Problem sa zastitom kompa?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.


Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.

Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Meni je nesto pisalo kad je zavrsio skeniranje, bilo je nesto iz dva dijela i ja sam na obadva umjesto toga "cure" (jer ga nije bilo) pritisnuo delete i onda Reboot Now. Da li sam jos vise zeznuo stvar ili je tako trebalo???

A evo Fajl:

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odabrao si Skip, a ne Delete (piše u logu ).

Ponovo pokreni TDSSKiller (ako ne radi, obriši ga i skini ponovo) i skeniraj.

Za stavku koja sadrži vbmad013 odaberi Delete, klikni Continue i Reboot Now.


Postavi log koji dobiješ.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Sad bi se zakleo da sam izabrao Delete a ne Skip :O, ali nema veze ...

Evo novi log...

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini novi ComboFix i pokreni ga. Postavi log koji dobiješ.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probo sam, akinuo sam ga opet i ne moze?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi novi Gmer log (za početak odmah snimi log nakon što se program pokrene (kao ranije), a zatim probaj i da odradiš kompletno skeniranje ukoliko bude bilo moguće).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Ne znam sta je ovo zivota mi!
Skinuo sam Gmer i pokrenuo ga snimio sam log odma na pocetk, a kad sam probo da skeniram izbacio me... Kad pokusam ponovo da udjem ne mogu pise mi "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item", a kad pokusam da izbrisem "Gmer" ne moze (sad ih imam 4), a kad restartujem kopm "Gmer" ikonica mi postane suplja bas kao sto mi je i na Spybot S&D, Malwarebytes' Anti-Malware i Ad-Aware SE Professional


Evo log sa pocetka (bez kompletnog skeniranja)


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovako... Ono što je ovde najveći problem jeste identifikacija malware-a - ako uspemo naterati neki alat da odradi skeniranje do kraja, možda nešto i možemo uraditi.



Idi redom, alat po alat, dok jedan od njih ne uspe da završi skeniranje.



Skini novi ComboFix i probaj da ga pokreneš u Safe Mode-u.


Ako ne radi...

Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.

Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.



Ako ni to ne radi...

Preuzmite program OTL sa donjeg linka na Desktop:


OTL download
Kliknite dati link - u prozoru koji se otvori, kliknite Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.

Dvoklikom pokrenite OTL;

kliknite Run Scan;

po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.

Priložite izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.



Takođe, bez obzira da li je ovo gore (OTL skeniranje) uspelo ili ne, postavi i svež DDS log (DDS.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sa ovim "Rootkit Unhooker" uspijem da skeniram do Files (znaci moze: SSDT, Shadow SSDT, Processes, Drivers, Stealth Code) i tu me izbaci, pa ako ti znace nesto ti izvijestaji ja mogu da ih postavim?
A ova drugi "OTL" me odma izbaci, ponasa se kao "Gmer" i ne mogu da ga izbrisem....

A evo ti "DDS" log...


DDS (Ver_10-12-12.02) - NTFSx86
Run by XP at 23:25:45,29 on pet 17.12.2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3071.2186 [GMT 1:00]

AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Iminent\IMBooster\imbooster.exe
C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.searchqu.com/sidebar.html?src=ssb&sysid=101
uDefault_Search_URL = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.Google.com
uStart Page = hxxp://search.iminent.com/?appId=F3C50582-E059-403B-8E9B-3C5833B4EAE9
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://tvsearch.biz
uSearchAssistant = hxxp://www.searchqu.com/sidebar.html?src=ssb&sysid=101
uCustomizeSearch = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
uURLSearchHooks: Iminent.BHO.NavigationError: {84ff7bd6-b47f-46f8-9130-01b2696b36cb} - c:\program files\iminent\searchtheweb\Iminent.BHO.NavigationError.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: Iminent.BHO.NavigationError: {84ff7bd6-b47f-46f8-9130-01b2696b36cb} - c:\program files\iminent\searchtheweb\Iminent.BHO.NavigationError.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\imbooster4web\Iminent.WebBooster.dll
BHO: GdfrDUEn Class: {a3cf7606-e683-4375-a372-96b75da0aef7} - c:\program files\get styles\enlbrdr.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Bar World Toolbar Powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Bar World Toolbar Powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "d:\program files\steam\Steam.exe" -silent
uRunOnce: [.IMinentUpdate] c:\docume~1\xp\locals~1\temp\NotifierSetup.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [CleanIt] d:\program files\cleanit\cleanit.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
mRun: [IMBooster] c:\program files\iminent\imbooster\imbooster.exe /warmup
mRun: [Iminent.Notifier] c:\program files\iminent\searchtheweb\Iminent.Notifier.exe
mRun: [ISTray] "d:\program files\spyware doctor\pctsTray.exe"
dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\get styles\ct.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {2B018911-ED33-4BBE-BB16-45A8461B9259} = 195.66.189.137 195.66.189.138
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xp\applic~1\mozilla\firefox\profiles\0uh1oh1u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={487472BB-6604-C813-D282-339E6B2DCB54}&q=
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{966130e5-e772-49af-9638-213df2b588dc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{c9b68337-e93a-44ea-94dc-cb300ec06444}\components\Engine.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
FF - component: c:\program files\mozilla firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
FF - plugin: c:\documents and settings\xp\application data\facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\xp\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\xp\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\xp\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\xp\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Iminent WebBooster: webbooster@iminent.com - c:\program files\mozilla firefox\extensions\webbooster@iminent.com
FF - Ext: Secret Crush Revealer: crushcalc@gameplaylabs.com - %profile%\extensions\crushcalc@gameplaylabs.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Bandoo for Firefox: firefox@bandoo.com - %profile%\extensions\firefox@bandoo.com
FF - Ext: Bar World Toolbar Powered by Ask.com: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: MB2 Community Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - %profile%\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}
FF - Ext: U Flv: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - %profile%\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Ext: {5647f4b2-2f19-15dd-2d2b-7212613c2b46}: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - %profile%\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: desiredinc Community Toolbar: {966130e5-e772-49af-9638-213df2b588dc} - %profile%\extensions\{966130e5-e772-49af-9638-213df2b588dc}
FF - Ext: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - %profile%\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: IMinent Toolbar: {C9B68337-E93A-44EA-94DC-CB300EC06444} - %profile%\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-14 217032]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-12-14 112592]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 472280]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]
R3 vbmad013;Virtual Bus for Microsoft ACPI-Compliant System;c:\windows\system32\drivers\vbmad013.sys [2010-12-16 38400]
S1 dfdb;dfdb;\??\c:\windows\system32\dfdb.sys --> c:\windows\system32\dfdb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]
S2 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2010-12-14 366840]
S2 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2010-12-14 1142224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-30 1684736]
S3 cpuz132;cpuz132;\??\c:\docume~1\xp\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\xp\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]

=============== Created Last 30 ================

2010-12-16 08:56:51 38400 ----a-w- c:\windows\system32\drivers\vbmad013.sys
2010-12-15 17:05:36 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 17:04:48 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-15 13:23:33 -------- d-----w- c:\documents and settings\xp\DoctorWeb
2010-12-15 08:39:00 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Threat Expert
2010-12-14 17:33:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-14 17:33:55 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-14 17:33:55 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-14 17:33:55 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-14 17:26:38 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-14 17:26:34 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-14 17:26:34 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-14 17:26:30 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-14 17:26:20 -------- d-----w- c:\program files\common files\PC Tools
2010-12-14 17:26:20 -------- d-----w- c:\docume~1\xp\applic~1\PC Tools
2010-12-14 17:26:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-14 17:16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 18:42:47 -------- d-----w- c:\program files\IMinent Toolbar
2010-12-11 18:42:45 24576 ----a-w- c:\program files\mozilla firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
2010-12-11 18:42:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\IMinent
2010-12-11 18:42:41 -------- d-----w- c:\program files\Iminent
2010-12-11 00:59:43 -------- d-----w- c:\docume~1\xp\applic~1\PriceGong
2010-12-10 14:47:00 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Sony
2010-12-10 14:46:23 -------- d-----w- c:\program files\Sony
2010-12-10 14:40:21 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Conduit
2010-12-10 14:40:20 -------- d-----w- c:\program files\Conduit
2010-12-10 14:40:20 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Softonic-Eng7
2010-12-10 14:40:20 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\ConduitEngine
2010-12-10 14:40:19 -------- d-----w- c:\program files\ConduitEngine
2010-12-10 14:40:17 -------- d-----w- c:\program files\Softonic-Eng7
2010-12-07 16:42:41 -------- d-----w- c:\program files\facemoods.com
2010-12-06 09:11:21 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\AskToolbar
2010-12-05 13:24:24 -------- d-----w- c:\program files\Ask.com
2010-12-02 01:44:35 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Sports Interactive
2010-11-28 11:15:14 373104 ----a-w- c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
2010-11-27 15:13:31 -------- d-----w- c:\docume~1\xp\applic~1\Uniblue
2010-11-27 15:13:28 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
2010-11-27 15:13:27 -------- d-----w- c:\program files\Uniblue
2010-11-27 08:02:58 388096 ----a-r- c:\docume~1\xp\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-27 08:02:57 -------- d-----w- c:\program files\Trend Micro
2010-11-26 06:53:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\HouseDemo
2010-11-23 18:06:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sports Interactive
2010-11-23 16:39:43 1275 ----a-w- c:\docume~1\xp\locals~1\applic~1\GLF3E01.tmp
2010-11-23 13:27:17 -------- d-----w- c:\program files\Sports Interactive
2010-11-22 20:58:10 -------- d-----w- c:\program files\common files\DVDVideoSoft
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

==================== Find3M ====================

2010-12-16 15:08:37 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-30 14:09:07 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05:36 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 05:05:35 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-03 12:59:07 369664 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 23:31:16,85 ===============