Results 1 to 5 of 5

Thread: Possible Trojan

  1. #1
    Junior Member
    Join Date
    Sep 2010
    Posts
    8

    Default Possible Trojan

    Spy Emergency keeps telling me dds.scr is Trojan Win32Malware (3 of Virus Total scanners : it is at least suspicious file). Why ? I hope they are only false positives and I`ll not make situation worse...
    ....................................................................................

    This is my DDS.txt

    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Zuza at 23:17:42,64 on 2010-09-22
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.2046.717 [GMT 2:00]

    AV: Spy Emergency *On-access scanning enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\brsvc01a.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Dicter\DicterService.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe
    C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Spy Emergency\SpyEmergencySrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Windows\SysWOW64\brss01a.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Winstep\WsxService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Process Lasso\ProcessLasso.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Process Lasso\ProcessGovernor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spy Emergency\SpyEmergency.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Secunia\PSI\psi.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    D:\ARCHIWUM\ARCHIWUM PROGRAMÓW\system UI - tunning (wygląd i dodatki)\CapsLockWarningv2.5 (bez instalacji)\CapsLockWarning.exe
    C:\Users\Grace\AppData\Roaming\WordWeb\wweb32.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Spy Emergency\SpyEmergencyWow64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    mLocal Page = c:\windows\syswow64\blank.htm
    uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
    mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Disabled:{000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
    BHO: Disabled:{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No File
    BHO: Disabled:{2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No File
    BHO: Disabled:{53707962-6F74-2D53-2644-206D7942484F} - No File
    BHO: Disabled:{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
    BHO: Disabled:{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No File
    BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
    BHO: Disabled:{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
    BHO: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: Disabled:{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No File
    BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    BHO: Disabled:{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No File
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files (x86)\orbitdownloader\orbitcth.dll
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files (x86)\techsmith\snagit 10\SnagitBHO.dll
    BHO: FLockObj Class: {26c3165b-fc58-4910-802d-250b2e68a04e} - c:\program files (x86)\gilisoft\privacy protector\FileLockPlugin.dll
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\4.2.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\4.2.0.12\IPSBHO.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5627.1104\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No File
    TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files (x86)\orbitdownloader\GrabPro.dll
    TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\4.2.0.12\coIEPlg.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files (x86)\techsmith\snagit 10\SnagitIEAddin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Nexus]
    uRun: [SpyEmergency] c:\program files\spy emergency\SPYEMERGENCY.EXE
    uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
    mRun: [PivotSoftware] "c:\program files (x86)\portrait displays\pivot software\wpctrl.exe"
    mRun: [WinPatrol] c:\program files (x86)\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [NetWorx] "c:\program files (x86)\networx\networx.exe" /auto
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\capslo~1.lnk - d:\archiwum\archiwum programów\system ui - tunning (wygląd i dodatki)\capslockwarningv2.5 (bez instalacji)\CapsLockWarning.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\wweb32~1.lnk - c:\users\grace\appdata\roaming\wordweb\wweb32.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &Download by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/204
    IE: &Winamp Search
    IE: Do&wnload selected by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/202
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Funkcja Google Sidewiki - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html
    IE: Translate this web page with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
    IE: Wyślij &do programu OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files (x86)\winhttrack\WinHTTrackIEBar.dll
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: {00304450-07C2-459E-BD09-75E2AD790D4F} = 213.158.199.1 213.158.199.5
    TCP: {19A54CD1-565B-4BAB-B572-51D69F847D7D} = 213.158.199.1 213.158.199.5
    TCP: {9BFA33C5-A69A-4C30-A5B6-FDE483206CF8} = 213.158.199.1 213.158.199.5
    TCP: {B39524DD-69A3-45B1-A739-514B8A378C2E} = 213.158.199.1 213.158.199.5
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    {00C6482D-C502-44C8-8409-FCE54AD9C208}
    {26C3165B-FC58-4910-802D-250B2E68A04E}
    {2B9F5787-88A5-4945-90E7-C4B18563BC5E}
    {AA58ED58-01DD-4d91-8333-CF10577473F7}
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {FF6C3CF0-4B15-11D1-ABED-709549C10000}
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}
    TB-X64: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No File
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
    mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun-x64: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
    mRun-x64: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
    FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff36\gears.dll
    FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\program files (x86)\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
    FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files (x86)\rayv\rayv\plugins\nprayvplugin.dll
    FF - plugin: c:\users\zuza\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 FLGuard;FLGuard;c:\windows\system32\drivers\FLGuard.sys [2010-7-17 49176]
    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-6-8 37392]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0402000.00c\symds64.sys [2010-9-4 433200]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0402000.00c\symefa64.sys [2010-9-4 221232]
    R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx64.sys [2010-9-1 954928]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0402000.00c\cchpx64.sys [2010-9-4 615040]
    R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100920.001\IDSviA64.sys [2010-9-21 463408]
    R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-7-16 53312]
    R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2010-8-14 15416]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0402000.00c\ironx64.sys [2010-9-4 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0402000.00c\symtdiv.sys [2010-9-4 451120]
    R2 DicterUpdateService;Dicter Service;c:\program files (x86)\dicter\DicterService.exe [2010-8-28 468992]
    R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~2\gfi\gfibac~1\GFIHInst.exe [2010-8-16 858480]
    R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~2\gfi\gfibac~1\GFIHSC~1.EXE [2010-8-16 2324848]
    R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-9-4 126392]
    R2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe [2010-6-5 90112]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-19 1153368]
    R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\spy emergency\SpyEmergencySrv.exe [2010-8-14 2889856]
    R2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\winstep\wsxservice --> c:\program files (x86)\winstep\WsxService [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-4 132656]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-7-7 243200]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-8-10 130696]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 17464]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-6-5 236544]
    R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2010-8-14 16952]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-5 136176]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-2 16776]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-2 9096]
    S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2010-8-14 22584]
    S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-7 1255736]

