Tech Support Forum - View Single Post

Ditrik · 06-28-2009, 03:01 PM

ComboFix 09-06-26.02 - d13k 28.06.2009 22:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1034 [GMT 2:00]
Running from: c:\documents and settings\d13k\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090627-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 02:34 . 2009-06-27 02:34 -------- d-----w- c:\documents and settings\d13k\Application Data\Publish Providers
2009-06-27 02:34 . 2009-06-27 06:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Sony
2009-06-27 02:34 . 2009-06-27 02:34 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Sony
2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\program files\Vstplugins
2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\program files\Sony
2009-06-27 02:07 . 2009-06-27 02:07 -------- d-----w- c:\program files\Sony Setup
2009-06-27 00:31 . 2009-06-27 00:31 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2009-06-27 00:31 . 2009-06-27 00:31 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2009-06-26 21:17 . 2009-06-26 21:17 -------- d-----w- c:\documents and settings\d13k\Application Data\Winamp
2009-06-26 21:17 . 2009-06-26 21:17 -------- d-----w- c:\program files\Winamp
2009-06-26 21:11 . 2009-06-26 21:11 -------- d-----w- c:\program files\Secunia
2009-06-26 21:06 . 2009-06-26 21:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-06-26 21:06 . 2009-06-26 21:06 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-06-26 21:00 . 2009-06-26 21:00 -------- d-----w- c:\program files\TightVNC
2009-06-26 20:52 . 2009-06-26 20:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys
2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys
2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys
2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys
2009-06-26 20:42 . 2004-10-15 16:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys
2009-06-26 20:42 . 2004-10-15 16:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2009-06-26 20:42 . 2004-10-15 16:32 83096 ----a-w- c:\windows\system32\SSSensor.dll
2009-06-26 20:42 . 2009-06-26 20:42 -------- d-----w- c:\program files\Sygate
2009-06-26 20:16 . 2009-06-26 20:16 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-26 06:28 . 2009-06-26 06:28 -------- d-----w- c:\program files\CrossLoop
2009-06-26 05:47 . 2009-06-26 05:47 -------- d-----w- c:\program files\Ventrilo
2009-06-26 05:47 . 2009-06-26 20:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-24 21:56 . 2007-09-28 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-06-22 23:57 . 2009-06-25 00:16 -------- d-----w- c:\documents and settings\d13k\Application Data\TypingMaster7
2009-06-22 23:57 . 2009-06-25 02:08 -------- d-----r- c:\program files\TypingMaster
2009-06-21 21:35 . 2009-06-21 21:36 -------- d-----w- c:\program files\ACW
2009-06-21 03:48 . 2009-06-21 03:48 34062 ----a-w- c:\documents and settings\d13k\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-21 03:03 . 2009-06-21 03:03 -------- d-----w- c:\program files\NetLimiter 2 Pro
2009-06-21 02:53 . 2009-06-21 02:53 -------- d-----w- c:\documents and settings\d13k\Application Data\Locktime
2009-06-21 02:52 . 2009-06-21 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2009-06-21 02:04 . 2009-06-21 03:54 -------- d-----w- c:\documents and settings\d13k\Application Data\Move Networks
2009-06-21 02:04 . 2009-03-09 09:34 971776 -c--a-w- c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
2009-06-21 01:59 . 2009-06-21 01:59 -------- d-----w- C:\Hotspot Shield
2009-06-19 23:16 . 2009-06-19 23:16 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-19 23:16 . 2009-06-19 23:16 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-19 23:16 . 2009-06-19 23:16 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-19 23:16 . 2009-06-19 23:16 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-19 23:16 . 2009-06-19 23:16 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-19 23:16 . 2009-06-19 23:16 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-19 23:16 . 2009-06-19 23:16 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-19 23:16 . 2009-06-19 23:16 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-19 23:16 . 2009-06-19 23:16 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-19 23:16 . 2009-06-19 23:16 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-19 23:16 . 2009-06-19 23:16 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-19 23:15 . 2009-06-19 23:15 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-19 23:15 . 2009-06-19 23:15 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-19 23:15 . 2009-06-19 23:15 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-18 01:58 . 2009-06-18 01:58 -------- d-sh--w- c:\documents and settings\d13k\IECompatCache
2009-06-18 01:57 . 2009-06-18 01:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-18 01:56 . 2009-06-18 01:56 -------- d-sh--w- c:\documents and settings\d13k\PrivacIE
2009-06-18 01:50 . 2009-06-18 01:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-18 01:46 . 2009-06-18 01:46 -------- d-sh--w- c:\documents and settings\d13k\IETldCache
2009-06-18 00:08 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-18 00:08 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 00:08 . 2009-06-18 00:08 -------- d-----w- c:\windows\ie8updates
2009-06-18 00:08 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-18 00:05 . 2009-06-18 00:08 -------- dc-h--w- c:\windows\ie8
2009-06-18 00:01 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-17 23:10 . 2009-06-17 23:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-17 23:09 . 2009-06-26 21:38 -------- d-----w- c:\windows\Internet Logs
2009-06-17 22:45 . 2009-06-17 23:16 -------- d-----w- c:\documents and settings\d13k\Application Data\Comodo
