Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Virus - Can't find it!

Started by shhheah , Jul 02 2010 04:14 PM

  • Please log in to reply

#31
shhheah
Posted 07 July 2010 - 03:18 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
All processes killed
========== OTL ==========
Service StyleXPService stopped successfully!
Service StyleXPService deleted successfully!
File File not found not found.
Service gusvc stopped successfully!
Service gusvc deleted successfully!
File File not found not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 4 removed from network.proxy.type
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:pAWVyFuUTuNu5WmdghFASvy deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:n0qOmPVdbIxa8UCKq7lTP3 deleted successfully.
ADS C:\Program Files\Common Files\System:ZNNi3sRCJmEWC4beuooPTr9CEpu deleted successfully.
ADS C:\Documents and Settings\Albert\Local Settings\Application Data\lW2lApL4cZ:fjXowHvtLFSkNwHGhAYnhwWtM deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\wc98pp.dll not found.
File\Folder C:\WINDOWS\Tasks\ParetoLogic Registration.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Albert
->Temp folder emptied: 1336393 bytes
->Temporary Internet Files folder emptied: 113535239 bytes
->Java cache emptied: 51796379 bytes
->FireFox cache emptied: 58155821 bytes
->Google Chrome cache emptied: 7704929 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10204370 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 149480 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 12455906 bytes
RecycleBin emptied: 11479110 bytes

Total Files Cleaned = 254.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 07072010_153922

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

Advertisements

#32
RKinner
Posted 07 July 2010 - 04:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I found a program called mbrwiz which looks like it might help.

http://mbrwizard.com/

Go to:
http://firesage.com/...d.php?mbrwizard

and fill out the form and accept the agreement. Then download and save the file. It is a zip so you will need to right click and Extract All which will create a folder of the same name. Open the folder and find the mbrwiz.exe file and drag it to your desktop.

Now start a command window (Start, All Programs, Accessories, Command Prompt) then type (with an Enter after each line - note I use two spaces so you can see where one space goes):

cd  %userprofile%\Desktop

mbrwiz  /list  >  junk.txt

notepad  junk.txt

(copy and paste the text from Notepad into a Reply)

mbrwiz  /save=c:\mymbr.dat

(Does it appear to work or does it give you an error)

IF it doesn't work try:

mbrwiz /save=mbr,c:\mymbr.dat

So far we haven't done anything. Just had it look at the mbr then had it try to save a copy of the mbr.

There is a command:

mbr  /repair=xp
Which is supposed to install a standard XP mbr. IF the save command worked then finish posting the reply and then try it. Reboot immediately afterward. Run mbr and post its log.

Ron

Edited by RKinner, 07 July 2010 - 04:42 PM.

  • 0

#33
shhheah
Posted 07 July 2010 - 07:13 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The save command did not appear to work with both options. It reads: Error 105 Invalid or incomplete switch.


OTL logfile created on: 7/7/2010 8:02:34 PM - Run 4
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Albert\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.46 Gb Free Space | 11.97% Space Free | Partition Type: NTFS
Drive D: | 12.54 Gb Total Space | 0.90 Gb Free Space | 7.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 43.96 Gb Free Space | 18.88% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 483.69 Mb Total Space | 93.98 Mb Free Space | 19.43% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: ALBERT
Current User Name: Albert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Documents and Settings\Albert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - F:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
PRC - F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Albert\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (dlcd_device) -- C:\WINDOWS\System32\dlcdcoms.exe ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...l...&channel=us
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...x-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="
FF - prefs.js..network.proxy.type: ""


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/07 14:18:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/07 14:18:47 | 00,000,000 | ---D | M]

