Possible malware infection

[Ditrik]

Problem Description:

My problem is that my downloads keep pausing.No matter what I try to download they inevitably stop.Sometimes they stop right at the beginning other times they stop in the middle or near end.

My problem started only recently.I have a stable internet connection and I tried to fix my problem using 3rd party software(e.g. Internet Download Manager) but the problem remained.

After browsing these forums I found a user that had a similar problem like me and the cause of his downloads freezing was malware.

LOG:

DDS (Ver_09-05-14.01) - NTFSx86
Run by d13k at 17:31:57,78 on cet 18.06.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1205 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090617-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\d13k\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\d13k\Desktop\Security\Malware removal tools\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F}
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245210648531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {D19B6B02-E641-41D5-B538-78807C785C5D} = 212.91.97.3 212.91.97.4
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d13k\applic~1\mozilla\firefox\profiles\oejxwxxc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\d13k\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\d13k\application data\mozilla\firefox\profiles\oejxwxxc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\d13k\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-13 114768]
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2008-7-1 17952]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-7-1 14464]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-6-18 353672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-13 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-17 210216]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-13 352920]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\hsstrayservice.exe --> c:\program files\hotspot shield\bin\HssTrayService.EXE [?]
S3 mbr;mbr;\??\c:\docume~1\d13k\locals~1\temp\mbr.sys --> c:\docume~1\d13k\locals~1\temp\mbr.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-6-13 37440]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]

=============== Created Last 30 ================

2009-06-18 06:34 362 a---h--- C:\aaw7boot.cmd
2009-06-18 03:58 <DIR> --dsh--- c:\documents and settings\d13k\IECompatCache
2009-06-18 03:56 <DIR> --dsh--- c:\documents and settings\d13k\PrivacIE
2009-06-18 03:46 <DIR> --dsh--- c:\documents and settings\d13k\IETldCache
2009-06-18 02:08 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 02:08 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-18 02:08 <DIR> --d----- c:\windows\ie8updates
2009-06-18 02:08 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-18 02:05 <DIR> -cd-h--- c:\windows\ie8
2009-06-18 02:02 <DIR> --d----- c:\windows\system32\KB905474
2009-06-18 02:01 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 01:10 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-06-18 01:10 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-06-18 01:10 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-06-18 01:10 <DIR> --d----- c:\program files\Zone Labs
2009-06-18 01:10 350,192 a------- c:\windows\system32\vsconfig.xml
2009-06-18 01:09 <DIR> --d----- c:\windows\Internet Logs
2009-06-18 00:45 <DIR> --d----- c:\docume~1\d13k\applic~1\Comodo
2009-06-18 00:45 <DIR> --d----- c:\program files\COMODO
2009-06-17 15:57 36,352 -------- C:\WGASetup.exe
2009-06-17 15:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-17 14:49 <DIR> --d----- c:\program files\common files\McAfee
2009-06-17 14:49 <DIR> --d----- c:\program files\McAfee
2009-06-17 10:55 <DIR> --d----- c:\program files\Secunia
2009-06-17 06:29 <DIR> --d-h--- c:\windows\PIF
2009-06-17 06:17 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-17 06:17 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-17 06:17 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-17 06:10 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-17 06:09 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-17 05:58 361,600 a------- c:\windows\system32\drivers\tcpip.sys.old
2009-06-17 05:50 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-15 20:48 31,232 a------- c:\windows\system\vdremote.dll
2009-06-15 20:48 25,088 a------- c:\windows\system\vdsvrlnk.dll
2009-06-13 06:51 <DIR> --d----- c:\program files\File Shredder
2009-06-13 01:36 1,024 a------- C:\.rnd
2009-06-13 01:36 37,440 a------- c:\windows\system32\drivers\pssdk41.sys
2009-06-13 01:20 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-13 01:15 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-13 01:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 01:12 <DIR> --d----- c:\program files\Lavasoft
2009-06-13 01:08 <DIR> --d----- c:\program files\Trend Micro
2009-06-13 00:50 <DIR> --d----- c:\program files\Tenable
2009-06-13 00:50 <DIR> --d----- c:\docume~1\d13k\applic~1\MailWasherFree
2009-06-13 00:48 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-06-12 00:50 <DIR> --d----- c:\program files\mIRC
2009-06-12 00:50 <DIR> --d----- c:\docume~1\d13k\applic~1\mIRC
2009-06-11 03:33 <DIR> --d----- c:\docume~1\d13k\applic~1\X-Chat 2
2009-06-10 07:31 <DIR> --d----- c:\docume~1\d13k\applic~1\KeePass
2009-06-10 05:44 <DIR> --d----- c:\program files\KeePass Password Safe 2
2009-05-23 08:35 <DIR> --d----- c:\documents and settings\d13k\dwhelper