2009-06-17 13:57 . 2009-02-11 23:00 36352 ------w- C:\WGASetup.exe
2009-06-17 13:37 . 2009-06-17 13:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 13:37 . 2009-06-17 13:37 152576 ----a-w- c:\documents and settings\d13k\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-17 13:00 . 2009-06-27 23:28 -------- d-----w- c:\program files\Trillian
2009-06-17 12:51 . 2009-06-17 12:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-17 12:51 . 2009-06-17 12:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-17 12:50 . 2009-06-17 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-17 12:49 . 2009-06-17 12:49 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-17 12:49 . 2009-06-17 14:26 -------- d-----w- c:\program files\McAfee
2009-06-17 12:49 . 2009-06-17 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-17 09:34 . 2009-06-17 09:35 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Hotspot_Shield
2009-06-17 08:16 . 2009-06-17 09:18 -------- d-----w- c:\windows\BDOSCAN8
2009-06-17 04:29 . 2009-06-17 04:29 -------- d--h--w- c:\windows\PIF
2009-06-17 04:17 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-17 04:17 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-17 04:17 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-17 04:10 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-17 04:09 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-15 19:02 . 2009-06-15 19:02 1878984 ----a-w- c:\documents and settings\d13k\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-15 18:48 . 2009-01-04 10:35 31232 ----a-w- c:\windows\system\vdremote.dll
2009-06-15 18:48 . 2009-01-04 10:35 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-06-13 04:51 . 2009-06-13 04:51 -------- d-----w- c:\program files\File Shredder
2009-06-13 00:46 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-13 00:46 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-13 00:46 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-13 00:45 . 2009-02-05 20:04 97480 ------w- c:\windows\system32\AvastSS.scr
2009-06-13 00:45 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-13 00:45 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-13 00:45 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-13 00:45 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-13 00:44 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-13 00:44 . 2009-06-13 00:44 -------- d-----w- c:\program files\Alwil Software
2009-06-12 23:36 . 2009-06-12 23:36 37440 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2009-06-12 23:20 . 2009-06-12 23:15 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-12 23:15 . 2009-06-12 23:15 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-12 23:15 . 2009-06-12 23:15 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-12 23:15 . 2009-06-12 23:15 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-12 23:15 . 2009-06-12 23:15 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-12 23:15 . 2009-06-12 23:15 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-12 23:15 . 2009-06-12 23:15 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-12 23:12 . 2009-06-12 23:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-12 23:12 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-12 23:12 . 2009-06-12 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-12 23:12 . 2009-06-12 23:12 -------- d-----w- c:\program files\Lavasoft
2009-06-12 23:08 . 2009-06-12 23:08 -------- d-----w- c:\program files\Trend Micro
2009-06-12 22:50 . 2009-06-12 22:50 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Tenable
2009-06-12 22:50 . 2009-06-17 09:31 -------- d-----w- c:\program files\Tenable
2009-06-12 22:50 . 2009-06-17 09:23 -------- d-----w- c:\documents and settings\d13k\Application Data\MailWasherFree
2009-06-11 22:50 . 2009-06-28 03:42 -------- d-----w- c:\documents and settings\d13k\Application Data\mIRC
2009-06-11 22:50 . 2009-06-28 01:45 -------- d-----w- c:\program files\mIRC
2009-06-11 01:33 . 2009-06-11 22:49 -------- d-----w- c:\documents and settings\d13k\Application Data\X-Chat 2
2009-06-10 05:31 . 2009-06-10 05:31 -------- d-----w- c:\documents and settings\d13k\Application Data\KeePass
2009-06-10 03:44 . 2009-06-10 03:44 -------- d-----w- c:\program files\KeePass Password Safe 2
2009-06-01 18:13 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 20:36 . 2008-12-21 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 01:08 . 2008-06-29 09:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 02:41 . 2008-07-06 12:17 169936 -c--a-w- c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\FlashGot.exe
2009-06-26 21:48 . 2008-12-21 10:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-26 21:02 . 2008-09-28 11:33 -------- d-----w- c:\program files\Java
2009-06-26 20:54 . 2009-02-18 16:36 -------- d-----w- c:\program files\DivX
2009-06-26 05:48 . 2008-07-02 14:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Ventrilo
2009-06-25 18:43 . 2008-06-29 09:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-24 23:55 . 2008-06-29 10:43 -------- d-----w- c:\documents and settings\d13k\Application Data\uTorrent
2009-06-24 22:00 . 2008-07-01 12:56 -------- d-----w- c:\program files\MultiRes
2009-06-24 21:33 . 2009-06-20 10:37 2103664 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-06-24 21:18 . 2008-06-29 10:27 -------- d-----w- c:\documents and settings\d13k\Application Data\DMCache
2009-06-21 01:59 . 2008-07-28 22:39 -------- d-----w- c:\program files\Hotspot Shield
2009-06-18 01:47 . 2008-10-02 09:33 42952 -c--a-w- c:\documents and settings\d13k\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 01:46 . 2008-07-05 22:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-18 00:39 . 2009-05-11 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-18 00:35 . 2009-05-11 14:56 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-17 14:17 . 2009-05-11 14:51 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-06-17 14:17 . 2009-05-11 14:50 2060128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-17 13:36 . 2008-06-29 10:05 -------- d-----w- c:\program files\Opera