[2008/06/17 16:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Extensions
[2010/07/07 15:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions
[2010/06/07 15:16:32 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
[2009/05/18 22:02:18 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/10/20 12:18:57 | 00,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2010/06/07 15:16:19 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{1476ff20-0a3c-11db-9cd8-0800200c9a66}
[2008/06/19 20:11:32 | 00,000,000 | ---D | M] (Abstract Classic) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2010/06/07 15:16:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
[2009/08/23 12:20:23 | 00,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009/03/21 23:48:54 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/06/07 15:16:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2010/06/07 15:16:16 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2008/04/19 21:37:54 | 00,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/08/23 12:20:25 | 00,000,000 | ---D | M] (Fast Video Download) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/07/06 13:00:01 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/07/03 03:30:46 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/06/27 00:29:21 | 00,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/14 10:22:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/08/23 12:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/08/23 12:20:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\CrystalFox_Qute@BigRedBrent
[2010/06/07 15:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2010/06/07 15:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2010/06/07 15:12:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/05/28 15:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/01/04 23:18:36 | 00,001,899 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\flickr-tags.xml
[2007/05/06 23:43:37 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\siteadvisor.xml
[2009/10/20 12:19:08 | 00,001,189 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\winamp-search.xml
[2010/07/07 13:40:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/11 21:41:43 | 00,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2008/09/10 01:09:32 | 00,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe2\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe2\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iPhoneVideoConverter_upgrade] C:\Program Files\E-Zsoft\iPhoneVideoConverter\iPhoneVideoConverter.exe (E-Z soft)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} https://care.windstr...aller_3-0-0.cab (SecurityManager Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.co.../EconPlayer.cab (Pearson MyEconLab Player Control)
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} https://care.windstr...TELControls.cab (ConnectivityTester Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/01 22:32:56 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 00,000,054 | RHS- | M] () - F:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/07/07 14:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/07 14:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/07 14:09:26 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/07 13:48:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Desktop\Pwnage
[2010/07/07 09:56:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/07 09:44:29 | 00,000,000 | ---D | C] -- C:\george
[2010/07/07 00:29:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/06 22:22:32 | 00,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Albert\Desktop\SPTDinst-v169-x86.exe
[2010/07/06 13:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Application Data\QuickScan
[2010/07/06 12:50:15 | 01,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Albert\Desktop\TDSSKiller.exe
[2010/07/06 10:09:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\edmbqvqgw
[2010/07/05 22:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/05 22:02:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/05 22:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/03 03:30:45 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/03 03:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/03 03:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(2)
[2010/07/02 01:05:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/24 21:05:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Desktop\Music
[2010/06/24 21:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Desktop\Pictures
[2010/05/17 23:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/17 23:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/20 04:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/09 09:33:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/06 20:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/06/12 17:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/06/04 23:41:33 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdserv.dll
[2006/06/04 23:41:33 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/06/04 23:41:33 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/06/04 23:41:33 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdprox.dll
[2006/06/04 23:41:33 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/06/04 23:41:32 | 00,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/06/04 23:41:32 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/06/04 23:41:32 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/06/04 23:41:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomm.dll
[3 C:\Documents and Settings\Albert\My Documents\*.tmp files -> C:\Documents and Settings\Albert\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Albert\Desktop\*.tmp files -> C:\Documents and Settings\Albert\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/07/07 20:01:51 | 15,204,352 | ---- | M] () -- C:\Documents and Settings\Albert\ntuser.dat
[2010/07/07 19:38:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005UA.job
[2010/07/07 19:38:00 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005Core.job
[2010/07/07 19:14:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/07 19:14:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/07 18:10:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/07 15:45:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 15:44:11 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/07 15:44:11 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/07 15:44:10 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/07 15:44:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/07 15:42:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 15:42:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/07 15:42:24 | 21,374,56640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 15:41:09 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Albert\ntuser.ini