==================== Find3M ====================

2009-05-13 07:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 17:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 06:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 14:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 16:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 17:32:36,50 ===============

[Ditrik]

BUMP please.

[Ditrik]

You can disregard this thread of mine. I successfully managed to fix problem by myself. The problem was indeed malware.

[Ditrik]

DDS (Ver_09-06-26.01) - NTFSx86
Run by d13k at 10:40:25,50 on ned 28.06.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.881 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090627-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
svchost.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Documents and Settings\d13k\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Documents and Settings\d13k\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [AtiPTA] atiptaxx.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\d13k\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\documents and settings\d13k\start menu\programs\startup\Secunia PSI.lnk.disabled
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F}
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {D19B6B02-E641-41D5-B538-78807C785C5D} = 193.198.184.140 193.198.184.130
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d13k\applic~1\mozilla\firefox\profiles\oejxwxxc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\d13k\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\d13k\application data\mozilla\firefox\profiles\oejxwxxc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\d13k\application data\mozilla\firefox\profiles\oejxwxxc.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\d13k\local settings\application data\google\update\1.2.145.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-13 114768]
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2008-7-1 17952]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-7-1 14464]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-13 138680]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-6-1 331312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-17 210216]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-13 352920]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [2009-6-1 33840]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-6-1 34352]
S3 mbr;mbr;\??\c:\docume~1\d13k\locals~1\temp\mbr.sys --> c:\docume~1\d13k\locals~1\temp\mbr.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-6-13 37440]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-06-27 04:10 <DIR> --d----- c:\program files\Vstplugins
2009-06-27 04:10 <DIR> --d----- c:\program files\Sony
2009-06-27 04:07 <DIR> --d----- c:\program files\Sony Setup
2009-06-26 23:11 <DIR> --d----- c:\program files\Secunia
2009-06-26 23:00 <DIR> --d----- c:\program files\TightVNC
2009-06-26 22:52 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-26 22:42 14,568 a------- c:\windows\system32\drivers\wg6n.sys
2009-06-26 22:42 14,568 a------- c:\windows\system32\drivers\wg5n.sys
2009-06-26 22:42 14,568 a------- c:\windows\system32\drivers\wg4n.sys
2009-06-26 22:42 14,568 a------- c:\windows\system32\drivers\wg3n.sys
2009-06-26 22:42 60,496 a------- c:\windows\system32\drivers\Teefer.sys
2009-06-26 22:42 21,075 a------- c:\windows\system32\drivers\wpsdrvnt.sys
2009-06-26 22:42 83,096 a------- c:\windows\system32\SSSensor.dll
2009-06-26 22:42 <DIR> --d----- c:\program files\Sygate
2009-06-26 22:16 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-26 22:05 <DIR> a-dshr-- C:\cmdcons
2009-06-26 22:03 161,792 a------- c:\windows\SWREG.exe
2009-06-26 22:03 155,136 a------- c:\windows\PEV.exe
2009-06-26 22:03 98,816 a------- c:\windows\sed.exe
2009-06-26 08:28 <DIR> --d----- c:\program files\CrossLoop
2009-06-26 07:47 <DIR> --d----- c:\program files\Ventrilo
2009-06-26 07:47 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-06-26 07:47 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-24 23:56 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-06-24 23:42 10 a------- c:\windows\WININIT.INI
2009-06-23 01:57 <DIR> --d----- c:\docume~1\d13k\applic~1\TypingMaster7
2009-06-23 01:57 <DIR> --d--r-- c:\program files\TypingMaster
2009-06-21 23:35 <DIR> --d----- c:\program files\ACW
2009-06-21 05:03 <DIR> --d----- c:\program files\NetLimiter 2 Pro
2009-06-21 04:53 <DIR> --d----- c:\docume~1\d13k\applic~1\Locktime
2009-06-21 04:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Locktime
2009-06-21 03:59 <DIR> --d----- C:\Hotspot Shield
2009-06-18 03:58 <DIR> --dsh--- c:\documents and settings\d13k\IECompatCache
2009-06-18 03:56 <DIR> --dsh--- c:\documents and settings\d13k\PrivacIE
2009-06-18 03:46 <DIR> --dsh--- c:\documents and settings\d13k\IETldCache
2009-06-18 02:08 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 02:08 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-18 02:08 <DIR> --d----- c:\windows\ie8updates
2009-06-18 02:08 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-18 02:05 <DIR> -cd-h--- c:\windows\ie8
2009-06-18 02:01 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 01:10 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-06-18 01:09 <DIR> --d----- c:\windows\Internet Logs
2009-06-18 00:45 <DIR> --d----- c:\docume~1\d13k\applic~1\Comodo
2009-06-17 15:57 36,352 -------- C:\WGASetup.exe
2009-06-17 15:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-17 14:49 <DIR> --d----- c:\program files\common files\McAfee
2009-06-17 14:49 <DIR> --d----- c:\program files\McAfee
2009-06-17 14:20 12,648 a------- c:\windows\system32\drivers\psi_mf.sys
2009-06-17 06:29 <DIR> --d-h--- c:\windows\PIF
2009-06-17 06:17 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-17 06:17 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-17 06:17 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-17 06:10 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-17 06:09 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-17 05:58 361,600 a------- c:\windows\system32\drivers\tcpip.sys.old
2009-06-17 05:50 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-15 20:48 31,232 a------- c:\windows\system\vdremote.dll
2009-06-15 20:48 25,088 a------- c:\windows\system\vdsvrlnk.dll
2009-06-13 06:51 <DIR> --d----- c:\program files\File Shredder
2009-06-13 01:36 1,024 a------- C:\.rnd
2009-06-13 01:36 37,440 a------- c:\windows\system32\drivers\pssdk41.sys
2009-06-13 01:20 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-13 01:15 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-13 01:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 01:12 <DIR> --d----- c:\program files\Lavasoft
2009-06-13 01:08 <DIR> --d----- c:\program files\Trend Micro
2009-06-13 00:50 <DIR> --d----- c:\program files\Tenable
2009-06-13 00:50 <DIR> --d----- c:\docume~1\d13k\applic~1\MailWasherFree
2009-06-12 00:50 <DIR> --d----- c:\program files\mIRC
2009-06-12 00:50 <DIR> --d----- c:\docume~1\d13k\applic~1\mIRC
2009-06-11 03:33 <DIR> --d----- c:\docume~1\d13k\applic~1\X-Chat 2
2009-06-10 07:31 <DIR> --d----- c:\docume~1\d13k\applic~1\KeePass
2009-06-10 05:44 <DIR> --d----- c:\program files\KeePass Password Safe 2
2009-06-01 20:13 33,840 a------- c:\windows\system32\drivers\HssDrv.sys

==================== Find3M ====================

2009-05-13 07:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 17:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 23:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 23:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 23:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 23:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 23:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 23:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 23:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-29 06:55 78,336 -c------ c:\windows\system32\ieencode.dll
2009-04-17 14:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 16:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 10:40:53,68 ===============

[Ried]

Post the C:\ComboFix.txt

[Ditrik]

ComboFix 09-06-26.02 - d13k 28.06.2009 22:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1034 [GMT 2:00]
Running from: c:\documents and settings\d13k\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090627-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 02:34 . 2009-06-27 02:34 -------- d-----w- c:\documents and settings\d13k\Application Data\Publish Providers
2009-06-27 02:34 . 2009-06-27 06:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Sony
2009-06-27 02:34 . 2009-06-27 02:34 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Sony
2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\program files\Vstplugins
2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-06-27 02:10 . 2009-06-27 02:10 -------- d-----w- c:\program files\Sony
2009-06-27 02:07 . 2009-06-27 02:07 -------- d-----w- c:\program files\Sony Setup
2009-06-27 00:31 . 2009-06-27 00:31 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2009-06-27 00:31 . 2009-06-27 00:31 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2009-06-26 21:17 . 2009-06-26 21:17 -------- d-----w- c:\documents and settings\d13k\Application Data\Winamp
2009-06-26 21:17 . 2009-06-26 21:17 -------- d-----w- c:\program files\Winamp
2009-06-26 21:11 . 2009-06-26 21:11 -------- d-----w- c:\program files\Secunia
2009-06-26 21:06 . 2009-06-26 21:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-06-26 21:06 . 2009-06-26 21:06 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-06-26 21:00 . 2009-06-26 21:00 -------- d-----w- c:\program files\TightVNC
2009-06-26 20:52 . 2009-06-26 20:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys
2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys
2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys
2009-06-26 20:42 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys
2009-06-26 20:42 . 2004-10-15 16:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys
2009-06-26 20:42 . 2004-10-15 16:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2009-06-26 20:42 . 2004-10-15 16:32 83096 ----a-w- c:\windows\system32\SSSensor.dll
2009-06-26 20:42 . 2009-06-26 20:42 -------- d-----w- c:\program files\Sygate
2009-06-26 20:16 . 2009-06-26 20:16 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-26 06:28 . 2009-06-26 06:28 -------- d-----w- c:\program files\CrossLoop
2009-06-26 05:47 . 2009-06-26 05:47 -------- d-----w- c:\program files\Ventrilo
2009-06-26 05:47 . 2009-06-26 20:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-24 21:56 . 2007-09-28 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-06-22 23:57 . 2009-06-25 00:16 -------- d-----w- c:\documents and settings\d13k\Application Data\TypingMaster7
2009-06-22 23:57 . 2009-06-25 02:08 -------- d-----r- c:\program files\TypingMaster
2009-06-21 21:35 . 2009-06-21 21:36 -------- d-----w- c:\program files\ACW
2009-06-21 03:48 . 2009-06-21 03:48 34062 ----a-w- c:\documents and settings\d13k\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-21 03:03 . 2009-06-21 03:03 -------- d-----w- c:\program files\NetLimiter 2 Pro
2009-06-21 02:53 . 2009-06-21 02:53 -------- d-----w- c:\documents and settings\d13k\Application Data\Locktime
2009-06-21 02:52 . 2009-06-21 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2009-06-21 02:04 . 2009-06-21 03:54 -------- d-----w- c:\documents and settings\d13k\Application Data\Move Networks
2009-06-21 02:04 . 2009-03-09 09:34 971776 -c--a-w- c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
2009-06-21 01:59 . 2009-06-21 01:59 -------- d-----w- C:\Hotspot Shield
2009-06-19 23:16 . 2009-06-19 23:16 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-19 23:16 . 2009-06-19 23:16 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-19 23:16 . 2009-06-19 23:16 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-19 23:16 . 2009-06-19 23:16 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-19 23:16 . 2009-06-19 23:16 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-19 23:16 . 2009-06-19 23:16 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-19 23:16 . 2009-06-19 23:16 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-19 23:16 . 2009-06-19 23:16 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-19 23:16 . 2009-06-19 23:16 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-19 23:16 . 2009-06-19 23:16 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-19 23:16 . 2009-06-19 23:16 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-19 23:15 . 2009-06-19 23:15 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-19 23:15 . 2009-06-19 23:15 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-19 23:15 . 2009-06-19 23:15 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-18 01:58 . 2009-06-18 01:58 -------- d-sh--w- c:\documents and settings\d13k\IECompatCache
2009-06-18 01:57 . 2009-06-18 01:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-18 01:56 . 2009-06-18 01:56 -------- d-sh--w- c:\documents and settings\d13k\PrivacIE
2009-06-18 01:50 . 2009-06-18 01:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-18 01:46 . 2009-06-18 01:46 -------- d-sh--w- c:\documents and settings\d13k\IETldCache
2009-06-18 00:08 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-18 00:08 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 00:08 . 2009-06-18 00:08 -------- d-----w- c:\windows\ie8updates
2009-06-18 00:08 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-18 00:05 . 2009-06-18 00:08 -------- dc-h--w- c:\windows\ie8
2009-06-18 00:01 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-17 23:10 . 2009-06-17 23:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-17 23:09 . 2009-06-26 21:38 -------- d-----w- c:\windows\Internet Logs
2009-06-17 22:45 . 2009-06-17 23:16 -------- d-----w- c:\documents and settings\d13k\Application Data\Comodo
2009-06-17 13:57 . 2009-02-11 23:00 36352 ------w- C:\WGASetup.exe
2009-06-17 13:37 . 2009-06-17 13:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 13:37 . 2009-06-17 13:37 152576 ----a-w- c:\documents and settings\d13k\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-17 13:00 . 2009-06-27 23:28 -------- d-----w- c:\program files\Trillian
2009-06-17 12:51 . 2009-06-17 12:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-17 12:51 . 2009-06-17 12:51 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-17 12:50 . 2009-06-17 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-17 12:49 . 2009-06-17 12:49 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-17 12:49 . 2009-06-17 14:26 -------- d-----w- c:\program files\McAfee
2009-06-17 12:49 . 2009-06-17 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-17 09:34 . 2009-06-17 09:35 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Hotspot_Shield
2009-06-17 08:16 . 2009-06-17 09:18 -------- d-----w- c:\windows\BDOSCAN8
2009-06-17 04:29 . 2009-06-17 04:29 -------- d--h--w- c:\windows\PIF
2009-06-17 04:17 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-17 04:17 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-17 04:17 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-17 04:10 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-17 04:09 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-15 19:02 . 2009-06-15 19:02 1878984 ----a-w- c:\documents and settings\d13k\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-15 18:48 . 2009-01-04 10:35 31232 ----a-w- c:\windows\system\vdremote.dll
2009-06-15 18:48 . 2009-01-04 10:35 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-06-13 04:51 . 2009-06-13 04:51 -------- d-----w- c:\program files\File Shredder
2009-06-13 00:46 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-13 00:46 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-13 00:46 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-13 00:45 . 2009-02-05 20:04 97480 ------w- c:\windows\system32\AvastSS.scr
2009-06-13 00:45 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-13 00:45 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-13 00:45 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-13 00:45 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-13 00:44 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-13 00:44 . 2009-06-13 00:44 -------- d-----w- c:\program files\Alwil Software
2009-06-12 23:36 . 2009-06-12 23:36 37440 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2009-06-12 23:20 . 2009-06-12 23:15 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-12 23:15 . 2009-06-12 23:15 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-12 23:15 . 2009-06-12 23:15 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-12 23:15 . 2009-06-12 23:15 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-12 23:15 . 2009-06-12 23:15 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-12 23:15 . 2009-06-12 23:15 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-12 23:15 . 2009-06-12 23:15 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-12 23:12 . 2009-06-12 23:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-12 23:12 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-12 23:12 . 2009-06-12 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-12 23:12 . 2009-06-12 23:12 -------- d-----w- c:\program files\Lavasoft
2009-06-12 23:08 . 2009-06-12 23:08 -------- d-----w- c:\program files\Trend Micro
2009-06-12 22:50 . 2009-06-12 22:50 -------- d-----w- c:\documents and settings\d13k\Local Settings\Application Data\Tenable
2009-06-12 22:50 . 2009-06-17 09:31 -------- d-----w- c:\program files\Tenable
2009-06-12 22:50 . 2009-06-17 09:23 -------- d-----w- c:\documents and settings\d13k\Application Data\MailWasherFree
2009-06-11 22:50 . 2009-06-28 03:42 -------- d-----w- c:\documents and settings\d13k\Application Data\mIRC
2009-06-11 22:50 . 2009-06-28 01:45 -------- d-----w- c:\program files\mIRC
2009-06-11 01:33 . 2009-06-11 22:49 -------- d-----w- c:\documents and settings\d13k\Application Data\X-Chat 2