    =============== Created Last 30 ================

    2010-09-22 12:58:16 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat
    2010-09-22 12:45:22 65536 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TM.blf
    2010-09-22 12:45:22 524288 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TMContainer00000000000000000002.regtrans-ms
    2010-09-22 12:45:22 524288 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TMContainer00000000000000000001.regtrans-ms
    2010-09-22 06:40:24 892928 ----a-w- c:\windows\syswow64\iconv.dll
    2010-09-22 06:40:24 577536 ----a-w- c:\windows\syswow64\ac3filter.ax
    2010-09-21 05:17:09 0 d-----w- c:\program files (x86)\SolidDocuments
    2010-09-19 20:12:26 0 d-----w- c:\program files (x86)\Fantastic Flame Screensaver
    2010-09-19 20:10:49 0 d-----w- c:\programdata\Laconic Software
    2010-09-19 08:01:41 524288 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TMContainer00000000000000000002.regtrans-ms
    2010-09-19 08:01:41 524288 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TMContainer00000000000000000001.regtrans-ms
    2010-09-19 08:01:40 65536 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TM.blf
    2010-09-19 04:38:02 69632 ----a-w- C:\nporbit.dll
    2010-09-18 04:04:48 0 d-----w- c:\users\zuza\appdata\roaming\uTorrent
    2010-09-18 04:04:48 0 d-----w- c:\program files (x86)\uTorrent
    2010-09-17 13:19:21 993 ----a-w- c:\users\zuza\.rainlendar2 — 7z.lnk
    2010-09-16 15:06:41 524288 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TMContainer00000000000000000002.regtrans-ms
    2010-09-16 15:06:41 524288 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TMContainer00000000000000000001.regtrans-ms
    2010-09-16 15:06:40 65536 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TM.blf
    2010-09-16 10:32:29 0 d-----w- c:\program files (x86)\Tabbles
    2010-09-16 04:06:33 0 d-----w- C:\downloads
    2010-09-15 20:41:44 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
    2010-09-15 19:57:02 558592 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-15 11:29:06 4254224 ----a-w- c:\windows\syswow64\qtp-mt334.dll
    2010-09-12 06:01:11 0 d-----w- c:\users\zuza\appdata\roaming\Dropbox
    2010-09-12 02:19:13 0 d-----w- c:\program files (x86)\Scanned Text Editor 1
    2010-09-10 13:00:36 90112 ----a-w- c:\windows\unvise32.exe
    2010-09-10 12:58:37 0 d-----w- c:\program files (x86)\The Logo Creator v5
    2010-09-10 11:04:22 0 d-----w- c:\programdata\Wondershare
    2010-09-10 11:02:49 0 d-----w- c:\program files (x86)\Wondershare
    2010-09-10 08:05:58 0 d-----w- c:\programdata\restore
    2010-09-10 04:05:47 524288 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TMContainer00000000000000000002.regtrans-ms
    2010-09-10 04:05:46 65536 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TM.blf
    2010-09-10 04:05:46 524288 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TMContainer00000000000000000001.regtrans-ms
    2010-09-09 05:42:40 0 d-----w- c:\program files (x86)\Ncesoft
    2010-09-09 02:52:23 0 d-----w- c:\program files (x86)\Flip Book Maker
    2010-09-08 23:05:51 0 d-----w- c:\program files\LopeSoft
    2010-09-08 11:46:12 65536 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TM.blf
    2010-09-08 11:46:12 524288 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TMContainer00000000000000000002.regtrans-ms
    2010-09-08 11:46:12 524288 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TMContainer00000000000000000001.regtrans-ms
    2010-09-07 18:56:59 0 d-----w- c:\program files (x86)\VirusTotalUploader2
    2010-09-07 12:23:06 0 d-----w- c:\programdata\McAfee
    2010-09-06 06:12:16 0 d-----w- c:\users\zuza\appdata\roaming\SolidDocuments
    2010-09-06 06:11:33 0 d-----w- c:\programdata\SolidDocuments
    2010-09-05 23:24:59 0 d-----w- c:\programdata\TechSmith
    2010-09-05 17:36:39 0 d-----w- C:\ProgramDataTechSmith
    2010-09-05 09:29:04 0 d-----w- c:\program files (x86)\SnagIt 7
    2010-09-05 09:24:49 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
    2010-09-04 10:11:39 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-09-04 10:11:39 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
    2010-09-04 10:11:39 107368 ----a-r- c:\windows\syswow64\GEARAspi.dll
    2010-09-04 10:11:33 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
    2010-09-04 10:11:33 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
    2010-09-04 10:11:33 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2010-09-04 10:11:26 0 d-----w- c:\program files\Symantec