[2010/07/07 14:26:32 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/07 13:56:27 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Albert\My Documents\~$rapio Albert Trevino.doc
[2010/07/07 13:25:33 | 00,000,310 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/07 13:25:22 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/06 22:22:35 | 00,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Albert\Desktop\SPTDinst-v169-x86.exe
[2010/07/06 19:39:49 | 00,000,767 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/06 19:39:49 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/06 13:53:16 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\mbr.exe
[2010/07/06 04:33:29 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\Spybot - Search & Destroy.lnk
[2010/07/04 14:58:26 | 03,726,344 | R--- | M] () -- C:\Documents and Settings\Albert\Desktop\george.exe
[2010/07/02 01:01:08 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Albert\My Documents\Serapio Albert Trevino.doc
[2010/07/02 00:56:51 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/07/02 00:56:49 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/07/01 09:33:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/30 17:25:08 | 01,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Albert\Desktop\TDSSKiller.exe
[2010/06/24 20:54:09 | 00,182,034 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.pk
[2010/06/24 20:54:08 | 18,632,432 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.wav
[2010/06/24 20:52:22 | 00,399,594 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.pk
[2010/06/24 20:52:19 | 40,910,064 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.wav
[2010/06/24 20:02:42 | 25,210,608 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.wav
[2010/06/24 20:02:42 | 00,246,274 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.pk
[3 C:\Documents and Settings\Albert\My Documents\*.tmp files -> C:\Documents and Settings\Albert\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Albert\Desktop\*.tmp files -> C:\Documents and Settings\Albert\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 20:01:47 | 00,278,528 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\MBRWiz.exe
[2010/07/07 14:26:32 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/07 13:56:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Albert\My Documents\~$rapio Albert Trevino.doc
[2010/07/06 13:53:16 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\mbr.exe
[2010/07/06 04:41:16 | 21,374,56640 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/04 15:04:41 | 03,726,344 | R--- | C] () -- C:\Documents and Settings\Albert\Desktop\george.exe
[2010/07/02 01:01:07 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Albert\My Documents\Serapio Albert Trevino.doc
[2010/06/24 21:05:28 | 06,903,157 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\Young_Jeezy_-_Done_It(Instrumental).mp3
[2010/06/24 21:05:28 | 02,538,937 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\Tonight.mp3
[2010/06/24 20:54:09 | 00,182,034 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.pk
[2010/06/24 20:53:25 | 18,632,432 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.wav
[2010/06/24 20:52:22 | 00,399,594 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.pk
[2010/06/24 20:50:45 | 40,910,064 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.wav
[2010/06/24 19:56:50 | 00,246,274 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.pk
[2010/06/24 19:56:10 | 25,210,608 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.wav
[2010/06/24 03:30:41 | 15,204,352 | ---- | C] () -- C:\Documents and Settings\Albert\ntuser.dat
[2010/05/29 21:46:12 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\czyiwa.dat
[2010/05/23 23:47:33 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/05/23 23:47:33 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/05/18 18:37:47 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\net.telestream.ustreamproducer.prefs.xml
[2009/10/28 18:06:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\downloads.m3u
[2009/10/24 17:11:15 | 00,000,029 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\default.rss
[2008/10/24 18:34:38 | 00,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2008/10/20 21:36:03 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/09/20 16:02:02 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/20 16:02:02 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/08/27 18:41:21 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/07/12 13:07:18 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/29 18:06:50 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008/06/29 18:06:50 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008/06/29 18:06:50 | 00,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008/06/29 18:06:50 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008/06/29 18:06:50 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008/06/29 18:06:49 | 00,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008/06/29 18:06:49 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008/06/29 18:06:49 | 00,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008/06/29 18:06:49 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008/06/29 18:06:48 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008/05/18 10:54:52 | 00,000,072 | ---- | C] () -- C:\WINDOWS\wb.ini
[2008/05/18 10:39:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/03/14 21:42:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/26 16:44:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/27 17:30:09 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/29 19:52:45 | 00,447,777 | ---- | C] () -- C:\WINDOWS\System32\DAE.dll.rsr
[2006/09/15 20:10:58 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/29 22:05:54 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/06/17 17:18:08 | 00,000,013 | ---- | C] () -- C:\WINDOWS\System32\MSVC60SVV.DLL
[2006/06/13 20:57:43 | 00,125,952 | ---- | C] () -- C:\Documents and Settings\Albert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/13 01:43:55 | 00,000,196 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/06/12 23:33:06 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\1DB60C6654.sys