2009-06-17 13:19 . 2008-07-02 17:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Any Video Converter Professional
2009-06-17 13:13 . 2009-05-10 10:57 -------- d-----w- c:\program files\LSoft Technologies
2009-06-17 09:40 . 2008-06-29 09:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 09:26 . 2008-06-29 09:52 -------- d-----w- c:\program files\SpeedFan
2009-06-17 09:22 . 2008-07-01 02:15 -------- d-----w- c:\program files\Windows Live
2009-05-13 05:15 . 2008-04-14 11:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 00:55 . 2009-05-12 00:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Vodafone
2009-05-11 19:43 . 2009-05-11 19:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-11 19:39 . 2009-05-11 19:39 -------- d-----w- c:\program files\Lavalys
2009-05-11 15:03 . 2009-05-11 15:03 -------- d-----w- c:\program files\Business Objects
2009-05-11 15:03 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-05-11 14:59 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft.NET
2009-05-11 14:58 . 2009-05-11 14:58 -------- d-----w- c:\program files\MSXML 6.0
2009-05-11 14:56 . 2009-05-11 14:56 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-05-11 14:55 . 2009-05-11 14:54 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-11 14:46 . 2009-05-11 14:39 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-05-11 14:46 . 2009-05-11 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-05-11 14:42 . 2009-05-11 14:39 -------- d-----w- c:\program files\HTML Help Workshop
2009-05-11 14:42 . 2009-01-17 12:16 -------- d-----w- c:\program files\MSBuild
2009-05-11 14:39 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft SDKs
2009-05-11 14:39 . 2009-05-11 14:39 -------- d-----w- c:\program files\CE Remote Tools
2009-05-11 14:37 . 2009-05-11 14:37 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-05-11 14:36 . 2009-05-11 14:36 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-05-09 20:20 . 2008-07-16 08:35 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-09 19:35 . 2008-10-14 13:57 -------- d-----w- c:\program files\Last.fm
2009-05-07 15:32 . 2008-04-14 11:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 04:55 . 2009-04-29 04:55 78336 -c----w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2008-04-14 07:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 11:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-26_20.13.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-01 22:46 . 2006-12-01 22:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-01 20:56 . 2006-12-01 20:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-06-28 08:40 . 2009-06-28 08:40 16384 c:\windows\Temp\Perflib_Perfdata_cf0.dat
+ 2009-06-27 02:21 . 2009-06-27 02:21 16384 c:\windows\Temp\Perflib_Perfdata_914.dat
+ 2009-06-27 02:21 . 2009-06-27 02:21 16384 c:\windows\Temp\Perflib_Perfdata_4dc.dat
+ 2004-10-15 16:31 . 2004-10-15 16:31 99480 c:\windows\system32\FwsVpn.dll
+ 2009-06-26 20:16 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-26 20:16 . 2008-04-14 06:09 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-26 20:16 . 2008-04-14 06:23 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-26 20:16 . 2008-04-14 11:42 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangNL.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 77824 c:\windows\system32\CddbLangJA.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangFR.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangES.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangDE.dll
+ 2009-06-27 02:12 . 2009-06-27 02:12 44544 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop\6392b0c72d93a59cbe2605f1b882d224\Interop.ni.dll
+ 2009-06-27 02:12 . 2009-06-27 02:12 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\ControlLibrary\8085252984088c3826175969ae0b1215\ControlLibrary.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\f53a41f79fd93e6057fc4d6965cac88c\AjaVideoProperties.ni.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 4608 c:\windows\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe
+ 2004-10-15 16:31 . 2004-10-15 16:31 218264 c:\windows\system32\SetAid.dll
+ 2006-09-28 17:53 . 2006-09-28 17:53 344064 c:\windows\system32\msvcr70.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-26 20:16 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-26 20:16 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-26 20:16 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-26 20:16 . 2008-04-14 06:50 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-26 20:16 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-26 20:16 . 2008-04-14 11:41 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-26 20:16 . 2008-04-14 11:41 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 765952 c:\windows\system32\CDDBUI.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 102400 c:\windows\system32\CddbLangIT.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 655360 c:\windows\system32\CDDBControl.dll