2009-06-10 05:31 . 2009-06-10 05:31 -------- d-----w- c:\documents and settings\d13k\Application Data\KeePass
2009-06-10 03:44 . 2009-06-10 03:44 -------- d-----w- c:\program files\KeePass Password Safe 2
2009-06-01 18:13 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 20:36 . 2008-12-21 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 01:08 . 2008-06-29 09:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 02:41 . 2008-07-06 12:17 169936 -c--a-w- c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\FlashGot.exe
2009-06-26 21:48 . 2008-12-21 10:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-26 21:02 . 2008-09-28 11:33 -------- d-----w- c:\program files\Java
2009-06-26 20:54 . 2009-02-18 16:36 -------- d-----w- c:\program files\DivX
2009-06-26 05:48 . 2008-07-02 14:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Ventrilo
2009-06-25 18:43 . 2008-06-29 09:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-24 23:55 . 2008-06-29 10:43 -------- d-----w- c:\documents and settings\d13k\Application Data\uTorrent
2009-06-24 22:00 . 2008-07-01 12:56 -------- d-----w- c:\program files\MultiRes
2009-06-24 21:33 . 2009-06-20 10:37 2103664 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-06-24 21:18 . 2008-06-29 10:27 -------- d-----w- c:\documents and settings\d13k\Application Data\DMCache
2009-06-21 01:59 . 2008-07-28 22:39 -------- d-----w- c:\program files\Hotspot Shield
2009-06-18 01:47 . 2008-10-02 09:33 42952 -c--a-w- c:\documents and settings\d13k\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 01:46 . 2008-07-05 22:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-18 00:39 . 2009-05-11 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-18 00:35 . 2009-05-11 14:56 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-17 14:17 . 2009-05-11 14:51 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-06-17 14:17 . 2009-05-11 14:50 2060128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-17 13:36 . 2008-06-29 10:05 -------- d-----w- c:\program files\Opera
2009-06-17 13:19 . 2008-07-02 17:13 -------- d-----w- c:\documents and settings\d13k\Application Data\Any Video Converter Professional
2009-06-17 13:13 . 2009-05-10 10:57 -------- d-----w- c:\program files\LSoft Technologies
2009-06-17 09:40 . 2008-06-29 09:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 09:26 . 2008-06-29 09:52 -------- d-----w- c:\program files\SpeedFan
2009-06-17 09:22 . 2008-07-01 02:15 -------- d-----w- c:\program files\Windows Live
2009-05-13 05:15 . 2008-04-14 11:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 00:55 . 2009-05-12 00:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Vodafone
2009-05-11 19:43 . 2009-05-11 19:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-11 19:39 . 2009-05-11 19:39 -------- d-----w- c:\program files\Lavalys
2009-05-11 15:03 . 2009-05-11 15:03 -------- d-----w- c:\program files\Business Objects
2009-05-11 15:03 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-05-11 14:59 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft.NET
2009-05-11 14:58 . 2009-05-11 14:58 -------- d-----w- c:\program files\MSXML 6.0
2009-05-11 14:56 . 2009-05-11 14:56 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-05-11 14:55 . 2009-05-11 14:54 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-11 14:46 . 2009-05-11 14:39 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-05-11 14:46 . 2009-05-11 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-05-11 14:42 . 2009-05-11 14:39 -------- d-----w- c:\program files\HTML Help Workshop
2009-05-11 14:42 . 2009-01-17 12:16 -------- d-----w- c:\program files\MSBuild
2009-05-11 14:39 . 2009-05-11 14:39 -------- d-----w- c:\program files\Microsoft SDKs
2009-05-11 14:39 . 2009-05-11 14:39 -------- d-----w- c:\program files\CE Remote Tools
2009-05-11 14:37 . 2009-05-11 14:37 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-05-11 14:36 . 2009-05-11 14:36 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-05-09 20:20 . 2008-07-16 08:35 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-09 19:35 . 2008-10-14 13:57 -------- d-----w- c:\program files\Last.fm
2009-05-07 15:32 . 2008-04-14 11:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 04:55 . 2009-04-29 04:55 78336 -c----w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2008-04-14 07:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 11:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-26_20.13.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-01 22:46 . 2006-12-01 22:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-01 20:56 . 2006-12-01 20:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-06-28 08:40 . 2009-06-28 08:40 16384 c:\windows\Temp\Perflib_Perfdata_cf0.dat
+ 2009-06-27 02:21 . 2009-06-27 02:21 16384 c:\windows\Temp\Perflib_Perfdata_914.dat
+ 2009-06-27 02:21 . 2009-06-27 02:21 16384 c:\windows\Temp\Perflib_Perfdata_4dc.dat
+ 2004-10-15 16:31 . 2004-10-15 16:31 99480 c:\windows\system32\FwsVpn.dll
+ 2009-06-26 20:16 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-26 20:16 . 2008-04-14 06:09 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-26 20:16 . 2008-04-14 06:23 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-26 20:16 . 2008-04-14 11:42 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangNL.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 77824 c:\windows\system32\CddbLangJA.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangFR.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangES.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 98304 c:\windows\system32\CddbLangDE.dll
+ 2009-06-27 02:12 . 2009-06-27 02:12 44544 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop\6392b0c72d93a59cbe2605f1b882d224\Interop.ni.dll
+ 2009-06-27 02:12 . 2009-06-27 02:12 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\ControlLibrary\8085252984088c3826175969ae0b1215\ControlLibrary.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\f53a41f79fd93e6057fc4d6965cac88c\AjaVideoProperties.ni.dll
+ 2009-06-26 20:42 . 2009-06-26 20:42 4608 c:\windows\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe
+ 2004-10-15 16:31 . 2004-10-15 16:31 218264 c:\windows\system32\SetAid.dll
+ 2006-09-28 17:53 . 2006-09-28 17:53 344064 c:\windows\system32\msvcr70.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-26 20:16 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-26 20:16 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-26 20:16 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-26 20:16 . 2008-04-14 06:50 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-26 20:16 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-26 20:16 . 2008-04-14 11:41 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-26 20:16 . 2008-04-14 11:41 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 765952 c:\windows\system32\CDDBUI.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 102400 c:\windows\system32\CddbLangIT.dll
+ 2006-09-28 17:52 . 2006-09-28 17:52 655360 c:\windows\system32\CDDBControl.dll
- 2009-06-25 18:43 . 2009-06-25 18:43 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2009-06-25 18:43 . 2009-06-26 20:46 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2007-01-23 09:39 . 2007-01-23 09:39 443904 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\JP2KLib.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 928256 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\14f3926cd23611c5ee50819cdef56df9\Sony.Vegas.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 222208 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\95f9e07aca9fe9ca7b138976894b3261\Sony.Vegas.NetRender.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 279040 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\1669a9667b4dc342ab9a3b7cccf874b0\Sony.MediaSoftware.ExternalVideoDevice.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 646656 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Capture\5c98cf2f090f41c6b67066e1b2948653\Sony.Capture.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI\00f6d4232292da2f1b8925d9af870429\CoreUI.ni.dll
+ 2009-06-27 02:12 . 2009-06-27 02:12 818688 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\521842417f41e7b3a50db407f2d8901b\CoreUI.XmlSerializers.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 119808 c:\windows\assembly\NativeImages_v2.0.50727_32\CorePrimitives\f539d0de49ce0f337feba637092406dd\CorePrimitives.ni.dll
+ 2009-06-26 20:16 . 2008-04-14 11:42 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-26 20:16 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-26 20:16 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-26 20:16 . 2008-04-14 11:42 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-27 02:12 . 2009-06-27 02:12 1379328 c:\windows\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\c5bee45106539d11355b8098284b04d0\WidgetLibrary.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 1538048 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics\985753dc22f5138eaf89d037ac628a40\CoreGraphics.ni.dll
+ 2009-06-27 02:11 . 2009-06-27 02:11 1180672 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\7d012cfa378ee80fdddc6da2cee32c93\CoreGraphics.XmlSerializers.ni.dll
+ 2008-10-14 22:42 . 2008-10-14 22:42 13219184 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-06-21 01:59 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\d13k\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]
Secunia PSI.lnk.disabled [2009-6-26 720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^d13k^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\d13k\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\d13k\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.6.2009 1:15 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13.6.2009 2:45 114768]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1.7.2008 14:56 17952]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [1.7.2008 20:49 14464]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.6.2009 2:45 20560]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [1.6.2009 20:13 331312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [17.6.2009 14:49 210216]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.3.2008 19:08 24576]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [1.6.2009 20:13 33840]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1003344]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [1.6.2009 20:58 34352]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [13.6.2009 1:36 37440]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [4.9.2007 16:53 55664]

--- Other Services/Drivers In Memory ---

*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:16]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-515967899-1417001333-1003.job
- c:\documents and settings\d13k\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 12:41]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{FE68E7CD-C90F-47E8-91FC-4A73093135E5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: {D19B6B02-E641-41D5-B538-78807C785C5D} = 193.198.184.140 193.198.184.130
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F}
FF - ProfilePath - c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\d13k\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\d13k\Application Data\Mozilla\Firefox\Profiles\oejxwxxc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\d13k\Local Settings\Application Data\Google\Update\1.2.145.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 22:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):64,c6,36,a5,3f,97,a2,c6,8f,1b,57,50,fc,4b,b8,f9,f8,69,b1,4b,31,
37,d7,42,50,49,c4,56,63,e6,96,df,e2,d4,a1,e5,43,5c,e6,d8,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9ab88e38-ba76-4928-a4a8-82c66801da14}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:00000011
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,0f,41,34,5e,b6,6f,99,5a,44,5a,0f,05,15,47,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(372)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-28 22:43
ComboFix-quarantined-files.txt 2009-06-28 20:43
ComboFix2.txt 2009-06-26 20:18

Pre-Run: 58.773.876.736 bytes free
Post-Run: 58.777.763.840 bytes free

395 --- E O F --- 2009-06-18 18:42

[Ried]

The log looks clean. It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:


Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[Ditrik]

Results of Kaspersky Scanner
***********************
***********************


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 29, 2009 10:29:38
Records in database: 2400486
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 60636
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:54:36


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

The selected area was scanned.

[Ried]

Your logs are clean, Ditrik.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.