[2006/06/12 23:32:18 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\PFP120JPR.{PB
[2006/06/12 23:32:18 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\PFP120JCM.{PB
[2006/06/12 18:26:22 | 00,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/12 18:26:22 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\54660CB61D.sys
[2006/06/12 16:00:35 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Albert\Local Settings\Application Data\fusioncache.dat
[2006/06/05 00:31:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/05 00:19:35 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/05 00:14:45 | 00,000,206 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/05 00:08:38 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/04 23:41:33 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/06/04 23:41:33 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/06/04 23:41:33 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/06/04 23:41:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/06/04 23:41:33 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/06/04 23:41:32 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/06/04 23:41:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/06/04 23:41:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/06/04 23:41:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/06/04 23:41:31 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/06/04 23:40:57 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/06/04 23:39:29 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 17:05:54 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
[2005/04/09 10:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/09/24 07:59:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/23 14:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/08/13 15:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Ableton
[2007/02/26 16:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\acccore
[2007/03/03 15:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Aim
[2008/06/17 12:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Antares
[2008/09/01 19:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Applied Acoustics Systems
[2010/07/03 03:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\BitTorrent
[2006/06/15 18:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Cakewalk
[2009/10/11 22:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\com.adobe.ExMan
[2010/01/10 20:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\dBpoweramp
[2006/12/29 19:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Digidesign
[2010/06/14 21:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\DiskAid
[2008/04/19 18:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Flickr
[2006/11/09 18:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\flightgear.org
[2006/06/25 16:48:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Kazaa Lite
[2006/06/17 22:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Leadertech
[2007/02/11 01:59:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\MP3Downloads
[2009/05/12 06:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\MPEG Streamclip
[2006/08/29 22:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Nikon
[2007/02/28 19:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Opera
[2008/03/15 19:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\PACE Anti-Piracy
[2010/06/03 12:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Pamela
[2009/08/20 15:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Propellerhead Software
[2010/07/06 13:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\QuickScan
[2007/01/26 18:05:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Red Chair Software
[2009/02/02 21:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\SealedMedia
[2008/08/27 23:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Steinberg
[2009/11/27 12:13:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\SystemRequirementsLab
[2009/12/22 15:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\uTorrent
[2010/05/18 18:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Vara Software
[2007/03/04 17:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Viewpoint
[2008/08/27 11:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\VSO_HWE
[2009/06/12 16:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Waves Audio
[2008/11/30 23:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\WinFF
[2010/06/14 22:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Wirecast
[2010/03/24 20:19:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Xilisoft
[2009/08/13 15:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/05/03 20:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/08/16 20:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/08/29 22:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/10/02 10:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2008/10/24 18:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/10/29 01:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2006/08/29 22:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/03/15 19:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/08/11 19:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/10/20 12:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SHOUTcast Radio Toolbar
[2010/05/18 18:37:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Telestream
[2008/09/17 01:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/29 22:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/05/03 20:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/14 22:33:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{152EF68B-16AC-49D3-A3E6-E39F7613A2D7}
[2009/10/14 21:43:56 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2E36EF44-3E35-4623-B1DD-517C334DF1C5}
[2010/07/07 14:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 22:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/25 16:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/13 12:07:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/14 12:54:39 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D3409287-B0B7-40DE-981C-3CAD8C8EE6A8}
[2009/10/14 12:52:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/07/07 15:44:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/07/07 18:10:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/07/07 15:44:10 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/07/07 15:44:11 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/07/07 15:44:11 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========


< End of report >



MBRWiz - Version 3.0.48 beta for Windows
Copyright © 2002-2010 Roger Layton http://mbrwizard.com

-----------------------------------------------------------------------------
Disk: 0 MBR/GPT: None
Size: 54.49GB CHS: 7113 255 63
Sectors: 114270345 Disk Signature: 0xE686F016
Partitions: 4 Partition Order: 1 2 3 4
Media Type: Fixed Interface: IDE
Description: Hitachi HTS541060G9SA00
-----------------------------------------------------------------------------
Pos Idx Type/Name Size Boot Hide Start Sector Total Sectors DL Vol Label
--- --- --------- ---- ---- ---- -------------- -------------- -- -----------
1 1 DE-Dell 47M No No 63 96,327 <None>
2 2 07-NTFS 37G Yes No 96,390 78,108,030 C: <None>
3 3 07-NTFS 13G No No 78,220,485 26,298,405 D: Backup
4 4 DB-C.DOS 4.6G No No 104,518,890 9,735,390 <None>
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
Disk: 1 MBR/GPT: None
Size: 483.88MB CHS: 1 255 63
Sectors: 990976 Disk Signature: 0x00000000
Partitions: 0 Partition Order:
Media Type: Removable Interface: USB
Description: WD 2500BMV External
-----------------------------------------------------------------------------
Pos Idx Type/Name Size Boot Hide Start Sector Total Sectors DL Vol Label
--- --- --------- ---- ---- ---- -------------- -------------- -- -----------
No partitions found on this disk
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
Disk: 2 MBR/GPT: None
Size: 232.89GB CHS: 30401 255 63
Sectors: 488397168 Disk Signature: 0x5C74AE42
Partitions: 1 Partition Order: 1
Media Type: Fixed Interface: WD 2500BMV External
Description: WD 2500BMV External
-----------------------------------------------------------------------------
Pos Idx Type/Name Size Boot Hide Start Sector Total Sectors DL Vol Label
--- --- --------- ---- ---- ---- -------------- -------------- -- -----------
1 1 0C-FAT32X 232G No No 63 488,392,002 F: My Passport
-----------------------------------------------------------------------------
  • 0

#34
RKinner
Posted 07 July 2010 - 09:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We Need to check for Rootkits with RootRepeal
[*]Extract RootRepeal.exe from the archive.
[*]Open Posted Image on your desktop.
[*]Before you run the scan go into Settings, Options, General and move the slider to Middle Level then close the Settings box!
[*]Click the Posted Image button.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
When RootRepeal starts a file scan, it scans the first track of the hard drive, looking for a mismatch between the Windows API and the actual on-disk data. If it detects a mismatch in the first sector (sector 0), it reports "MBR Rootkit Detected!". The user can then right-click and fix the MBR. There is also the option to fix the MBR and reboot immediately, as some variants of the MBR rootkit periodically check to see if the MBR has been changed.



This is what one of the gurus sent me.
I think I would try the MBR Save option first so that if all else fails that we will have a way of getting back to where we are now.

Hiren's BootCD
  • *** Please print these instructions ***
    • Download Hiren's BootCD 10.2 Iso to the desktop of a clean computer.
    • Extract the zipped HirensBootCD.zip to your desktop.
    • Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso.
    • Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.
    • Insert a blank CD in your drive.
    • Press Start. This will burn the image to disc. After it has completed...
    • Restart your sick computer and boot from the HBCD you created.
      • If your PC is not booting from the CD, you need to change the boot order:
      • Restart your PC
      • As soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
      • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
      • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
      • The tab should now show your current boot order.
      • If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
      • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  • When the CD boots choose "DOS BootCD".
Posted Image

At the Hiren's BootCD main menu, select Next and hit Enter.

Posted Image

At the second menu select 1 MBR (Master Boot Record)Tools

Posted Image

In the list of MBR Tools select 1 MBR Work 1.08

Posted Image

This screen will show the hard drive configuration.

Posted Image

Type 5 to Install standard MBR code then hit Enter
Type 1 to select Standard then hit Enter
Type Y then hit Enter to confirm
Type E then hit Enter to exit
Press Ctrl+Alt+Del to restart the machine

AS always, run mbr when done with each to see if anything has changed.

Ron

Edited by RKinner, 07 July 2010 - 09:08 PM.

  • 0

#35
shhheah
Posted 07 July 2010 - 09:37 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
although I got an error message at program start("invalid PE image"), I was still able to scan...I will try to run the bootCD next.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/07/07 22:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA128000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: adfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\adfs.SYS
Address: 0xA7851000 Size: 69248 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA8649000 Size: 138496 File Visible: - Signed: -
Status: -

Name: APPDRV.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xA8677000 Size: 16128 File Visible: - Signed: -
Status: -

Name: aspi32.sys
Image Path: C:\WINDOWS\System32\drivers\aspi32.sys
Address: 0xBA3F0000 Size: 16512 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9F0B000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA76B000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xA7D63000 Size: 318464 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA418000 Size: 20992 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xA8693000 Size: 100608 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xBA4C0000 Size: 16384 File Visible: - Signed: -
Status: -

Name: bcm4sbxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Address: 0xBA218000 Size: 45312 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5FC000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA75B9000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA258000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xBA54C000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xBA4BC000 Size: 10240 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9F23000 Size: 153344 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA2F8000 Size: 61440 File Visible: - Signed: -
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xB9EC4000 Size: 85344 File Visible: - Signed: -
Status: -

Name: drvnddm.sys
Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys
Address: 0xB98F2000 Size: 38240 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7BF7000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA668000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB9DAD000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA6CE000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA7C0F000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB9882000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9EEB000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5FA000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F49000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xBA4A8000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB9628000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA3A8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xA8C57000 Size: 717952 File Visible: - Signed: -
Status: -

Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xA8D07000 Size: 1035008 File Visible: - Signed: -
Status: -

Name: HSFHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Address: 0xA8E04000 Size: 201600 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA7680000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xB9D95000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA238000 Size: 52480 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBF077000 Size: 925696 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBF042000 Size: 217088 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF020000 Size: 139264 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xB9664000 Size: 1364448 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF012000 Size: 57344 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA248000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA208000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA86AC000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA8753000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA4A0000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB914F000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9EAD000 Size: 92928 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xBA0F8000 Size: 57600 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xA7791000 Size: 11840 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5FE000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA370000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA498000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA788A000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA7DB1000 Size: 455680 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA3B8000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA2A8000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA560000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9DD9000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9DF3000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB97C2000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA7AC3000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB9138000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA2D8000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB98E2000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA86D2000 Size: 162816 File Visible: - Signed: -
Status: -

Name: NETw5x32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
Address: 0xB9225000 Size: 4203392 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA3C0000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9E20000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA78B000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA118000 Size: 61696 File Visible: - Signed: -
Status: -

Name: omci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\omci.sys
Address: 0xBA360000 Size: 17088 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xB97CE000 Size: 10368 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA8E36000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB9127000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA340000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA108000 Size: 38080 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB97CA000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA278000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA288000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA298000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA358000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA7E21000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA600000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB90F7000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA268000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rimmptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
Address: 0xBA490000 Size: 28544 File Visible: - Signed: -
Status: -

Name: rimsptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
Address: 0xBA228000 Size: 51328 File Visible: - Signed: -
Status: -

Name: rixdptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
Address: 0xB91A1000 Size: 307968 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA76D1000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCDEmu.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Address: 0xB9892000 Size: 55424 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xB91ED000 Size: 79232 File Visible: - Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xA799F000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serscan.sys
Address: 0xBA5E4000 Size: 6784 File Visible: - Signed: -
Status: -

Name: sffdisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sffdisk.sys
Address: 0xBA5A4000 Size: 11904 File Visible: - Signed: -
Status: -

Name: sffp_sd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
Address: 0xBA5A0000 Size: 11008 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9ED9000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA75D9000 Size: 353792 File Visible: - Signed: -
Status: -

Name: sscdbhk5.sys
Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Address: 0xBA5E2000 Size: 5568 File Visible: - Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xBA410000 Size: 22656 File Visible: - Signed: -
Status: -

Name: ssrtln.sys
Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys
Address: 0xBA3A0000 Size: 23488 File Visible: - Signed: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xA8E5A000 Size: 1169728 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5E6000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xB9172000 Size: 191936 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA77E1000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA86FA000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA4B0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA2B8000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tfsnboio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys
Address: 0xA7EAC000 Size: 25824 File Visible: - Signed: -
Status: -

Name: tfsncofs.sys
Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys
Address: 0xB98C2000 Size: 34784 File Visible: - Signed: -
Status: -

Name: tfsndrct.sys
Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys
Address: 0xBA7D3000 Size: 4064 File Visible: - Signed: -
Status: -

Name: tfsndres.sys
Image Path: C:\WINDOWS\system32\dla\tfsndres.sys
Address: 0xBA7D2000 Size: 2176 File Visible: - Signed: -
Status: -

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xA7AA1000 Size: 86528 File Visible: - Signed: -
Status: -

Name: tfsnopio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys
Address: 0xA7BBB000 Size: 15168 File Visible: - Signed: -
Status: -

Name: tfsnpool.sys
Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys
Address: 0xBA5C2000 Size: 6304 File Visible: - Signed: -
Status: -

Name: tfsnudf.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys
Address: 0xA7A88000 Size: 98656 File Visible: - Signed: -
Status: -

Name: tfsnudfa.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys
Address: 0xA7A6F000 Size: 100544 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB9071000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbaapl.sys
Image Path: C:\WINDOWS\System32\Drivers\usbaapl.sys
Address: 0xA6AFE000 Size: 57344 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5E0000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA488000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA308000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB9201000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xA6C4E000 Size: 15104 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBA408000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA480000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA3B0000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9650000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB98A2000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA7ECC000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA6FAC000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WmBEnum.sys
Image Path: C:\WINDOWS\system32\drivers\WmBEnum.sys
Address: 0xBA568000 Size: 12672 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: WmXlCore.sys
Image Path: C:\WINDOWS\system32\drivers\WmXlCore.sys
Address: 0xBA2C8000 Size: 42240 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xB90E3000 Size: 12032 File Visible: - Signed: -
Status: -
  • 0

#36
shhheah
Posted 13 July 2010 - 11:09 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
new MBR log:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
  • 0

#37
RKinner
Posted 14 July 2010 - 12:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Great. It looks like it worked. The MBR is clean.

Any peep from the sound?

Ron
  • 0

#38
shhheah
Posted 14 July 2010 - 09:21 AM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
unfortunately no sound yet.
  • 0

#39
RKinner
Posted 14 July 2010 - 03:26 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right click on My Computer, select Manage then Device Manager. Look in the right pane and find the section on Sound, Video and Game Controllers and click on the + in front of it. Right click on each item and Uninstall then reboot.
Windows will rediscover the audio devices and reinstall them. Sometimes that is enough.

Also if external make sure your speakers are good and haven't been disconnected or plugged into the wrong jack. If internal plug in a headphone and see if you have sound then.

Ron
  • 0

#40
shhheah
Posted 14 July 2010 - 04:49 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Sound IS WORKING.
  • 0

Advertisements

#41
RKinner
Posted 14 July 2010 - 06:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It's really nice when something works like it is supposed to. Guess we are done except for some housekeeping.

Make sure your automatic window updates are turned on and working.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp (Make sure you uncheck the Yahoo Toolbar option. Otherwise they foist it on you.) The latest is 6 update 20 or possibly 6 update 21.
Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP