 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1676 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1584 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1304 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 808 C:\WINDOWS\system32\winlogon.exe
(verified) Realtek HD Audio Sound Effect Manager 1640 C:\WINDOWS\RTHDCPL.exe
(verified) Samsung PC Studio 396 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(verified) Virtual CloneDrive 1496 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

Network activity
----------------
Process avwebgrd.exe (3668) connected on port 80 (HTTP) --> 64.18.21.1
Process avwebgrd.exe (3668) connected on port 80 (HTTP) --> 66.220.153.19
Process avwebgrd.exe (3668) connected on port 80 (HTTP) --> 199.7.71.190
Process avwebgrd.exe (3668) connected on port 80 (HTTP) --> 66.220.153.19
Process avwebgrd.exe (3668) connected on port 80 (HTTP) --> 66.102.13.139

Process svchost.exe (1172) listens on ports: 135 (RPC)
Process avmailc.exe (3628) listens on ports: 44110
Process avwebgrd.exe (3668) listens on ports: 44080

Autoruns and critical files
---------------------------
(unsigned) HWSetup C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe
(unsigned) Agere SoftModem Messaging Applet C:\WINDOWS\agrsmmsg.exe
(unsigned) CLIStart.exe C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
(unsigned) Drive Letter Access Component C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(unsigned) Intel® PROSet/Wireless C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(unsigned) Old McDonald C:\Program Files\Autorun Eater\oldmcdonald.exe
(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe
(unsigned) TDispVol C:\WINDOWS\system32\TDispVol.exe
(unsigned) TOSHIBA Control Utility Hotkey Hook C:\WINDOWS\system32\TCtrlIOHook.exe
(unsigned) TOSHIBA Power Saver C:\WINDOWS\system32\TPSMain.exe
(unsigned) TOSHIBA Virtual Sound C:\Program Files\Toshiba\Tvs\TvsTray.exe
(unsigned) TOSHIBA Zooming Utility Hotkey Hook C:\WINDOWS\system32\ZoomingHook.exe
(unsigned) Windows® Search C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
(unsigned) ZeroCfgSvc Application C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

(verified) AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe
(verified) AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
(verified) Dropbox C:\Documents and Settings\Dimitar\Application Data\Dropbox\bin\Dropbox.exe
(verified) Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft Office OneNote C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dumprep.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.exe
(verified) Samsung PC Studio C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(verified) Virtual CloneDrive C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
(unsigned) Drive Letter Access Component c:\windows\system32\dla\dlashx_w.dll
(unsigned) Java™ Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
(unsigned) nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
(verified) AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avsda.dll
(verified) BitDefender QuickScan C:\Documents and Settings\Dimitar\Application Data\Mozilla\Firefox\Profiles\gn54bkxe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Java Deployment Toolkit 6.0.240.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U24 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
(verified) Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Missing files
-------------
File not found: C:\DOCUME~1\Dimitar\LOCALS~1\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"

File not found: TFncKy.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"TFncKy"

Scan
----
(unsigned) MD5: 6d74290856347cf8682277a54b433d4b C:\Documents and Settings\Dimitar\Application Data\Dropbox\bin\DropboxExt.14.dll
(unsigned) MD5: b51d29a14b4edeb4ed0ad864a3ff9556 C:\Program Files\ATI Technologies\ATI.ACE\ACE.Graphics.DisplaysManager.Shared.dll
(unsigned) MD5: 535625ae679f3a34fb5c52ea25d409fa C:\Program Files\ATI Technologies\ATI.ACE\ACE.Graphics.VideoOverlay.Shared.dll
(unsigned) MD5: 71652ec3797708bc7d86674e4f26ec15 C:\Program Files\ATI Technologies\ATI.ACE\AEM.Foundation.dll
(unsigned) MD5: c6f64ae6f9f7de23ee538d5c80a5c362 C:\Program Files\ATI Technologies\ATI.ACE\APM.Foundation.dll
(unsigned) MD5: 649e3ab705eb0f3af213dcd4378515cf C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
(unsigned) MD5: fc94d575b91692432a1400f569a0f98b C:\Program Files\ATI Technologies\ATI.ACE\ATICCCom.dll
(unsigned) MD5: 3f13e6382e19bc6ccb575b9a3fc8a121 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.CustomFormats.Graphics.Shared.dll
(unsigned) MD5: 81ea618b1a70a4a0212d4443237cded0 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
(unsigned) MD5: c30c9641249230808b35b7a537eb5c0e C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
(unsigned) MD5: 7604c29d87e6623a75a442ba20e8465b C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
(unsigned) MD5: 108e8b72ac45ab0c8a1b60f17726bd4c C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Dashboard.dll
(unsigned) MD5: 8b99fd29efce26d4fc9bbb5dce21c0a5 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll
(unsigned) MD5: 16d3373fe82561c16b7c119686e66a3b C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Shared.dll
(unsigned) MD5: d497798a58b4cebe2d08df4ddce0c791 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
(unsigned) MD5: d1aaaeb020f91d4f8792ad1b66960a68 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
(unsigned) MD5: 814dbd4f4cf6a5743cb8333f93c44453 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Shared.dll
(unsigned) MD5: 2dea60777409cfb5482bd8629271ce0c C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Dashboard.dll
(unsigned) MD5: 94ef421839e2a03cead74e292bd07124 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Runtime.dll
(unsigned) MD5: 23a6396370dc9ea15c7038a8193cb375 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Shared.dll
(unsigned) MD5: 92ed1fcf9d6f1dd22aa4414c4cf40c2a C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
(unsigned) MD5: 8c2196e745a00bdee91cf9a3fec4f85f C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
(unsigned) MD5: 17ddb65dada10d778ff75c06fc749894 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
(unsigned) MD5: b787d01a905442c79e7076077310b290 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Dashboard.dll
(unsigned) MD5: a2bf15a7e0386e2a709fed92053cb52b C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll
(unsigned) MD5: 5754810dd0b2b2ad091801784d09db14 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Shared.dll
(unsigned) MD5: f6d23975c54c2450de9cb5a2dbe18270 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
(unsigned) MD5: f96cfa4d26de0ad8b832814efb2db983 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
(unsigned) MD5: 0267397f18a15c5952c2797c1dff6d09 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
(unsigned) MD5: 80a60eb9585a1ca46b1ee2065227cbdb C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Dashboard.dll
(unsigned) MD5: 77b40f3aa541bf4d73dc533ee53705de C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll
(unsigned) MD5: 2e1e7dafa74d129551c8a1b6cf445428 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Shared.dll
(unsigned) MD5: a87e956bc090f889920c521845a58a05 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
(unsigned) MD5: e51d8d9a362dcba4d10422763ae764cf C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty2.Graphics.Runtime.dll
(unsigned) MD5: beeadc2efdf152b8a519ed501d51721b C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty2.Graphics.Shared.dll
(unsigned) MD5: 0027f131b35c800268f7c2d39e9cf378 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
(unsigned) MD5: 8458a622db642374c1137d457bb423d3 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
(unsigned) MD5: 377894d74056c545f25188952e7113e7 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Shared.dll
(unsigned) MD5: 22e722d5636135ebd73043816f1adc27 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Dashboard.dll
(unsigned) MD5: 06509c06dc7126e8ce98bcf86ab6a5df C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Runtime.dll
(unsigned) MD5: 3f2d83fabf2550205b9884b6dc18e530 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Shared.dll
(unsigned) MD5: 7a8787e79eba29eeb50815a6dded364b C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Dashboard.dll
(unsigned) MD5: 7e0374e1cf75c04db6ed5d30405b790c C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Runtime.dll
(unsigned) MD5: c326b58a26a6e8e564b66762af14d7a5 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Shared.dll
(unsigned) MD5: a89f651efff0f0bc2fa8eb6ccb36ff6a C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
(unsigned) MD5: a8dd37f246549d39fe3cd6b42961e859 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
(unsigned) MD5: 94ff632d9867e739a676575dddefec77 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
(unsigned) MD5: 7df75df5a102322785d1e15eaf6128da C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
(unsigned) MD5: a7af6211140f5d099298a6778c5fc647 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
(unsigned) MD5: 15a49c6ca8cb95974cbdc59aeae99b02 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
(unsigned) MD5: 6596c86f80cbd2cf831383ca7210876d C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
(unsigned) MD5: fd20063e0e877bde6e90fa6d4070c042 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
(unsigned) MD5: 83eca7b46a22b6e6328baf67d3d9ba8b C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
(unsigned) MD5: f30af428e75be0c096883071536f64c2 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
(unsigned) MD5: da66d079892e678e29b87a00cfd34b61 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
(unsigned) MD5: f53d7142a810c8b4ccece284f0a4abf5 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Shared.dll
(unsigned) MD5: d534ee60ddef463f0631e24687cd3d8f C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll
(unsigned) MD5: 8cc30798b8e884adb12793d167fbf9aa C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll
(unsigned) MD5: d95d875405ba657a6c21be65aba589d1 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll
(unsigned) MD5: ed4fcf16ec2332c9f619a0ab011a2ce1 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
(unsigned) MD5: 7cac709b09f6d3c74b9c8f164701af08 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Runtime.dll
(unsigned) MD5: 65d39d2f8205f901dc8b1a43735cfd49 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Shared.dll
(unsigned) MD5: d25c66aa3f9558ac6d5e9860739492f7 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll
(unsigned) MD5: 78d533abfdddabd895f9af480c9b4a01 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Runtime.dll
(unsigned) MD5: 1649e7247d5644cc058ed101c917dc62 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Shared.dll
(unsigned) MD5: 8bb936b2d5afd664da461d9bf8498310 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll
(unsigned) MD5: d02e3ebb878f8f1824eb569d21dc5628 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll
(unsigned) MD5: d3d9693161a8eef2102b032d5669ea23 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
(unsigned) MD5: a11f495986e51cfa88971e16f9e828ea C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU3.Graphics.Dashboard.dll
(unsigned) MD5: 6faa53559d7c854cecddb8c5201edd99 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU3.Graphics.Runtime.dll
(unsigned) MD5: a32501fd4452f30235a3b82c99bc3b94 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU3.Graphics.Shared.dll
(unsigned) MD5: e2f7d4e682e76f619560dbb53fc2580e C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Dashboard.dll
(unsigned) MD5: f513faef18b15d2d757ebb5193d20825 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Runtime.dll
(unsigned) MD5: e5885921f1c3ba167e55ed06c9121bb3 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Shared.dll
(unsigned) MD5: cf32eb8bc9e5510a05ef06991bbbaf7f C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll
(unsigned) MD5: b0b1faa2ed3653d1a713708ad742d127 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Runtime.dll
(unsigned) MD5: b4605d6bce13294cbb614c76e7c8d2af C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Shared.dll
(unsigned) MD5: a457c63d247d34820a76dbb5bad90ef9 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
(unsigned) MD5: dbb7426cd02e570f31ad1ae2988b0f5c C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
(unsigned) MD5: 3c33b6903ec9749e20875bf87a2ab46c C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
(unsigned) MD5: b1e6cfcd08015f9529ed15bf78a53478 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
(unsigned) MD5: 598d53e784b421a7a009b262c685bbd1 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
(unsigned) MD5: b1e405d0706b464cd3e064fa770fe4c7 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Shared.dll
(unsigned) MD5: ad9316dec94f0a61fc58bf30c76ce2ff C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Dashboard.dll
(unsigned) MD5: 32cf656f9ee98067c89ba3d6d84efae2 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Runtime.dll
(unsigned) MD5: 601c6ecf58491e1190e9c2777421a733 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll
(unsigned) MD5: 23d65b9ecbec6e2bd345a266fe66d0ea C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Dashboard.dll
(unsigned) MD5: ce7513f24f292ae15f0c1fbd8bea755c C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Runtime.dll
(unsigned) MD5: cce066ea2f7db17b6dff7855adbaf3ec C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Shared.dll
(unsigned) MD5: 0454d3474ceaef74f8515a09a4e68377 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.dll
(unsigned) MD5: 6f16a3fbb5a53eb5da34de535e4eb765 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll
(unsigned) MD5: ced3de6514d23aca10a70111150c3d4e C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll
(unsigned) MD5: 352d9c2afc5d0f2bd0ddff772d2008d9 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Dashboard.dll
(unsigned) MD5: b15ac8eff4c37fb63bfac322467fbf72 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Runtime.dll
(unsigned) MD5: 8f64f1dbf00f1921a5d346bce4842cbe C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Shared.dll
(unsigned) MD5: afd39a5fcc1cc5d0d15bf661af87a85b C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
(unsigned) MD5: 883c78100b55be6e147965b867bff048 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Runtime.dll
(unsigned) MD5: bdf109a414da6bc415f8b13b88e5a18f C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Shared.dll
(unsigned) MD5: 9f5583d6bb822d8eaf7d713079c8834d C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Welcome.Local.Dashboard.dll
(unsigned) MD5: ad5fe2641e78e6dbe2cb2316cff4d375 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Dashboard.dll
(unsigned) MD5: fdad5f31a967d02403b1968dd919dadc C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll
(unsigned) MD5: 209cf6282c9966b2c0519898679614f6 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Shared.dll
(unsigned) MD5: 276157798465979c4dc9dd73427d8620 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Dashboard.dll
(unsigned) MD5: 913eca453286598ea9eb1b55695f8bf1 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Dashboard.Shared.dll
(unsigned) MD5: 9015e160e8374d913e4d6fe97cdf635d C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Runtime.dll
(unsigned) MD5: 7a7e20fbc4cc3fc28efa2cf05706c9f8 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Shared.dll
(unsigned) MD5: 97c440d1f464232ccffd6d14ab1250c0 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Local.Dashboard.dll
(unsigned) MD5: 1f06a5efbd98e9ed36c1c98f1e565a2a C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Dashboard.dll
(unsigned) MD5: a521968f2b77dc1474641bcee884d40e C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Dashboard.Shared.dll
(unsigned) MD5: 807ee1940331e57ea8c0bbe44ba1a23e C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Runtime.dll
(unsigned) MD5: 5f0b7c746935e585bb9abd0df20df600 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Runtime.Shared.dll
(unsigned) MD5: 69689864143e32edcec95972ba1a6066 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Systemtray.dll
(unsigned) MD5: 64c4c17bf6a40ff1cd21205e6fd415b8 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(unsigned) MD5: 64b6786ce471a956ed85560a70089f46 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.Clients.dll
(unsigned) MD5: c198ebf19b85f182f2515f4c926ef30e C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.dll
(unsigned) MD5: f9539ea5495deb9b133abb95461e7aaa C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.XManifestation.dll
(unsigned) MD5: 3677384cbbb3bcd75cfb371f0ac60303 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Implementation.dll
(unsigned) MD5: 0dc2e1b6951bd2170bc47f0eebf629b3 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
(unsigned) MD5: 32ce7014a0e11a2d04df69ca3ba8d6c8 C:\Program Files\ATI Technologies\ATI.ACE\DEM.Foundation.dll
(unsigned) MD5: b679aa0e8454a5076064140f33be11f6 C:\Program Files\ATI Technologies\ATI.ACE\DEM.Graphics.I0600.dll
(unsigned) MD5: 0fe7f3f2e86715b8b5551bea658bd1ca C:\Program Files\ATI Technologies\ATI.ACE\DEM.Graphics.I0601.dll
(unsigned) MD5: a6feb6cb256ec4ffeee749938c99c30f C:\Program Files\ATI Technologies\ATI.ACE\DEM.Graphics.I0602.dll
(unsigned) MD5: 963158ebb0701ec0e93e09cbb4b75c9e C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.dll
(unsigned) MD5: f03e9fac5fa6651cd089cde88a65f648 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.Service.dll
(unsigned) MD5: e7baa541793f289f71ab1e32d7bf9360 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.Shared.dll
(unsigned) MD5: c5f6eca94ad8cfd054f6d14f14972026 C:\Program Files\Autorun Eater\billy.exe
(unsigned) MD5: 175fb9a3eb526fcf2cb60cbc3132a8e5 C:\Program Files\Autorun Eater\oldmcdonald.exe
(unsigned) MD5: afff0fff53ae04747c340868ab1cfa27 C:\Program Files\Avira\AntiVir Desktop\aecore.dll
(unsigned) MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
(unsigned) MD5: 165152efdc31f4046ede52116e403107 C:\Program Files\Avira\AntiVir Desktop\aegen.dll
(unsigned) MD5: 3bcdffbf6f488524abb81c9af96ee18f C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
(unsigned) MD5: 418b956f43c79ebc54eca8bdd4db0fdc C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
(unsigned) MD5: 7895f6999c996ee096f04de0814c2012 C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
(unsigned) MD5: 7712b7fb8165d848139c48fcf49d0168 C:\Program Files\Avira\AntiVir Desktop\aepack.dll
(unsigned) MD5: d3e64adeecdd041171d9bd09f54cff04 C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
(unsigned) MD5: bd8e5b4b16db2a53709ea74df7b22282 C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
(unsigned) MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files\Avira\AntiVir Desktop\aescn.dll
(unsigned) MD5: 24357a599e9240d20bdc4a998317723f C:\Program Files\Avira\AntiVir Desktop\aescript.dll
(unsigned) MD5: 100caaf3542fb51feca9c09db1cb940d C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
(unsigned) MD5: 7c399e28351b9f2aa33dd38e5ebf8768 C:\Program Files\Avira\AntiVir Desktop\avbb.dll
(unsigned) MD5: c55ee924474044ca64b473b356e9d080 C:\Program Files\Avira\AntiVir Desktop\avesvc.dll
(unsigned) MD5: b0ab608bd39c43f9eb5a2fd033413f4e C:\Program Files\Avira\AntiVir Desktop\avesvcr.dll
(unsigned) MD5: ddf0d660e994d0bb912f37dca7afe8f7 C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
(unsigned) MD5: dc4075c135ef78f6bc8674bb4c87e0b5 C:\Program Files\Avira\AntiVir Desktop\avgio.dll
(unsigned) MD5: 92ea86876dfde3b9f6b4b6443c8b11fb C:\Program Files\Avira\AntiVir Desktop\avpref.dll
(unsigned) MD5: 7488bce9f9c852f0931d29b0d76292bd C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
(unsigned) MD5: e65e277c50bd5967b5e92c7744dba7bc C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
(unsigned) MD5: 4a389e3ca63076904f92a5bc2e26ba8b C:\Program Files\Avira\AntiVir Desktop\cchips.dll
(unsigned) MD5: 56c81a9e8aaa5b94a8ef843aba91e1d6 C:\Program Files\Avira\AntiVir Desktop\cchipsrc.dll
(unsigned) MD5: 54ceee9d7aa46f3311d247bf57bbee36 C:\Program Files\Avira\AntiVir Desktop\cclic.dll
(unsigned) MD5: 9a494e32aa9698276b96c7e317984fa5 C:\Program Files\Avira\AntiVir Desktop\ccmgrdrc.dll
(unsigned) MD5: 628e0789a288fd25043fcafa4975095d C:\Program Files\Avira\AntiVir Desktop\ccmguard.dll
(unsigned) MD5: 400ab97179f05ba68b755d8971f262f2 C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
(unsigned) MD5: 7d541c5e5cdfb46d68ac60012c5d7acd C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
(unsigned) MD5: fbaeb95721e7b68f99ba57fa347403bd C:\Program Files\Avira\AntiVir Desktop\ccwgrd.dll
(unsigned) MD5: 3a8bff8da4ef5270a862a8185bc08474 C:\Program Files\Avira\AntiVir Desktop\ccwgrdrc.dll
(unsigned) MD5: d41a02871f992a2c47b84a95c2a78b40 C:\Program Files\Avira\AntiVir Desktop\ccwgrdw.dll
(unsigned) MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
(unsigned) MD5: 92d9eb35797530fedc07b1d75533f68e C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll
(unsigned) MD5: aad3127fc972e58dfc16d77551f725c2 C:\Program Files\Avira\AntiVir Desktop\mgrs.dll
(unsigned) MD5: 2d9e95cceecd474bf14ff45f8bc5a3a7 C:\Program Files\Avira\AntiVir Desktop\msgclient.dll
(unsigned) MD5: b54557b71a82e1f9bc914991328cef16 C:\Program Files\Avira\AntiVir Desktop\onlcfg.dll
(unsigned) MD5: e3665ef40ea58e73aab881adc88277de C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
(unsigned) MD5: da45497b39126372eb76ecf7b3cdb3ca C:\Program Files\Avira\AntiVir Desktop\rctext.dll
(unsigned) MD5: 13a86ff71b5e57da8c9a6e2316ce1eaa C:\Program Files\Avira\AntiVir Desktop\schedr.dll
(unsigned) MD5: 902c61f27c86b4a0c0bff31f154ddbeb C:\Program Files\Avira\AntiVir Desktop\shlext.dll
(unsigned) MD5: 2e5c8f1b1dd462ed1fcc2fb1470efe1f C:\Program Files\Avira\AntiVir Desktop\webcat.dll
(unsigned) MD5: 332f6ef90e6e257a5f84272964c59746 C:\Program Files\Intel\Wireless\Bin\DbEngine.dll
(unsigned) MD5: 56ded3ade453272e6a0ad582d945d1a4 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(unsigned) MD5: 271d5498df24d11f01b2cc639ed6a4b1 C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll
(unsigned) MD5: d4830448b45cdd45f4285dc6e152764f C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(unsigned) MD5: 18697c1fdbe751ae52dd4edb3e9025f9 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
(unsigned) MD5: f5fcf2b4068dde641d16bf4b2e877c95 C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
(unsigned) MD5: 2ca3bda4edb557f8426ee46650d2c441 C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
(unsigned) MD5: d83c6b696759a652bc746d0158b3d216 C:\Program Files\Intel\Wireless\Bin\MurocApi.dll
(unsigned) MD5: 0ed8f17f620942be311d8c2eb4a688a1 C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll
(unsigned) MD5: 1175911e055430e3119f06812e1fa8b8 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
(unsigned) MD5: 1b2857ef12d79a9f9adba14b0637cbf8 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(unsigned) MD5: 6c5155cc0e805c7be6028bff7ac14524 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(unsigned) MD5: bc16f9aed00313e3b10db3ce9e713711 C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll
(unsigned) MD5: f9f696ab4f62d0281ed6380b50c0bdb0 C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll
(unsigned) MD5: 5a6acff04d39d4c16f1ff52682c3b1b0 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: 45bda3d349da131faf7192c3c6124d3b C:\Program Files\Mozilla Firefox\freebl3.dll
(unsigned) MD5: 3d92a3102a75d75cf165bb2503db2d05 C:\Program Files\Mozilla Firefox\nssdbm3.dll
(unsigned) MD5: 3e63bca6eea4153b32bd306997d8d622 C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
(unsigned) MD5: f390930555dcd84cd01bde169429a4a9 C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) MD5: 9fc405765fabe03d708ddd2909e6fc70 C:\Program Files\Mozilla Firefox\softokn3.dll
(unsigned) MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
(unsigned) MD5: a9701ab3582d15af6f92b97dd0163ab6 C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe
(unsigned) MD5: 7c1fd305fac8b3bc86e1a6ed9e847127 C:\Program Files\Toshiba\TOSHIBA Controls\TBtnCommon.dll
(unsigned) MD5: de7adba97297ab81c6e11652afffd674 C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
(unsigned) MD5: d9a30f42d5349b5e6135405612baf2fe C:\Program Files\Toshiba\Tvs\TvsCtrl.dll
(unsigned) MD5: 2b4ee75ab0687be296845947fbadcc76 C:\Program Files\Toshiba\Tvs\TvsRes.dll
(unsigned) MD5: a468117106c94701a3b55576192815d4 C:\Program Files\Toshiba\Tvs\TvsTray.exe
(unsigned) MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
(unsigned) MD5: f2b869d0b4b765f573bb7b7f80b09dc3 C:\WINDOWS\agrsmmsg.exe
(unsigned) MD5: bcf15390de7368639c593735bf938d7a C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
(unsigned) MD5: 7a9dfd6d5e2efca43ac1f231df2e1d96 C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
(unsigned) MD5: 1e1b73fc9c17effe04f5676a40c82026 C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
(unsigned) MD5: 92b3087160511dd201d493581566612c C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
(unsigned) MD5: 2814e9bdb75088c0b4cf6c1123f6ec8e C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
(unsigned) MD5: a5205b3af85b1477ab2c2a1e12201598 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
(unsigned) MD5: 9921697afaa1349535316a346d87bb78 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
(unsigned) MD5: 2fe965b4f059bc362b42b7f6555ea598 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_67f93f73\mscorlib.dll
(unsigned) MD5: 1d584ede05a8aa57661107ed5c1ad88d C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_980362a8\System.Drawing.dll
(unsigned) MD5: ad75f9fddfbfa43f3680864f4a0579af C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7860caf3\System.Windows.Forms.dll
(unsigned) MD5: 96ffd99fdbb1bdcf5e5da421673ab7da C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_fa61bbb2\System.Xml.dll
(unsigned) MD5: 9ff3ac3af80592ce8a0d3280707fd16b C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fe007f94\System.dll
(unsigned) MD5: 056e6bfd6314bbb84d5dfb1ca529cd60 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
(unsigned) MD5: 3c923e1911ced5802c3bdb9ce18f64da C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
(unsigned) MD5: 0a8d6fe9110a23a2e561dd570c3b0508 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
(unsigned) MD5: 2f67c092a56f2814be4c75ede8d1e176 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
(unsigned) MD5: 1a692dbdac7a578187e0a94a850a6240 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
(unsigned) MD5: 74d879f95a0249e7007f6d94bd069c32 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
(unsigned) MD5: 99ec655e7d79ff515991ff322f30cb70 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
(unsigned) MD5: 855b79451ecf62602f20eb4d5c71f99b C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
(unsigned) MD5: 880852917ab141a85618918f3dae4e91 C:\WINDOWS\system32\CpuPerf.dll
(unsigned) MD5: ee4325becef51b8c32b4329097e4f301 C:\WINDOWS\System32\DLA\DLABOIOM.SYS
(unsigned) MD5: aa193bbd6472e43de2c4e13e91b98c9f C:\WINDOWS\system32\DLA\DLACResW.DLL
(unsigned) MD5: e3a9c76ad9192c82f80326ecdda21c34 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(unsigned) MD5: 1e6c6597833a04c2157be7b39ea92ce1 C:\WINDOWS\System32\DLA\DLADResN.SYS
(unsigned) MD5: 752376e109a090970bfa9722f0f40b03 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
(unsigned) MD5: 62ee7902e74b90bf1ccc4643fc6c07a7 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
(unsigned) MD5: 5c220124c5afeaee84a9bb89d685c17b C:\WINDOWS\System32\DLA\DLAPoolM.SYS
(unsigned) MD5: 94d61fa6df58a22f139121b945d22083 c:\windows\system32\dla\dlashx_w.dll
(unsigned) MD5: 333b770e52d2cea7bd86391120466e43 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
(unsigned) MD5: 4ebb78d9bbf072119363b35b9b3e518f C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
(unsigned) MD5: 4c45075e9c876b290449172b6fa3e0cd C:\WINDOWS\system32\DLAAPI_W.DLL
(unsigned) MD5: 12dafd934641dcf61e446313bc261ec2 C:\WINDOWS\system32\drivers\AEGISP.sys
(unsigned) MD5: d979bebcf7edcc9c9ee1857d1a68c67b C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
(unsigned) MD5: 7ee0852ae8907689df25049dcd2342e8 C:\WINDOWS\system32\drivers\DLARTL_N.sys
(unsigned) MD5: fd0f95981fef9073659d8ec58e40aa3c C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
(unsigned) MD5: b4869d320428cdc5ec4d7f5e808e99b5 C:\WINDOWS\system32\drivers\DRVNDDM.sys
(unsigned) MD5: 34f0823be25aed4992fd9fcf587f50d5 C:\WINDOWS\system32\DRIVERS\hidusbf.sys
(unsigned) MD5: f59c3569a2f2c464bb78cb1bdcdca55e C:\WINDOWS\system32\drivers\iviaspi.sys
(unsigned) MD5: 444f122e68db44c0589227781f3c8b3f C:\WINDOWS\system32\drivers\pfc.sys
(unsigned) MD5: 86724469cd077901706854974cd13c3e C:\WINDOWS\System32\Drivers\PxHelp20.sys
(unsigned) MD5: 1cc074e0d48383d4e9bffc6a26c2a58a C:\WINDOWS\system32\drivers\S24TRANS.sys
(unsigned) MD5: 9a932560e9246b0d370fb97789bc0fd4 C:\WINDOWS\system32\DRIVERS\thpdrv.sys
(unsigned) MD5: cc069342ee0eae55b32a0ae99cf6185c C:\WINDOWS\system32\DRIVERS\tosrfec.sys
(unsigned) MD5: 9ffffb4c5b06c7b75e8159f1106006ac C:\WINDOWS\system32\drivers\TPWSAV.sys
(unsigned) MD5: 546dfba6486569120d33f7ad6e94efdd C:\WINDOWS\system32\DRIVERS\Tvs.sys
(unsigned) MD5: d69cc11e9f06bcd410d4df382a21229d C:\WINDOWS\system32\EBLib.DLL
(unsigned) MD5: cbe5f69a5e5b918225f420ba748f3742 C:\WINDOWS\system32\FsUsbExDisk.SYS
(unsigned) MD5: 6e914eedd145c5acce56f4d5f3d606fc C:\WINDOWS\system32\mssph.dll
(unsigned) MD5: 8bc8d3441885f83dc71384001a0a089d C:\WINDOWS\system32\TCtrlCommon.dll
(unsigned) MD5: 3bad22f4768496d374a85a081d5adb84 C:\WINDOWS\system32\TCtrlIO.dll
(unsigned) MD5: 59ae974cf396c857565831cb97c4845b C:\WINDOWS\system32\TCtrlIOHook.exe
(unsigned) MD5: 442fde6efe79b2d251ffa4e8e1c7462a C:\WINDOWS\system32\TDispVol.dll
(unsigned) MD5: 89467f297d9be0102521e1b3a1606deb C:\WINDOWS\system32\TDispVol.exe
(unsigned) MD5: 2eb9a6f37d51c0a8956f17cbb919b85e C:\WINDOWS\system32\TPeculiarity.dll
(unsigned) MD5: 2a0c4b4a8fad8d919e2884b8213f6a95 C:\WINDOWS\system32\TPSBattM.exe
(unsigned) MD5: b6c23e30595780fe0c2ad70a07e59e1c C:\WINDOWS\system32\TPSMain.exe
(unsigned) MD5: 266288face0600c00a4514b6dd8f09ca C:\WINDOWS\system32\TPSMainCtl.dll
(unsigned) MD5: 575c214c1eed1b03666b364ca1ada896 C:\WINDOWS\system32\TPSTrace.dll
(unsigned) MD5: b20e213e539de33789d812ba534af58b C:\WINDOWS\system32\TPwrCfg.dll
(unsigned) MD5: fc7bf280b4584b4ac2f644e0ae9861a3 C:\WINDOWS\system32\TPwrReg.dll
(unsigned) MD5: fd02f46a78c30f6cff37c7fe37a16cc5 C:\WINDOWS\system32\ZoomingHook.exe
(unsigned) MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll

The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_980362a8\System.Drawing.dll

Upload started - 1 file(s)
System.Drawing.dll (835584)
Upload speed - 56 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 16 sec
Total traffic - 0.88 MB sent, 2.16 KB recvd
Scanned 1595 files and modules - 56 seconds

==============================================================================

#10
RKinner

Posted 06 March 2011 - 01:36 PM

Malware Expert

Expert
24,625 posts

Rogue Killer just stopped the process. I expect when you reboot it will come back. The file still shows up in BitDefender's log.

I see you have changed Anti Viruses. Was Avira running when you tried to run GMER?

You have a strange DNS which comes up in google as "an IP Address managed by Mania 1 Mania 2 Mania 3 Mania 4 Gaming Clubs and located in Bulgaria."

Is that intentional? Normally when I see a DNS address that doesn't seem to match it is in the Ukraine or Russia and was put there by a hijacker.

Ron

#11
vorazechul

Posted 06 March 2011 - 01:53 PM

New Member

Topic Starter
Member
7 posts

Avira was not installed at the time I tried to Scan with Gmer. I had no Intivirus at the time.

As for the DNS, it is the right one. I am in the capital City of Bulgaria and the Mania clubs are owned by my Internet Provider. (unusual I guess

)

Edit:
I noticed my Profile options are set for Germany and fixed it right away. I do study in Germany and always set my options accordingly. Sorry for the confusion.

Dimitar

Edited by vorazechul, 06 March 2011 - 02:05 PM.

#12
RKinner

Posted 06 March 2011 - 02:05 PM

Malware Expert

Expert
24,625 posts

OK. Your profile said you were in Germany so I wanted to make sure.

I still don't know what RootRepeal found but it appears to be fairly common and benign so nothing to worry about. GMER is picky sometimes. We used to have everyone run it before posting but they stopped because too many were having problems with it.

If you don't have any other problems I think we are done.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You have the latest Java (Java™ 6 Update 24). But check that you do not have any older versions:

Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron

#13
vorazechul

Posted 06 March 2011 - 02:54 PM

New Member

Topic Starter
Member
7 posts

Thanks a lot for the help.

I followed your last instructions with an exception of the system restore cleanup (can't open the link).

One last question: What antivirus would you suggest? Are the tools you mentioned enough to keep me as safe as possible?

Dimitar

Edited by vorazechul, 06 March 2011 - 02:59 PM.

#14
RKinner

Posted 06 March 2011 - 04:23 PM

Malware Expert

Expert
24,625 posts

Sorry about the link.

http://aumha.net/vie...581099691bf108f

should work.

Avira is pretty good and some people on this forum like it better than Avast. I use Avast myself. They have just brought out version 6 and it is supposed to be even better than before. You might want to add a firewall. I like the free version of Online Armor.
http://www.online-armor.com/

Ron