- 2009-06-25 18:43 . 2009-06-25 18:43 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2009-06-25 18:43 . 2009-06-26 20:46 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2007-01-23 09:39 . 2007-01-23 09:39 443904 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\JP2KLib.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 928256 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\14f3926cd23611c5ee50819cdef56df9\Sony.Vegas.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 222208 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\95f9e07aca9fe9ca7b138976894b3261\Sony.Vegas.NetRender.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 279040 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\1669a9667b4dc342ab9a3b7cccf874b0\Sony.MediaSoftware.ExternalVideoDevice.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 646656 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Capture\5c98cf2f090f41c6b67066e1b2948653\Sony.Capture.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI\00f6d4232292da2f1b8925d9af870429\CoreUI.ni.dll
+ 2009-06-27 02:12 . 2009-06-27 02:12 818688 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\521842417f41e7b3a50db407f2d8901b\CoreUI.XmlSerializers.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 119808 c:\windows\assembly\NativeImages_v2.0.50727_32\CorePrimitives\f539d0de49ce0f337feba637092406dd\CorePrimitives.ni.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-26 20:16 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-26 20:16 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-27 02:12 . 2009-06-27 02:12 1379328 c:\windows\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\c5bee45106539d11355b8098284b04d0\WidgetLibrary.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 1538048 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics\985753dc22f5138eaf89d037ac628a40\CoreGraphics.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 1180672 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\7d012cfa378ee80fdddc6da2cee32c93\CoreGraphics.XmlSerializers.ni.dll
+ 2008-10-14 22:42 . 2008-10-14 22:42 13219184 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-06-21 01:59 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\d13k\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]
Secunia PSI.lnk.disabled [2009-6-26 720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^d13k^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\d13k\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\d13k\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.6.2009 1:15 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13.6.2009 2:45 114768]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1.7.2008 14:56 17952]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [1.7.2008 20:49 14464]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.6.2009 2:45 20560]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [1.6.2009 20:13 331312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [17.6.2009 14:49 210216]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.3.2008 19:08 24576]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [1.6.2009 20:13 33840]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1003344]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [1.6.2009 20:58 34352]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [13.6.2009 1:36 37440]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [4.9.2007 16:53 55664]

--- Other Services/Drivers In Memory ---

*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:16]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-515967899-1417001333-1003.job
- c:\documents and settings\d13k\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 12:41]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{FE68E7CD-C90F-47E8-91FC-4A73093135E5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
MSConfigStartUp-CTFMON - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: {D19B6B02-E641-41D5-B538-78807C785C5D} = 193.198.184.140 193.198.184.130
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F}
FF - ProfilePath - c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\d13k\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\d13k\Local Settings\Application Data\Google\Update\1.2.145.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 22:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):64,c6,36,a5,3f,97,a2,c6,8f,1b,57,50,fc,4b,b8,f9,f8,69,b1,4b,31,
37,d7,42,50,49,c4,56,63,e6,96,df,e2,d4,a1,e5,43,5c,e6,d8,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9ab88e38-ba76-4928-a4a8-82c66801da14}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:00000011
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,0f,41,34,5e,b6,6f,99,5a,44,5a,0f,05,15,47,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(372)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-28 22:43
ComboFix-quarantined-files.txt 2009-06-28 20:43
ComboFix2.txt 2009-06-26 20:18

Pre-Run: 58.773.876.736 bytes free
Post-Run: 58.777.763.840 bytes free

395 --- E O F --- 2009-06-18 18:42

06-28-2009, 03:01 PM	#6 (permalink)
Ditrik Registered User Join Date: Jun 2009 Posts: 6 OS: XP SP3	Re: Possible malware infection ComboFix 09-06-26.02 - d13k 28.06.2009 22:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1034 [GMT 2:00] Running from: c:\documents and settings\d13k\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090627-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Sygate Personal Firewall disabled {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))) . 2009-06-27 02:34 . 2009-06-27 02:34 -------- d-----w- c:\documents and settings\d13k\Application Data\Publish Providers 2009-06-27 02:34 . 2009-06-27 06:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Sony 2009-06-27 02:34 . 2009-06-27 02:34 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Sony 2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\program files\Vstplugins 2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\program files\Sony 2009-06-27 02:07 . 2009-06-27 02:07 -------- d-----w- c:\program files\Sony Setup 2009-06-27 00:31 . 2009-06-27 00:31 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2009-06-27 00:31 . 2009-06-27 00:31 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache 2009-06-26 21:17 . 2009-06-26 21:17 -------- d-----w- c:\documents and settings\d13k\Application Data\Winamp 2009-06-26 21:17 . 2009-06-26 21:17 -------- d-----w- c:\program files\Winamp 2009-06-26 21:11 . 2009-06-26 21:11 -------- d-----w- c:\program files\Secunia 2009-06-26 21:06 . 2009-06-26 21:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2009-06-26 21:06 . 2009-06-26 21:06 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache 2009-06-26 21:00 . 2009-06-26 21:00 -------- d-----w- c:\program files\TightVNC 2009-06-26 20:52 . 2009-06-26 20:53 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys 2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys 2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys 2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys 2009-06-26 20:42 . 2004-10-15 16:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys 2009-06-26 20:42 . 2004-10-15 16:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys 2009-06-26 20:42 . 2004-10-15 16:32 83096 ----a-w- c:\windows\system32\SSSensor.dll 2009-06-26 20:42 . 2009-06-26 20:42 -------- d-----w- c:\program files\Sygate 2009-06-26 20:16 . 2009-06-26 20:16 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-26 06:28 . 2009-06-26 06:28 -------- d-----w- c:\program files\CrossLoop 2009-06-26 05:47 . 2009-06-26 05:47 -------- d-----w- c:\program files\Ventrilo 2009-06-26 05:47 . 2009-06-26 20:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-24 21:56 . 2007-09-28 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe 2009-06-22 23:57 . 2009-06-25 00:16 -------- d-----w- c:\documents and settings\d13k\Application Data\TypingMaster7 2009-06-22 23:57 . 2009-06-25 02:08 -------- d-----r- c:\program files\TypingMaster 2009-06-21 21:35 . 2009-06-21 21:36 -------- d-----w- c:\program files\ACW 2009-06-21 03:48 . 2009-06-21 03:48 34062 ----a-w- c:\documents and settings\d13k\Application Data\Move Networks\ie_bin\Uninst.exe 2009-06-21 03:03 . 2009-06-21 03:03 -------- d-----w- c:\program files\NetLimiter 2 Pro 2009-06-21 02:53 . 2009-06-21 02:53 -------- d-----w- c:\documents and settings\d13k\Application Data\Locktime 2009-06-21 02:52 . 2009-06-21 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime 2009-06-21 02:04 . 2009-06-21 03:54 -------- d-----w- c:\documents and settings\d13k\Application Data\Move Networks 2009-06-21 02:04 . 2009-03-09 09:34 971776 -c--a-w- c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll 2009-06-21 01:59 . 2009-06-21 01:59 -------- d-----w- C:\Hotspot Shield 2009-06-19 23:16 . 2009-06-19 23:16 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-19 23:16 . 2009-06-19 23:16 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-06-19 23:16 . 2009-06-19 23:16 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-06-19 23:16 . 2009-06-19 23:16 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-06-19 23:16 . 2009-06-19 23:16 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-06-19 23:16 . 2009-06-19 23:16 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-06-19 23:16 . 2009-06-19 23:16 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-06-19 23:16 . 2009-06-19 23:16 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-06-19 23:16 . 2009-06-19 23:16 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-19 23:16 . 2009-06-19 23:16 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-19 23:16 . 2009-06-19 23:16 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-19 23:15 . 2009-06-19 23:15 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-19 23:15 . 2009-06-19 23:15 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-19 23:15 . 2009-06-19 23:15 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-06-18 01:58 . 2009-06-18 01:58 -------- d-sh--w- c:\documents and settings\d13k\IECompatCache 2009-06-18 01:57 . 2009-06-18 01:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-18 01:56 . 2009-06-18 01:56 -------- d-sh--w- c:\documents and settings\d13k\PrivacIE 2009-06-18 01:50 . 2009-06-18 01:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-06-18 01:46 . 2009-06-18 01:46 -------- d-sh--w- c:\documents and settings\d13k\IETldCache 2009-06-18 00:08 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-18 00:08 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-18 00:08 . 2009-06-18 00:08 -------- d-----w- c:\windows\ie8updates 2009-06-18 00:08 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-18 00:05 . 2009-06-18 00:08 -------- dc-h--w- c:\windows\ie8 2009-06-18 00:01 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-06-17 23:10 . 2009-06-17 23:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-06-17 23:09 . 2009-06-26 21:38 -------- d-----w- c:\windows\Internet Logs 2009-06-17 22:45 . 2009-06-17 23:16 -------- d-----w- c:\documents and settings\d13k\Application Data\Comodo 2009-06-17 13:57 . 2009-02-11 23:00 36352 ------w- C:\WGASetup.exe 2009-06-17 13:37 . 2009-06-17 13:37 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-17 13:37 . 2009-06-17 13:37 152576 ----a-w- c:\documents and settings\d13k\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-17 13:00 . 2009-06-27 23:28 -------- d-----w- c:\program files\Trillian 2009-06-17 12:51 . 2009-06-17 12:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-17 12:51 . 2009-06-17 12:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-17 12:50 . 2009-06-17 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-06-17 12:49 . 2009-06-17 12:49 -------- d-----w- c:\program files\Common Files\McAfee 2009-06-17 12:49 . 2009-06-17 14:26 -------- d-----w- c:\program files\McAfee 2009-06-17 12:49 . 2009-06-17 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys 2009-06-17 09:34 . 2009-06-17 09:35 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Hotspot_Shield 2009-06-17 08:16 . 2009-06-17 09:18 -------- d-----w- c:\windows\BDOSCAN8 2009-06-17 04:29 . 2009-06-17 04:29 -------- d--h--w- c:\windows\PIF 2009-06-17 04:17 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-06-17 04:17 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-06-17 04:17 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-06-17 04:10 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-06-17 04:09 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-06-15 19:02 . 2009-06-15 19:02 1878984 ----a-w- c:\documents and settings\d13k\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-06-15 18:48 . 2009-01-04 10:35 31232 ----a-w- c:\windows\system\vdremote.dll 2009-06-15 18:48 . 2009-01-04 10:35 25088 ----a-w- c:\windows\system\vdsvrlnk.dll 2009-06-13 04:51 . 2009-06-13 04:51 -------- d-----w- c:\program files\File Shredder 2009-06-13 00:46 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-06-13 00:46 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-06-13 00:46 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-06-13 00:45 . 2009-02-05 20:04 97480 ------w- c:\windows\system32\AvastSS.scr 2009-06-13 00:45 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-06-13 00:45 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-06-13 00:45 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-06-13 00:45 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-06-13 00:44 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-06-13 00:44 . 2009-06-13 00:44 -------- d-----w- c:\program files\Alwil Software 2009-06-12 23:36 . 2009-06-12 23:36 37440 ----a-w- c:\windows\system32\drivers\pssdk41.sys 2009-06-12 23:20 . 2009-06-12 23:15 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-12 23:15 . 2009-06-12 23:15 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-06-12 23:15 . 2009-06-12 23:15 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-06-12 23:15 . 2009-06-12 23:15 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-06-12 23:15 . 2009-06-12 23:15 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-06-12 23:15 . 2009-06-12 23:15 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-06-12 23:15 . 2009-06-12 23:15 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-06-12 23:12 . 2009-06-12 23:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-12 23:12 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-06-12 23:12 . 2009-06-12 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-12 23:12 . 2009-06-12 23:12 -------- d-----w- c:\program files\Lavasoft 2009-06-12 23:08 . 2009-06-12 23:08 -------- d-----w- c:\program files\Trend Micro 2009-06-12 22:50 . 2009-06-12 22:50 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Tenable 2009-06-12 22:50 . 2009-06-17 09:31 -------- d-----w- c:\program files\Tenable 2009-06-12 22:50 . 2009-06-17 09:23 -------- d-----w- c:\documents and settings\d13k\Application Data\MailWasherFree 2009-06-11 22:50 . 2009-06-28 03:42 -------- d-----w- c:\documents and settings\d13k\Application Data\mIRC 2009-06-11 22:50 . 2009-06-28 01:45 -------- d-----w- c:\program files\mIRC 2009-06-11 01:33 . 2009-06-11 22:49 -------- d-----w- c:\documents and settings\d13k\Application Data\X-Chat 2 2009-06-10 05:31 . 2009-06-10 05:31 -------- d-----w- c:\documents and settings\d13k\Application Data\KeePass 2009-06-10 03:44 . 2009-06-10 03:44 -------- d-----w- c:\program files\KeePass Password Safe 2 2009-06-01 18:13 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 20:36 . 2008-12-21 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-28 01:08 . 2008-06-29 09:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-27 02:41 . 2008-07-06 12:17 169936 -c--a-w- c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\FlashGot.exe 2009-06-26 21:48 . 2008-12-21 10:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-26 21:02 . 2008-09-28 11:33 -------- d-----w- c:\program files\Java 2009-06-26 20:54 . 2009-02-18 16:36 -------- d-----w- c:\program files\DivX 2009-06-26 05:48 . 2008-07-02 14:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Ventrilo 2009-06-25 18:43 . 2008-06-29 09:53 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-24 23:55 . 2008-06-29 10:43 -------- d-----w- c:\documents and settings\d13k\Application Data\uTorrent 2009-06-24 22:00 . 2008-07-01 12:56 -------- d-----w- c:\program files\MultiRes 2009-06-24 21:33 . 2009-06-20 10:37 2103664 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-06-24 21:18 . 2008-06-29 10:27 -------- d-----w- c:\documents and settings\d13k\Application Data\DMCache 2009-06-21 01:59 . 2008-07-28 22:39 -------- d-----w- c:\program files\Hotspot Shield 2009-06-18 01:47 . 2008-10-02 09:33 42952 -c--a-w- c:\documents and settings\d13k\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-18 01:46 . 2008-07-05 22:09 -------- d-----w- c:\program files\Microsoft Silverlight 2009-06-18 00:39 . 2009-05-11 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-18 00:35 . 2009-05-11 14:56 -------- d-----w- c:\program files\Microsoft SQL Server 2009-06-17 14:17 . 2009-05-11 14:51 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll 2009-06-17 14:17 . 2009-05-11 14:50 2060128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll 2009-06-17 13:36 . 2008-06-29 10:05 -------- d-----w- c:\program files\Opera 2009-06-17 13:19 . 2008-07-02 17:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Any Video Converter Professional 2009-06-17 13:13 . 2009-05-10 10:57 -------- d-----w- c:\program files\LSoft Technologies 2009-06-17 09:40 . 2008-06-29 09:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-17 09:26 . 2008-06-29 09:52 -------- d-----w- c:\program files\SpeedFan 2009-06-17 09:22 . 2008-07-01 02:15 -------- d-----w- c:\program files\Windows Live 2009-05-13 05:15 . 2008-04-14 11:42 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 00:55 . 2009-05-12 00:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Vodafone 2009-05-11 19:43 . 2009-05-11 19:43 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-05-11 19:39 . 2009-05-11 19:39 -------- d-----w- c:\program files\Lavalys 2009-05-11 15:03 . 2009-05-11 15:03 -------- d-----w- c:\program files\Business Objects 2009-05-11 15:03 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2009-05-11 14:59 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft.NET 2009-05-11 14:58 . 2009-05-11 14:58 -------- d-----w- c:\program files\MSXML 6.0 2009-05-11 14:56 . 2009-05-11 14:56 -------- d-----w- c:\program files\Microsoft Device Emulator 2009-05-11 14:55 . 2009-05-11 14:54 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2 2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\program files\Microsoft Synchronization Services 2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-05-11 14:46 . 2009-05-11 14:39 -------- d-----w- c:\program files\Common Files\Merge Modules 2009-05-11 14:46 . 2009-05-11 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions 2009-05-11 14:42 . 2009-05-11 14:39 -------- d-----w- c:\program files\HTML Help Workshop 2009-05-11 14:42 . 2009-01-17 12:16 -------- d-----w- c:\program files\MSBuild 2009-05-11 14:39 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft SDKs 2009-05-11 14:39 . 2009-05-11 14:39 -------- d-----w- c:\program files\CE Remote Tools 2009-05-11 14:37 . 2009-05-11 14:37 -------- d-----w- c:\program files\Microsoft Web Designer Tools 2009-05-11 14:36 . 2009-05-11 14:36 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2009-05-09 20:20 . 2008-07-16 08:35 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-05-09 19:35 . 2008-10-14 13:57 -------- d-----w- c:\program files\Last.fm 2009-05-07 15:32 . 2008-04-14 11:41 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-29 04:55 . 2009-04-29 04:55 78336 -c----w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2008-04-14 07:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2008-04-14 11:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-26_20.13.05 ))))))))))))))))))))))))))))))))))))))))) . + 2006-12-01 22:46 . 2006-12-01 22:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll + 2006-12-01 20:56 . 2006-12-01 20:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2009-06-28 08:40 . 2009-06-28 08:40 16384 c:\windows\Temp\Perflib_Perfdata_cf0.dat + 2009-06-27 02:21 . 2009-06-27 02:21 16384 c:\windows\Temp\Perflib_Perfdata_914.dat + 2009-06-27 02:21 . 2009-06-27 02:21 16384 c:\windows\Temp\Perflib_Perfdata_4dc.dat + 2004-10-15 16:31 . 2004-10-15 16:31 99480 c:\windows\system32\FwsVpn.dll + 2009-06-26 20:16 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe + 2009-06-26 20:16 . 2008-04-14 11:42 82432 c:\windows\system32\dllcache\cache\ws2_32.dll + 2009-06-26 20:16 . 2008-04-14 11:42 26112 c:\windows\system32\dllcache\cache\userinit.exe + 2009-06-26 20:16 . 2008-04-14 11:42 14336 c:\windows\system32\dllcache\cache\svchost.exe + 2009-06-26 20:16 . 2008-04-14 11:42 57856 c:\windows\system32\dllcache\cache\spoolsv.exe + 2009-06-26 20:16 . 2008-04-14 11:42 17408 c:\windows\system32\dllcache\cache\powrprof.dll + 2009-06-26 20:16 . 2008-04-14 11:42 13312 c:\windows\system32\dllcache\cache\lsass.exe + 2009-06-26 20:16 . 2008-04-14 06:09 24576 c:\windows\system32\dllcache\cache\kbdclass.sys + 2009-06-26 20:16 . 2008-04-14 06:23 36608 c:\windows\system32\dllcache\cache\ip6fw.sys + 2009-06-26 20:16 . 2008-04-14 11:42 15360 c:\windows\system32\dllcache\cache\ctfmon.exe + 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangNL.dll + 2006-09-28 17:52 . 2006-09-28 17:52 77824 c:\windows\system32\CddbLangJA.dll + 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangFR.dll + 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangES.dll + 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangDE.dll + 2009-06-27 02:12 . 2009-06-27 02:12 44544 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop\6392b0c72d93a59cbe2605f1b882d224\Interop.ni.dll + 2009-06-27 02:12 . 2009-06-27 02:12 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\ControlLibrary\8085252984088c3826175969ae0b1215\ControlLibrary.ni.dll + 2009-06-27 02:11 . 2009-06-27 02:11 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\f53a41f79fd93e6057fc4d6965cac88c\AjaVideoProperties.ni.dll + 2009-06-26 20:42 . 2009-06-26 20:42 4608 c:\windows\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe + 2004-10-15 16:31 . 2004-10-15 16:31 218264 c:\windows\system32\SetAid.dll + 2006-09-28 17:53 . 2006-09-28 17:53 344064 c:\windows\system32\msvcr70.dll + 2009-06-26 20:16 . 2008-04-14 11:42 507904 c:\windows\system32\dllcache\cache\winlogon.exe + 2009-06-26 20:16 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll + 2009-06-26 20:16 . 2008-04-14 11:42 578560 c:\windows\system32\dllcache\cache\user32.dll + 2009-06-26 20:16 . 2008-04-14 11:42 295424 c:\windows\system32\dllcache\cache\termsrv.dll + 2009-06-26 20:16 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys + 2009-06-26 20:16 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe + 2009-06-26 20:16 . 2008-04-14 06:50 182656 c:\windows\system32\dllcache\cache\ndis.sys + 2009-06-26 20:16 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll + 2009-06-26 20:16 . 2008-04-14 11:41 110080 c:\windows\system32\dllcache\cache\imm32.dll + 2009-06-26 20:16 . 2008-04-14 11:41 167936 c:\windows\system32\dllcache\cache\appmgmts.dll + 2006-09-28 17:52 . 2006-09-28 17:52 765952 c:\windows\system32\CDDBUI.dll + 2006-09-28 17:52 . 2006-09-28 17:52 102400 c:\windows\system32\CddbLangIT.dll + 2006-09-28 17:52 . 2006-09-28 17:52 655360 c:\windows\system32\CDDBControl.dll - 2009-06-25 18:43 . 2009-06-25 18:43 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe + 2009-06-25 18:43 . 2009-06-26 20:46 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe + 2007-01-23 09:39 . 2007-01-23 09:39 443904 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\JP2KLib.dll + 2009-06-27 02:11 . 2009-06-27 02:11 928256 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\14f3926cd23611c5ee50819cdef56df9\Sony.Vegas.ni.dll + 2009-06-27 02:11 . 2009-06-27 02:11 222208 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\95f9e07aca9fe9ca7b138976894b3261\Sony.Vegas.NetRender.ni.dll + 2009-06-27 02:11 . 2009-06-27 02:11 279040 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\1669a9667b4dc342ab9a3b7cccf874b0\Sony.MediaSoftware.ExternalVideoDevice.ni.dll + 2009-06-27 02:11 . 2009-06-27 02:11 646656 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Capture\5c98cf2f090f41c6b67066e1b2948653\Sony.Capture.ni.dll + 2009-06-27 02:11 . 2009-06-27 02:11 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI\00f6d4232292da2f1b8925d9af870429\CoreUI.ni.dll + 2009-06-27 02:12 . 2009-06-27 02:12 818688 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\521842417f41e7b3a50db407f2d8901b\CoreUI.XmlSerializers.ni.dll + 2009-06-27 02:11 . 2009-06-27 02:11 119808 c:\windows\assembly\NativeImages_v2.0.50727_32\CorePrimitives\f539d0de49ce0f337feba637092406dd\CorePrimitives.ni.dll + 2009-06-26 20:16 . 2008-04-14 11:42 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll + 2009-06-26 20:16 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe + 2009-06-26 20:16 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe + 2009-06-26 20:16 . 2008-04-14 11:42 1033728 c:\windows\system32\dllcache\cache\explorer.exe + 2009-06-27 02:12 . 2009-06-27 02:12 1379328 c:\windows\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\c5bee45106539d11355b8098284b04d0\WidgetLibrary.ni.dll + 2009-06-27 02:11 . 2009-06-27 02:11 1538048 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics\985753dc22f5138eaf89d037ac628a40\CoreGraphics.ni.dll + 2009-06-27 02:11 . 2009-06-27 02:11 1180672 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\7d012cfa378ee80fdddc6da2cee32c93\CoreGraphics.XmlSerializers.ni.dll + 2008-10-14 22:42 . 2008-10-14 22:42 13219184 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroRd32.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-06-21 01:59 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\d13k\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176] Secunia PSI.lnk.disabled [2009-6-26 720] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^d13k^Start Menu^Programs^Startup^Secunia PSI.lnk] path=c:\documents and settings\d13k\Start Menu\Programs\Startup\Secunia PSI.lnk backup=c:\windows\pss\Secunia PSI.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\d13k\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.6.2009 1:15 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13.6.2009 2:45 114768] R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1.7.2008 14:56 17952] R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [1.7.2008 20:49 14464] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.6.2009 2:45 20560] R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [1.6.2009 20:13 331312] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [17.6.2009 14:49 210216] R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.3.2008 19:08 24576] R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [1.6.2009 20:13 33840] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1003344] S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [1.6.2009 20:58 34352] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648] S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [13.6.2009 1:36 37440] S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [4.9.2007 16:53 55664] --- Other Services/Drivers In Memory --- Deregistered - aujasnkj [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:16] 2009-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-515967899-1417001333-1003.job - c:\documents and settings\d13k\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 12:41] 2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{FE68E7CD-C90F-47E8-91FC-4A73093135E5}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . - - - - ORPHANS REMOVED - - - - BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file) MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = local IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 TCP: {D19B6B02-E641-41D5-B538-78807C785C5D} = 193.198.184.140 193.198.184.130 DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} FF - ProfilePath - c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q= FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\documents and settings\d13k\Application Data\IDM\idmmzcc2\components\idmmzcc.dll FF - component: c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\d13k\Local Settings\Application Data\Google\Update\1.2.145.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-28 22:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):64,c6,36,a5,3f,97,a2,c6,8f,1b,57,50,fc,4b,b8,f9,f8,69,b1,4b,31, 37,d7,42,50,49,c4,56,63,e6,96,df,e2,d4,a1,e5,43,5c,e6,d8,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9ab88e38-ba76-4928-a4a8-82c66801da14}] @Denied: (Full) (Everyone) "Model"=dword:000000fc "Therad"=dword:00000011 "MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a, 4b,7b,ad,04,7a,b1,b5,76,9b,27,47,0f,41,34,5e,b6,6f,99,5a,44,5a,0f,05,15,47,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1704) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(372) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-06-28 22:43 ComboFix-quarantined-files.txt 2009-06-28 20:43 ComboFix2.txt 2009-06-26 20:18 Pre-Run: 58.773.876.736 bytes free Post-Run: 58.777.763.840 bytes free 395 --- E O F --- 2009-06-18 18:42