    2010-09-04 10:11:26 0 d-----w- c:\program files\common files\Symantec Shared
    2010-09-04 10:10:21 0 d-----w- c:\windows\system32\drivers\N360x64
    2010-09-04 10:10:17 0 d-----w- c:\program files (x86)\Norton 360
    2010-09-04 10:09:42 0 d-----w- c:\program files (x86)\NortonInstaller
    2010-09-04 08:54:17 106224 ----a-w- c:\windows\system32\drivers\GRD.sys
    2010-09-04 08:48:27 84936 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2010-09-04 08:48:20 57288 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
    2010-09-04 08:47:38 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys
    2010-09-04 08:47:35 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
    2010-09-04 08:46:57 0 d-----w- c:\programdata\G DATA
    2010-09-04 08:46:57 0 d-----w- c:\program files (x86)\G Data
    2010-09-04 08:46:57 0 d-----w- c:\program files (x86)\common files\G DATA
    2010-09-03 14:26:50 3259392 ----a-w- c:\windows\fanflame.scr
    2010-09-03 11:26:24 50768 ----a-w- c:\windows\system32\drivers\uimx64.sys
    2010-09-03 11:26:24 446544 ----a-w- c:\windows\system32\drivers\UimFIO.sys
    2010-09-03 11:26:22 566864 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
    2010-09-02 12:03:21 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-09-02 12:03:21 86408 ----a-w- c:\windows\syswow64\setupempdrv03.exe
    2010-09-02 12:03:21 8456 ----a-w- c:\windows\syswow64\EuGdiDrv.sys
    2010-09-02 12:03:21 2209920 ----a-w- c:\windows\system32\BootMan.exe
    2010-09-02 12:03:21 1774720 ----a-w- c:\windows\syswow64\BootMan.exe
    2010-09-02 12:03:21 16776 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-09-02 12:03:21 14848 ----a-w- c:\windows\syswow64\EuEpmGdi.dll
    2010-09-02 12:03:21 14216 ----a-w- c:\windows\syswow64\epmntdrv.sys
    2010-09-02 12:03:21 11264 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-09-02 12:03:21 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
    2010-09-01 08:49:40 0 d-----w- c:\programdata\ProcessLasso
    2010-09-01 08:48:02 0 d-----w- c:\users\zuza\appdata\roaming\ProcessLasso
    2010-09-01 08:47:59 0 d-----w- c:\program files\Process Lasso
    2010-08-30 23:44:46 0 d-----w- c:\users\zuza\appdata\roaming\LogoMaker
    2010-08-30 23:42:59 0 d-----w- c:\program files (x86)\Studio V5
    2010-08-30 06:48:23 0 d-sh--w- c:\windows\system32\%APPDATA%
    2010-08-30 05:01:28 0 d-----w- c:\program files\common files\DESIGNER
    2010-08-30 04:52:37 0 d-----w- c:\program files\Microsoft Analysis Services
    2010-08-30 04:52:37 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
    2010-08-30 04:51:34 0 d-----w- c:\program files\Microsoft Office
    2010-08-30 04:51:33 0 d-----w- c:\programdata\Microsoft Help
    2010-08-30 02:13:30 23 --sha-w- c:\windows\system32\edacded0.dat
    2010-08-30 02:13:30 23 ----a-w- c:\windows\system32\bcdadac7.xml
    2010-08-30 02:13:21 0 d-----w- c:\program files (x86)\jv16 PowerTools 2009
    2010-08-29 23:32:33 0 d-----w- c:\program files (x86)\PCHand
    2010-08-28 21:39:25 0 d-----w- c:\program files (x86)\Dicter
    2010-08-27 07:05:04 0 d-----w- c:\windows\pss
    2010-08-26 16:27:35 0 d-----w- c:\users\zuza\appdata\roaming\Ashampoo
    2010-08-26 16:25:09 0 d-----w- c:\programdata\ashampoo
    2010-08-26 04:42:06 0 d-sh--w- C:\found.000
    2010-08-26 00:56:53 2621440000 --sha-w- c:\windows\system32\MirSwap
    2010-08-25 19:22:00 65536 --sha-w- c:\users\zuza\ntuser.dat{8d3e241f-b07a-11df-a6d6-001e101f859f}.TM.blf
    2010-08-25 19:22:00 524288 --sha-w- c:\users\zuza\ntuser.dat{8d3e241f-b07a-11df-a6d6-001e101f859f}.TMContainer00000000000000000002.regtrans-ms
    2010-08-25 19:22:00 524288 --sha-w- c:\users\zuza\ntuser.dat{8d3e241f-b07a-11df-a6d6-001e101f859f}.TMContainer00000000000000000001.regtrans-ms
    2010-08-25 12:06:30 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2010-08-25 12:06:30 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
    2010-08-24 18:09:13 153376 ----a-w- c:\windows\syswow64\javaws.exe
    2010-08-24 18:09:13 145184 ----a-w- c:\windows\syswow64\javaw.exe
    2010-08-24 18:09:13 145184 ----a-w- c:\windows\syswow64\java.exe
    2010-08-24 15:11:54 65536 ------w- c:\windows\system32\Ikeext.etl
    2010-08-24 06:25:21 0 d-----w- c:\users\zuza\appdata\roaming\RayV
    2010-08-24 06:25:11 0 d-----w- c:\program files (x86)\RayV
    2010-08-24 02:16:14 0 d-----w- c:\users\zuza\appdata\roaming\JLC's Software
    2010-08-24 02:15:49 0 d-----w- c:\program files (x86)\JLC's Software

    ==================== Find3M ====================

    2010-09-22 14:41:36 15385 ----a-w- c:\windows\FileGuard.bin
    2010-09-19 04:57:35 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
    2010-09-16 10:30:13 746852 ----a-w- c:\windows\system32\perfh015.dat
    2010-09-16 10:30:13 159444 ----a-w- c:\windows\system32\perfc015.dat
    2010-09-15 11:28:40 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
    2010-09-12 02:19:13 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
    2010-08-20 18:39:03 1715 ----a-w- c:\program files\chrome.exe — skrót.lnk
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
    2010-07-27 13:18:04 163696 ----a-w- c:\windows\GFIBckHUnwise.EXE
    2010-07-17 03:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
    2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2009-07-14 17:55:28 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
    2009-07-14 17:55:28 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
    2009-07-14 17:55:28 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
    2009-07-14 17:55:28 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 23:18:55,82 ===============

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi vika6,

    dds.scr is Trojan Win32Malware
    false positive.


    Your log is a few days old, If you still need help post back.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Sep 2010
    Posts
    8

    Default

    Hi.
    First : thanks for your reply.
    I want to admit, that I have exerienced not-specific problems for about 2 months now.
    My situation was described here : http://forums.spybot.info/showthread.php?t=59547

    Later, on the same day I first posted in your forum (Sept, 23th) - my Norton 360 detected a backdoor.bifrose in traymark.exe (a never used bookmark program, that I have stored on my computer ON DATA PARTITION (D for about a year). http://yfrog.com/jd89857988jx

    Four hours later the same backdoor was detected in SYSTEM VOLUME INFORMATION (also on D drive???Why?). But the information in Norton`s File Insight (screenshot #3 http://http://yfrog.com/ht92400057jx) was a bit strange for me :
    "on computer as of 2010-09-23 at 16:55:44" (please note - the previously detected backdoor was eliminated 2010-09-23 at 12:03:57).

    It isn`t clear to me - was there one backdoor or more ??
    How could it be found in SYSTEM volume information (on D: ?) since it was previously found on non-system drive.
    Maybe it is all right, but I prefer to let you know all this. Just in case...

    Next 2 days I scanned my whole computer with Norton (2x), Spybot S&D (can be launched only from renamed exe) and Malwarebytes. They all were finding the cookies only.

    But all problems with performance, errors, strange behaviour and even Spybot persist !!


    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Zuza at 10:09:54,87 on 2010-09-26
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.2046.806 [GMT 2:00]

    AV: Spy Emergency *On-access scanning enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\brsvc01a.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Dicter\DicterService.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe
    C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Program Files\Spy Emergency\SpyEmergencySrv.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\SysWOW64\brss01a.exe
    C:\Program Files (x86)\Winstep\WsxService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Process Lasso\ProcessLasso.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Process Lasso\ProcessGovernor.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\Winstep\Nexus-Ultimate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spy Emergency\SpyEmergency.exe
    D:\ARCHIWUM\ARCHIWUM PROGRAMÓW\system UI - tunning (wygląd i dodatki)\CapsLockWarningv2.5 (bez instalacji)\CapsLockWarning.exe
    C:\Users\Grace\AppData\Roaming\WordWeb\wweb32.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\NetWorx\networx.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\PROGRAM FILES (X86)\DICTER\DICTER.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\PROGRAM FILES (X86)\SCANSOFT\PAPERPORT\PPTD40NT.EXE
    C:\Program Files (x86)\Gateway\EzTune\DTHtml.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Process Lasso\ProcessLasso.exe
    C:\Program Files\Process Lasso\ProcessGovernor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spy Emergency\SpyEmergency.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    D:\ARCHIWUM\ARCHIWUM PROGRAMÓW\system UI - tunning (wygląd i dodatki)\CapsLockWarningv2.5 (bez instalacji)\CapsLockWarning.exe
    C:\Users\Grace\AppData\Roaming\WordWeb\wweb32.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Secunia\PSI\psi.exe
    C:\Program Files\Spy Emergency\SpyEmergencyWow64.exe
    C:\PROGRAM FILES (X86)\DICTER\DICTER.EXE
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    D:\ARCHIWUM\ARCHIWUM PROGRAMÓW\bezpieczeństwo i prywatność w internecie\specjalistyczne (ocena logów w internecie)\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mLocal Page = c:\windows\syswow64\blank.htm
    uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
    mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
    BHO: Disabled:{000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
    BHO: Disabled:{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No File
    BHO: Disabled:{2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No File
    BHO: Disabled:{53707962-6F74-2D53-2644-206D7942484F} - No File
    BHO: Disabled:{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
    BHO: Disabled:{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No File
    BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
    BHO: Disabled:{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
    BHO: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: Disabled:{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No File
    BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    BHO: Disabled:{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No File
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files (x86)\orbitdownloader\orbitcth.dll
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files (x86)\techsmith\snagit 10\SnagitBHO.dll
    BHO: FLockObj Class: {26c3165b-fc58-4910-802d-250b2e68a04e} - c:\program files (x86)\gilisoft\privacy protector\FileLockPlugin.dll
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\4.3.0.5\IPSBHO.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.6.5627.1104\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No File
    TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files (x86)\mybabylon_english\tbmyBa.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files (x86)\orbitdownloader\GrabPro.dll
    TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\4.3.0.5\coIEPlg.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files (x86)\techsmith\snagit 10\SnagitIEAddin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Nexus]
    uRun: [SpyEmergency] c:\program files\spy emergency\SPYEMERGENCY.EXE
    uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
    mRun: [PivotSoftware] "c:\program files (x86)\portrait displays\pivot software\wpctrl.exe"
    mRun: [WinPatrol] c:\program files (x86)\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [NetWorx] "c:\program files (x86)\networx\networx.exe" /auto
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\capslo~1.lnk - d:\archiwum\archiwum programów\system ui - tunning (wygląd i dodatki)\capslockwarningv2.5 (bez instalacji)\CapsLockWarning.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\wweb32~1.lnk - c:\users\grace\appdata\roaming\wordweb\wweb32.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &Download by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/204
    IE: &Winamp Search
    IE: Do&wnload selected by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/202
    IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Funkcja Google Sidewiki - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
    IE: Translate this web page with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
    IE: Wyślij &do programu OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files (x86)\winhttrack\WinHTTrackIEBar.dll
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: {00304450-07C2-459E-BD09-75E2AD790D4F} = 213.158.199.1 213.158.199.5
    TCP: {19A54CD1-565B-4BAB-B572-51D69F847D7D} = 213.158.199.1 213.158.199.5
    TCP: {9BFA33C5-A69A-4C30-A5B6-FDE483206CF8} = 213.158.199.1 213.158.199.5
    TCP: {B39524DD-69A3-45B1-A739-514B8A378C2E} = 213.158.199.1 213.158.199.5
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    {00C6482D-C502-44C8-8409-FCE54AD9C208}
    {26C3165B-FC58-4910-802D-250B2E68A04E}
    {2B9F5787-88A5-4945-90E7-C4B18563BC5E}
    {AA58ED58-01DD-4d91-8333-CF10577473F7}
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {FF6C3CF0-4B15-11D1-ABED-709549C10000}
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}
    TB-X64: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No File
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
    mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun-x64: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
    mRun-x64: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
    FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff36\gears.dll
    FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\program files (x86)\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
    FF - component: c:\users\zuza\appdata\roaming\mozilla\firefox\profiles\n513ljd6.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
    FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files (x86)\rayv\rayv\plugins\nprayvplugin.dll
    FF - plugin: c:\users\zuza\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 FLGuard;FLGuard;c:\windows\system32\drivers\FLGuard.sys [2010-7-17 49176]
    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-6-8 37392]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0403000.005\symds64.sys [2010-9-24 433200]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0403000.005\symefa64.sys [2010-9-24 221232]
    R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx64.sys [2010-9-1 954928]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0403000.005\cchpx64.sys [2010-9-24 615040]
    R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100924.001\IDSviA64.sys [2010-9-25 463408]
    R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-7-16 53312]
    R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2010-8-14 15416]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0403000.005\ironx64.sys [2010-9-24 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0403000.005\symtdiv.sys [2010-9-24 451120]
    R2 DicterUpdateService;Dicter Service;c:\program files (x86)\dicter\DicterService.exe [2010-8-28 468992]
    R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~2\gfi\gfibac~1\GFIHInst.exe [2010-8-16 858480]
    R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~2\gfi\gfibac~1\GFIHSC~1.EXE [2010-8-16 2324848]
    R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]
    R2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe [2010-6-5 90112]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-19 1153368]
    R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\spy emergency\SpyEmergencySrv.exe [2010-8-14 2889856]
    R2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\winstep\wsxservice --> c:\program files (x86)\winstep\WsxService [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-4 132656]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-7-7 243200]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-8-10 130696]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 17464]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-6-5 236544]
    R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2010-8-14 16952]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-5 136176]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-2 16776]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-2 9096]
    S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2010-8-14 22584]
    S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-7 1255736]

    =============== Created Last 30 ================

    2010-09-25 08:05:57 0 d-----w- c:\program files (x86)\Trend Micro
    2010-09-24 14:45:38 193 ----a-w- c:\windows\WORDPAD.INI
    2010-09-24 01:40:04 0 d-----w- c:\program files (x86)\Panda Security
    2010-09-22 22:13:40 212992 ------w- c:\windows\syswow64\UniBoxVB12.ocx
    2010-09-22 22:13:40 139264 ------w- c:\windows\syswow64\uniflexsup.dll
    2010-09-22 22:13:39 880640 ------w- c:\windows\syswow64\UniBox10.ocx
    2010-09-22 22:13:39 53248 ------w- c:\windows\syswow64\ZLIB.DLL
    2010-09-22 22:13:39 380928 ------w- c:\windows\syswow64\UniFlexGrid10.ocx
    2010-09-22 22:13:39 364544 ------w- c:\windows\syswow64\UniGrid210.ocx
    2010-09-22 22:13:39 1097728 begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************39 1097728******end_of_the_skype_highlighting ------w- c:\windows\syswow64\UniBox210.ocx
    2010-09-22 22:13:30 0 d-----w- c:\program files (x86)\AllWebMenus5
    2010-09-22 22:13:29 0 d-----w- c:\programdata\InstallMate
    2010-09-22 12:58:16 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat
    2010-09-22 12:45:22 65536 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TM.blf
    2010-09-22 12:45:22 524288 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TMContainer00000000000000000002.regtrans-ms
    2010-09-22 12:45:22 524288 --sha-w- c:\users\zuza\ntuser.dat{df559e28-c631-11df-915b-001e101f3315}.TMContainer00000000000000000001.regtrans-ms
    2010-09-22 06:40:24 892928 ----a-w- c:\windows\syswow64\iconv.dll
    2010-09-22 06:40:24 577536 ----a-w- c:\windows\syswow64\ac3filter.ax
    2010-09-21 05:17:09 0 d-----w- c:\program files (x86)\SolidDocuments
    2010-09-19 20:12:26 0 d-----w- c:\program files (x86)\Fantastic Flame Screensaver
    2010-09-19 20:10:49 0 d-----w- c:\programdata\Laconic Software
    2010-09-19 08:01:41 524288 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TMContainer00000000000000000002.regtrans-ms
    2010-09-19 08:01:41 524288 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TMContainer00000000000000000001.regtrans-ms
    2010-09-19 08:01:40 65536 --sha-w- c:\users\zuza\ntuser.dat{9698ad96-c3c3-11df-8667-001e101f63cf}.TM.blf
    2010-09-19 04:38:02 69632 ----a-w- C:\nporbit.dll
    2010-09-18 04:04:48 0 d-----w- c:\users\zuza\appdata\roaming\uTorrent
    2010-09-17 13:19:21 993 ----a-w- c:\users\zuza\.rainlendar2 — 7z.lnk
    2010-09-16 15:06:41 524288 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TMContainer00000000000000000002.regtrans-ms
    2010-09-16 15:06:41 524288 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TMContainer00000000000000000001.regtrans-ms
    2010-09-16 15:06:40 65536 --sha-w- c:\users\zuza\ntuser.dat{2740753e-c19b-11df-b248-001e101f63cf}.TM.blf
    2010-09-16 10:32:29 0 d-----w- c:\program files (x86)\Tabbles
    2010-09-16 04:06:33 0 d-----w- C:\downloads
    2010-09-15 20:41:44 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
    2010-09-15 19:57:02 558592 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-15 11:29:06 4254224 ----a-w- c:\windows\syswow64\qtp-mt334.dll
    2010-09-12 06:01:11 0 d-----w- c:\users\zuza\appdata\roaming\Dropbox
    2010-09-12 02:19:13 0 d-----w- c:\program files (x86)\Scanned Text Editor 1
    2010-09-10 13:00:36 90112 ----a-w- c:\windows\unvise32.exe
    2010-09-10 12:58:37 0 d-----w- c:\program files (x86)\The Logo Creator v5
    2010-09-10 11:04:22 0 d-----w- c:\programdata\Wondershare
    2010-09-10 11:02:49 0 d-----w- c:\program files (x86)\Wondershare
    2010-09-10 08:05:58 0 d-----w- c:\programdata\restore
    2010-09-10 04:05:47 524288 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TMContainer00000000000000000002.regtrans-ms
    2010-09-10 04:05:46 65536 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TM.blf
    2010-09-10 04:05:46 524288 --sha-w- c:\users\zuza\ntuser.dat{1dda4e34-bc90-11df-82a3-001e101f2500}.TMContainer00000000000000000001.regtrans-ms
    2010-09-09 05:42:40 0 d-----w- c:\program files (x86)\Ncesoft
    2010-09-09 02:52:23 0 d-----w- c:\program files (x86)\Flip Book Maker
    2010-09-08 23:05:51 0 d-----w- c:\program files\LopeSoft
    2010-09-08 11:46:12 65536 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TM.blf
    2010-09-08 11:46:12 524288 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TMContainer00000000000000000002.regtrans-ms
    2010-09-08 11:46:12 524288 --sha-w- c:\users\zuza\ntuser.dat{d097c32e-bb2a-11df-b322-001e101f8ed0}.TMContainer00000000000000000001.regtrans-ms
    2010-09-07 18:56:59 0 d-----w- c:\program files (x86)\VirusTotalUploader2
    2010-09-07 12:23:06 0 d-----w- c:\programdata\McAfee
    2010-09-06 06:12:16 0 d-----w- c:\users\zuza\appdata\roaming\SolidDocuments
    2010-09-06 06:11:33 0 d-----w- c:\programdata\SolidDocuments
    2010-09-05 23:24:59 0 d-----w- c:\programdata\TechSmith
    2010-09-05 17:36:39 0 d-----w- C:\ProgramDataTechSmith
    2010-09-05 09:29:04 0 d-----w- c:\program files (x86)\SnagIt 7
    2010-09-05 09:24:49 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
    2010-09-04 10:11:39 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-09-04 10:11:39 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
    2010-09-04 10:11:39 107368 ----a-r- c:\windows\syswow64\GEARAspi.dll
    2010-09-04 10:11:33 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
    2010-09-04 10:11:33 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
    2010-09-04 10:11:33 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2010-09-04 10:11:26 0 d-----w- c:\program files\Symantec
    2010-09-04 10:11:26 0 d-----w- c:\program files\common files\Symantec Shared
    2010-09-04 10:10:21 0 d-----w- c:\windows\system32\drivers\N360x64
    2010-09-04 10:10:17 0 d-----w- c:\program files (x86)\Norton 360
    2010-09-04 10:09:42 0 d-----w- c:\program files (x86)\NortonInstaller
    2010-09-04 08:54:17 106224 ----a-w- c:\windows\system32\drivers\GRD.sys
    2010-09-04 08:48:27 84936 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2010-09-04 08:48:20 57288 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
    2010-09-04 08:47:38 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys
    2010-09-04 08:47:35 48584 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
    2010-09-04 08:46:57 0 d-----w- c:\programdata\G DATA
    2010-09-04 08:46:57 0 d-----w- c:\program files (x86)\G Data
    2010-09-04 08:46:57 0 d-----w- c:\program files (x86)\common files\G DATA
    2010-09-03 14:26:50 3259392 ----a-w- c:\windows\fanflame.scr
    2010-09-03 11:26:24 50768 ----a-w- c:\windows\system32\drivers\uimx64.sys
    2010-09-03 11:26:24 446544 ----a-w- c:\windows\system32\drivers\UimFIO.sys
    2010-09-03 11:26:22 566864 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
    2010-09-02 12:03:21 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-09-02 12:03:21 86408 ----a-w- c:\windows\syswow64\setupempdrv03.exe
    2010-09-02 12:03:21 8456 ----a-w- c:\windows\syswow64\EuGdiDrv.sys
    2010-09-02 12:03:21 2209920 ----a-w- c:\windows\system32\BootMan.exe
    2010-09-02 12:03:21 1774720 ----a-w- c:\windows\syswow64\BootMan.exe
    2010-09-02 12:03:21 16776 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-09-02 12:03:21 14848 ----a-w- c:\windows\syswow64\EuEpmGdi.dll
    2010-09-02 12:03:21 14216 ----a-w- c:\windows\syswow64\epmntdrv.sys
    2010-09-02 12:03:21 11264 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-09-02 12:03:21 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
    2010-09-01 08:49:40 0 d-----w- c:\programdata\ProcessLasso
    2010-09-01 08:48:02 0 d-----w- c:\users\zuza\appdata\roaming\ProcessLasso
    2010-09-01 08:47:59 0 d-----w- c:\program files\Process Lasso
    2010-08-30 23:44:46 0 d-----w- c:\users\zuza\appdata\roaming\LogoMaker
    2010-08-30 23:42:59 0 d-----w- c:\program files (x86)\Studio V5
    2010-08-30 06:48:23 0 d-sh--w- c:\windows\system32\%APPDATA%
    2010-08-30 05:01:28 0 d-----w- c:\program files\common files\DESIGNER
    2010-08-30 04:52:37 0 d-----w- c:\program files\Microsoft Analysis Services
    2010-08-30 04:52:37 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
    2010-08-30 04:51:34 0 d-----w- c:\program files\Microsoft Office
    2010-08-30 04:51:33 0 d-----w- c:\programdata\Microsoft Help
    2010-08-30 02:13:30 23 --sha-w- c:\windows\system32\edacded0.dat
    2010-08-30 02:13:30 23 ----a-w- c:\windows\system32\bcdadac7.xml
    2010-08-30 02:13:21 0 d-----w- c:\program files (x86)\jv16 PowerTools 2009
    2010-08-29 23:32:33 0 d-----w- c:\program files (x86)\PCHand
    2010-08-28 21:39:25 0 d-----w- c:\program files (x86)\Dicter

    ==================== Find3M ====================

    2010-09-26 08:09:38 15385 ----a-w- c:\windows\FileGuard.bin
    2010-09-24 02:07:28 746852 ----a-w- c:\windows\system32\perfh015.dat
    2010-09-24 02:07:28 159444 ----a-w- c:\windows\system32\perfc015.dat
    2010-09-19 04:57:35 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
    2010-09-15 11:28:40 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
    2010-09-12 02:19:13 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
    2010-08-20 18:39:03 1715 ----a-w- c:\program files\chrome.exe — skrót.lnk
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
    2010-07-27 13:18:04 163696 ----a-w- c:\windows\GFIBckHUnwise.EXE
    2010-07-17 03:00:12 153376 ----a-w- c:\windows\syswow64\javaws.exe
    2010-07-17 03:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
    2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2009-07-14 17:55:28 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
    2009-07-14 17:55:28 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
    2009-07-14 17:55:28 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
    2009-07-14 17:55:28 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 10:11:14,36 ===============

  4. #4
    Junior Member
    Join Date
    Sep 2010
    Posts
    8

    Question new strange pop-ups

    What a pity I can`t edit my previous post !
    THE THIRD LINK THERE HAS AN ERROR (2 x http AND LEADS ACTUALLY TO A SITE WITH BAD WOT REPUTATION !!
    HERE IS THE PROPER VERSION : http://yfrog.com/ht92400057jx


    I want to show you 2 popups from WinPatrol. http://yfrog.com/3t46215188jx
    They came up yesterday in strange manner - when there wasn`t any reason for that (I was busy with my e-mails).
    Suddenly, I was informed that there were 2 new start up programs : Flash Player Installer/Uninstaller and WinLogon:Userinit.

    Why FPInstaller (note - NOT Updater !) wants to start with Windows ? Adobe Flash Player has been installed and kept actual in my system for long, so whats going on ?

    The second - Userinit. I could see such file name for the first time in my life!!!
    Googled a little to learn this system file can be contaminated.
    Better be careful! What happend that my system suddenly needed Userinit in autostart ? And why it wasn`t necessary before ?

    Seemed fishy to me, so I told WinPatrol NOT TO AGREE for the changes. Was I right ?

    Flash Player Installer "gave up"; but Userinit keeps nagging me to let the change. It`s very annoying so please advice what to do : should I let it stay in autostart or should this file be examined first?

  5. #5
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Four hours later the same backdoor was detected in SYSTEM VOLUME INFORMATION
    This is Windows restore archive.
    backdoor.bifrose in traymark.exe
    If you still have the traymark.exe you could upload it to virustotal for another opinion before jumping to conclusions.
    I have never used Winpatrol and Iam not familiar with it at all. the best place to ask about the prompts would be Winpatrol support. Not agreeing to the changes wouldnt hurt until you get some clarification on the prompts.
    If Norton,Spybot and Malwarebytes are coming up clean then thats a good sign.
    What are the problems that persist. Not all computer problems are caused by malware.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •