Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Virus - Can't find it!

Started by shhheah , Jul 02 2010 04:14 PM

  • Please log in to reply

#1
shhheah
Posted 02 July 2010 - 04:14 PM

shhheah

    Member

  • Member
  • PipPip
  • 27 posts
MUTES ALL SOUND ON MY PC.

I have a Hijackthis log. What else do I need?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:13:31 PM, on 7/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe2\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe2\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iPhoneVideoConverter_upgrade] "C:\Program Files\E-Zsoft\iPhoneVideoConverter\iPhoneVideoConverter.exe" /upgrade
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.windstr...aller_3-0-0.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.windstr...TELControls.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14256 bytes
  • 0

Advertisements

#2
RKinner
Posted 03 July 2010 - 07:28 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
First disable Ad-Watch and leave it disabled until we're done here. See http://aumha.net/vie...hp?f=43&t=38668

What make and model is your PC?

Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
shhheah
Posted 04 July 2010 - 12:32 AM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
MBAM LOG
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

7/3/2010 6:51:32 PM
mbam-log-2010-07-03 (18-51-32).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 423505
Time elapsed: 2 hour(s), 12 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\KORG\KORG Legacy\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\VstPlugins\AVOX Vocal Kit\Choir\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.



GMER LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-03 16:35:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Albert\LOCALS~1\Temp\kgtdrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----



OTL LOG:
OTL logfile created on: 7/3/2010 2:54:18 PM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Albert\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.07 Gb Free Space | 10.94% Space Free | Partition Type: NTFS
Drive D: | 12.54 Gb Total Space | 0.90 Gb Free Space | 7.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 43.89 Gb Free Space | 18.85% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 483.69 Mb Total Space | 93.98 Mb Free Space | 19.43% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: ALBERT
Current User Name: Albert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Albert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
PRC - F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Albert\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (StyleXPService) -- File not found
SRV - (gusvc) -- File not found
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (dlcd_device) -- C:\WINDOWS\System32\dlcdcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (YMIDUSB) -- C:\WINDOWS\system32\drivers\ymidusb.sys (Yamaha Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...l...&channel=us
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...x-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 03:30:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 03:30:53 | 00,000,000 | ---D | M]

[2008/06/17 16:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Extensions
[2010/07/02 11:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions
[2010/06/07 15:16:32 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
[2009/05/18 22:02:18 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/10/20 12:18:57 | 00,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2010/06/07 15:16:19 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{1476ff20-0a3c-11db-9cd8-0800200c9a66}
[2008/06/19 20:11:32 | 00,000,000 | ---D | M] (Abstract Classic) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2010/06/07 15:16:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
[2009/08/23 12:20:23 | 00,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009/03/21 23:48:54 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/06/07 15:16:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2010/06/07 15:16:16 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2008/04/19 21:37:54 | 00,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/08/23 12:20:25 | 00,000,000 | ---D | M] (Fast Video Download) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/07/03 03:30:46 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/06/27 00:29:21 | 00,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/14 10:22:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/08/23 12:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/08/23 12:20:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\CrystalFox_Qute@BigRedBrent
[2010/06/07 15:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2010/06/07 15:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2010/06/07 15:12:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/05/28 15:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/01/04 23:18:36 | 00,001,899 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\flickr-tags.xml
[2007/05/06 23:43:37 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\siteadvisor.xml
[2009/10/20 12:19:08 | 00,001,189 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\winamp-search.xml
[2010/07/02 11:23:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/11 21:41:43 | 00,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2008/09/10 01:09:32 | 00,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe2\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe2\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iPhoneVideoConverter_upgrade] C:\Program Files\E-Zsoft\iPhoneVideoConverter\iPhoneVideoConverter.exe (E-Z soft)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} https://care.windstr...aller_3-0-0.cab (SecurityManager Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.co.../EconPlayer.cab (Pearson MyEconLab Player Control)
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} https://care.windstr...TELControls.cab (ConnectivityTester Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/01 22:32:56 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 00,000,054 | RHS- | M] () - F:\autorun.in_2.org -- [ FAT32 ]
O33 - MountPoints2\{1340b13a-ee92-11de-8294-0015c519cebe}\Shell - "" = AutoRun
O33 - MountPoints2\{1340b13a-ee92-11de-8294-0015c519cebe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1340b13a-ee92-11de-8294-0015c519cebe}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: contnet - (C:\WINDOWS\system32\blasinst.dll) - C:\WINDOWS\System32\blasinst.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/03 03:30:45 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/03 03:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/03 03:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(2)
[2010/07/02 01:05:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/24 21:05:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Desktop\Music
[2010/06/24 21:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Desktop\Pictures
[2010/06/17 12:38:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/05/17 23:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/17 23:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/20 04:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/09 09:33:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/06 20:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/06/12 17:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/06/04 23:41:33 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdserv.dll
[2006/06/04 23:41:33 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/06/04 23:41:33 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/06/04 23:41:33 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdprox.dll
[2006/06/04 23:41:33 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/06/04 23:41:32 | 00,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/06/04 23:41:32 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/06/04 23:41:32 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/06/04 23:41:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomm.dll
[3 C:\Documents and Settings\Albert\My Documents\*.tmp files -> C:\Documents and Settings\Albert\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Albert\Desktop\*.tmp files -> C:\Documents and Settings\Albert\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/03 14:38:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005UA.job
[2010/07/03 14:14:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/03 12:10:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/03 06:10:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/03 03:38:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/03 03:38:17 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/03 03:38:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/03 03:35:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/03 03:35:27 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 03:34:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/03 03:34:10 | 21,374,56640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/03 03:34:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 19:38:00 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005Core.job
[2010/07/02 01:01:08 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Albert\My Documents\Serapio Albert Trevino.doc
[2010/07/02 00:56:51 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/07/02 00:56:49 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/07/01 09:33:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/24 20:54:09 | 00,182,034 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.pk
[2010/06/24 20:54:08 | 18,632,432 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.wav
[2010/06/24 20:52:22 | 00,399,594 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.pk
[2010/06/24 20:52:19 | 40,910,064 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.wav
[2010/06/24 20:02:42 | 25,210,608 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.wav
[2010/06/24 20:02:42 | 00,246,274 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.pk
[2010/06/24 03:30:43 | 14,843,904 | ---- | M] () -- C:\Documents and Settings\Albert\ntuser.dat
[2010/06/23 03:03:56 | 00,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:03:56 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:03:56 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 23:33:31 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2010/06/20 23:33:26 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/06/17 12:39:46 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/15 06:24:42 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/14 23:03:09 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\net.telestream.ustreamproducer.prefs.xml
[2010/06/14 21:45:40 | 44,733,734 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\1259956934.mov
[2010/06/14 21:44:45 | 03,973,198 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\1273690745.mov
[2010/06/14 21:24:53 | 19,672,979 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\1276564997.mov
[2010/06/14 20:02:11 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Albert\ntuser.ini
[2010/06/12 20:43:20 | 00,125,952 | ---- | M] () -- C:\Documents and Settings\Albert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 03:40:27 | 02,053,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:22:58 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 15:14:19 | 00,001,472 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\DivX Movies.lnk
[2010/06/07 15:13:39 | 00,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/07 15:12:49 | 00,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[3 C:\Documents and Settings\Albert\My Documents\*.tmp files -> C:\Documents and Settings\Albert\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Albert\Desktop\*.tmp files -> C:\Documents and Settings\Albert\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/02 01:01:07 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Albert\My Documents\Serapio Albert Trevino.doc
[2010/06/24 21:05:28 | 06,903,157 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\Young_Jeezy_-_Done_It(Instrumental).mp3
[2010/06/24 21:05:28 | 02,538,937 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\Tonight.mp3
[2010/06/24 20:54:09 | 00,182,034 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.pk
[2010/06/24 20:53:25 | 18,632,432 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.wav
[2010/06/24 20:52:22 | 00,399,594 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.pk
[2010/06/24 20:50:45 | 40,910,064 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.wav
[2010/06/24 19:56:50 | 00,246,274 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.pk
[2010/06/24 19:56:10 | 25,210,608 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.wav
[2010/06/24 03:30:41 | 14,843,904 | ---- | C] () -- C:\Documents and Settings\Albert\ntuser.dat
[2010/06/17 12:39:46 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/14 21:45:31 | 44,733,734 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\1259956934.mov
[2010/06/14 21:44:44 | 03,973,198 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\1273690745.mov
[2010/06/14 21:24:48 | 19,672,979 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\1276564997.mov
[2010/06/07 15:13:39 | 00,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/29 21:46:12 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\czyiwa.dat
[2010/05/23 23:47:33 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/05/23 23:47:33 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/05/18 18:37:47 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\net.telestream.ustreamproducer.prefs.xml
[2010/05/14 22:07:04 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/05/14 22:07:03 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/05/14 22:07:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\tmpPrst.dll
[2010/01/06 23:19:11 | 00,083,968 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\chrtmp
[2010/01/04 23:31:39 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/12/28 17:48:24 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/10/28 18:06:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\downloads.m3u
[2009/10/24 17:11:15 | 00,000,029 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\default.rss
[2008/10/24 18:34:38 | 00,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2008/10/20 21:36:03 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/09/20 16:02:02 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/20 16:02:02 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/08/27 18:41:21 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/07/12 13:07:18 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/29 18:06:50 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008/06/29 18:06:50 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008/06/29 18:06:50 | 00,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008/06/29 18:06:50 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008/06/29 18:06:50 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008/06/29 18:06:49 | 00,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008/06/29 18:06:49 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008/06/29 18:06:49 | 00,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008/06/29 18:06:49 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008/06/29 18:06:48 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008/05/18 10:54:52 | 00,000,072 | ---- | C] () -- C:\WINDOWS\wb.ini
[2008/05/18 10:39:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/03/14 21:42:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/26 16:44:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/27 17:30:09 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/29 19:52:45 | 00,447,777 | ---- | C] () -- C:\WINDOWS\System32\DAE.dll.rsr
[2006/09/15 20:10:58 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/29 22:05:54 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/06/17 17:18:08 | 00,000,013 | ---- | C] () -- C:\WINDOWS\System32\MSVC60SVV.DLL
[2006/06/13 20:57:43 | 00,125,952 | ---- | C] () -- C:\Documents and Settings\Albert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/13 01:43:55 | 00,000,196 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/06/12 23:33:06 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\1DB60C6654.sys
[2006/06/12 23:32:18 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\PFP120JPR.{PB
[2006/06/12 23:32:18 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\PFP120JCM.{PB
[2006/06/12 18:26:22 | 00,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/12 18:26:22 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\54660CB61D.sys
[2006/06/12 16:00:35 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Albert\Local Settings\Application Data\fusioncache.dat
[2006/06/05 00:31:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/05 00:19:35 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/05 00:14:45 | 00,000,206 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/05 00:08:38 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/04 23:41:33 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/06/04 23:41:33 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/06/04 23:41:33 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/06/04 23:41:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/06/04 23:41:33 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/06/04 23:41:32 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/06/04 23:41:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/06/04 23:41:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/06/04 23:41:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/06/04 23:41:31 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/06/04 23:40:57 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/06/04 23:39:29 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 17:05:54 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
[2005/04/09 10:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/09/24 07:59:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/23 14:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1425 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:pAWVyFuUTuNu5WmdghFASvy
@Alternate Data Stream - 1415 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:n0qOmPVdbIxa8UCKq7lTP3
@Alternate Data Stream - 1392 bytes -> C:\Program Files\Common Files\System:ZNNi3sRCJmEWC4beuooPTr9CEpu
@Alternate Data Stream - 1334 bytes -> C:\Documents and Settings\Albert\Local Settings\Application Data\lW2lApL4cZ:fjXowHvtLFSkNwHGhAYnhwWtM
< End of report >
  • 0

#4
RKinner
Posted 04 July 2010 - 10:56 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus program at this time :!:


  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html
Copy the report and paste it into a reply even if it doesn't find anything.

Ron
  • 0

#5
shhheah
Posted 06 July 2010 - 12:07 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is my Combofix and Bitdefender logs:

2 Things first:

some time after running combofix, a fraud AV Security Program appeared and denied any programs from running. I was able to use Spybot to remove it right now so I could get back online.


ComboFix 10-07-03.06 - Albert 07/04/2010 15:09:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1331 [GMT -5:00]
Running from: c:\documents and settings\Albert\Desktop\george.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Albert\Application Data\chrtmp
c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\windows\system32\lsprst7.dll
c:\windows\system32\msvcsv60.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\st325602.dll
c:\windows\system32\tmpPrst.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-04 to 2010-07-04 )))))))))))))))))))))))))))))))
.

2010-07-03 08:31 . 2010-07-03 08:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-03 08:30 . 2010-07-03 08:30 -------- d-----w- c:\program files\NOS
2010-07-03 08:29 . 2010-07-03 08:29 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(2)
2010-06-17 17:26 . 2010-06-17 17:26 53632 ----a-w- c:\documents and settings\Albert\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-17 17:19 . 2010-06-17 17:19 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-17 17:19 . 2010-03-29 13:53 32576 ----a-w- c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-06-17 17:19 . 2010-03-29 13:53 29984 ----a-w- c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-07 20:26 . 2010-06-07 20:26 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-07 20:14 . 2010-06-07 20:14 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-07 20:14 . 2010-06-07 20:14 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-07 20:14 . 2010-06-07 20:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-07 20:14 . 2010-06-07 20:14 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-07 20:13 . 2010-06-07 20:13 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-07 20:12 . 2010-06-07 20:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-07 20:12 . 2010-06-07 20:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-07 20:12 . 2010-06-07 20:12 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-07 20:12 . 2010-06-07 20:12 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-07 20:12 . 2010-06-07 20:12 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-07 20:12 . 2010-06-07 20:12 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-07 20:12 . 2010-06-07 20:12 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-07 20:07 . 2010-06-07 20:07 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 08:36 . 2009-03-02 04:00 -------- d-----w- c:\program files\Dl_cats
2010-07-03 08:30 . 2009-11-21 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-03 08:30 . 2006-11-05 01:15 -------- d-----w- c:\documents and settings\Albert\Application Data\BitTorrent
2010-06-29 23:38 . 2006-06-05 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-17 17:39 . 2006-06-14 04:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-17 17:26 . 2010-01-07 05:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-15 03:35 . 2010-05-18 23:37 -------- d-----w- c:\documents and settings\Albert\Application Data\Wirecast
2010-06-15 02:23 . 2009-09-22 22:20 -------- d-----w- c:\documents and settings\Albert\Application Data\DiskAid
2010-06-08 22:07 . 2010-05-06 01:35 -------- d-----w- c:\documents and settings\Albert\Application Data\vlc
2010-06-07 20:26 . 2010-04-05 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-07 20:14 . 2009-08-13 00:40 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-07 20:14 . 2007-02-02 23:50 -------- d-----w- c:\program files\DivX
2010-06-07 20:07 . 2010-04-05 04:17 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-07 20:07 . 2010-04-05 04:17 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-07 20:06 . 2010-06-03 17:21 -------- d-----w- c:\documents and settings\Albert\Application Data\Skype
2010-06-07 18:52 . 2010-06-03 17:21 -------- d-----w- c:\documents and settings\Albert\Application Data\skypePM
2010-06-07 07:50 . 2008-07-20 21:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 17:36 . 2010-06-03 17:27 -------- d-----w- c:\documents and settings\Albert\Application Data\Pamela
2010-06-03 17:27 . 2010-06-03 17:27 -------- d-----w- c:\program files\Pamela
2010-06-03 17:21 . 2010-06-03 17:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-03 17:15 . 2010-06-03 17:14 -------- d-----r- c:\program files\Skype
2010-06-03 17:15 . 2010-06-03 17:15 -------- d-----w- c:\program files\Common Files\Skype
2010-06-03 17:14 . 2010-06-03 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-30 02:46 . 2010-05-30 02:46 4 ----a-w- c:\documents and settings\Albert\Application Data\czyiwa.dat
2010-05-29 03:43 . 2008-08-27 22:48 32 -c--a-w- c:\windows\msocreg32.dat
2010-05-24 08:18 . 2010-05-24 08:18 503808 ----a-w- c:\documents and settings\Albert\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-254b0c78-n\msvcp71.dll
2010-05-24 08:18 . 2010-05-24 08:18 499712 ----a-w- c:\documents and settings\Albert\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-254b0c78-n\jmc.dll
2010-05-24 08:18 . 2010-05-24 08:18 348160 ----a-w- c:\documents and settings\Albert\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-254b0c78-n\msvcr71.dll
2010-05-24 04:47 . 2010-05-24 04:47 -------- d-----w- c:\program files\HotRecorder
2010-05-18 23:37 . 2010-05-18 23:37 -------- d-----w- c:\documents and settings\Albert\Application Data\Vara Software
2010-05-18 23:37 . 2010-05-18 23:37 -------- d-----w- c:\program files\Common Files\eSellerate
2010-05-18 23:37 . 2010-05-18 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Telestream
2010-05-18 23:37 . 2010-05-18 23:37 -------- d-----w- c:\program files\Ustream
2010-05-18 04:04 . 2006-06-05 05:27 -------- d-----w- c:\program files\Google
2010-05-17 16:02 . 2010-05-17 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-05-06 12:06 . 2006-06-14 05:11 42032 -c--a-w- c:\documents and settings\Albert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 01:34 . 2010-05-06 01:34 -------- d-----w- c:\program files\VideoLAN
2010-05-06 01:22 . 2010-05-06 01:21 -------- d-----w- c:\program files\Rising Software
2010-05-06 01:22 . 2010-05-06 01:22 61440 ----a-r- c:\documents and settings\Albert\Application Data\Microsoft\Installer\{458C07CB-75D4-4987-B46B-D9CD88583BF4}\NewShortcut2_458C07CB75D44987B46BD9CD88583BF4.exe
2010-05-06 01:22 . 2010-05-06 01:22 61440 ----a-r- c:\documents and settings\Albert\Application Data\Microsoft\Installer\{458C07CB-75D4-4987-B46B-D9CD88583BF4}\New_Shortcut_S5846_D43F473F7E40495F971D19BD4DBED1BD.exe
2010-05-06 01:22 . 2010-05-06 01:22 61440 ----a-r- c:\documents and settings\Albert\Application Data\Microsoft\Installer\{458C07CB-75D4-4987-B46B-D9CD88583BF4}\ARPPRODUCTICON.exe
2010-05-04 17:20 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2005-08-16 09:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40 . 2008-02-06 20:52 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2007-02-02 23:51 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2006-09-27 21:53 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-04-20 05:30 . 2005-08-16 09:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-03-02 16:20 . 2006-06-13 04:33 104 -csha-r- c:\windows\system32\1DB60C6654.sys
2006-07-18 05:53 . 2006-06-12 23:26 88 -csha-r- c:\windows\system32\54660CB61D.sys
2007-03-02 16:20 . 2006-06-12 23:26 6580 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Google Update"="c:\documents and settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-06 133104]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2008-08-21 371000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"iPhoneVideoConverter_upgrade"="c:\program files\E-Zsoft\iPhoneVideoConverter\iPhoneVideoConverter.exe" [2009-09-08 503808]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="f:\program files\Adobe2\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"Acrobat Assistant 8.0"="f:\program files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]
"PWRISOVM.EXE"="f:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 05:08 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=xgusb.cpl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 01:37 180224 ----a-w- f:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BeatPack\\BeatPack.exe"=
"f:\\Program Files\\µTorrent\\uTorrent.exe"=
"f:\\Program Files\\EA Sports\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\EA Sports\\Madden NFL 08\\MAINAPP.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ustream\\Ustream Producer\\rsrc\\Desktop Presenter.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/31/2009 5:34 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/17/2008 1:33 AM 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/17/2008 1:33 AM 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/17/2008 1:32 AM 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/3/2009 8:51 PM 24652]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\d:\applications\Windows Virtual CD\VCdRom.sys --> d:\applications\Windows Virtual CD\VCdRom.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/17/2008 1:32 AM 875288]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/17/2010 11:04 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/17/2009 4:17 PM 17408]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/20/2007 10:57 PM 682232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-04 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-04 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-04 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-04 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 06:28]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 06:28]

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005Core.job
- c:\documents and settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-06 05:36]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005UA.job
- c:\documents and settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-06 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: {1F2AC2F8-C3C5-48A7-A8FF-E06BA3CE58DE} = 192.168.2.1
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxps://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cab
FF - ProfilePath - c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: c:\documents and settings\Albert\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\Albert\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MemoryCardManager - (no file)
AddRemove-Antares AVOX Vocal Kit Bundle VST v1.02 - c:\progra~1\VSTPLU~1\AVOXVO~1\Choir\UNWISE.EXE
AddRemove-Korg Legacy Collection v1.0.0.2 - c:\progra~1\KORG\KORGLE~1\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Albert\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 15:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\NavLogon.dll
.
Completion time: 2010-07-04 15:25:15
ComboFix-quarantined-files.txt 2010-07-04 20:24
ComboFix2.txt 2009-12-29 21:07

Pre-Run: 4,878,925,824 bytes free
Post-Run: 4,947,349,504 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 3B1FB4F3BA3E196182E991AEE1B4EE2B


QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Tue Jul 06 13:00:24 2010
Machine ID: C4EE6D05



No infection found.
-------------------



Processes
---------
<unsigned> BVRP Software TestLine 2404 C:\Program Files\Digital Line Detect\DLG.exe
<unsigned> Cyberlink PowerCinema 3.0 752 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
<unsigned> DellDevice Monitor 728 C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
<unsigned> Drive Letter Access Component 144 C:\WINDOWS\system32\dla\tfswctrl.exe
<unsigned> FRXPRO 684 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
<unsigned> InstallShield Update Service 3020 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> netWaiting.exe 2576 C:\Program Files\NetWaiting\netWaiting.exe
<unsigned> NicConfigSvc 528 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
<unsigned> PowerISO Virtual Drive Manager 2504 F:\Program Files\PowerISO\PWRISOVM.EXE
<unsigned> QuickSet 1792 C:\Program Files\Dell\QuickSet\quickset.exe
<unsigned> Viewpoint Manager 1844 C:\Program Files\Viewpoint\Common\ViewpointService.exe

<verified> AcroTray - Adobe Acrobat Distiller help 2788 F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe
<verified> Ad-Aware Service Application 1620 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
<verified> Ad-Aware Tray Application 3128 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
<verified> Apple Mobile Device Service 212 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> AVG Internet Security 232 C:\Program Files\AVG\AVG8\avgwdsvc.exe
<verified> Bonjour 276 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> DivX Update 1804 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
<verified> Firefox 2484 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Intel® Common User Interface 1012 C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface 3896 C:\WINDOWS\system32\igfxpers.exe
<verified> Intel® Common User Interface 2752 C:\WINDOWS\system32\igfxsrvc.exe
<verified> iTunes 1392 C:\Program Files\iPod\bin\iPodService.exe
<verified> iTunes 1236 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U17 332 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java™ Platform SE 6 U17 2724 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> LWEMon.exe 2488 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
<verified> Microsoft® Windows® Operating System 2928 C:\WINDOWS\eHome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 452 C:\WINDOWS\eHome\ehRecvr.exe
<verified> Microsoft® Windows® Operating System 1768 C:\WINDOWS\eHome\ehSched.exe
<verified> Microsoft® Windows® Operating System 2784 C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 2748 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 3248 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 1056 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 3148 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 3004 C:\WINDOWS\system32\dllhost.exe
<verified> Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 2860 C:\WINDOWS\system32\NOTEPAD.EXE
<verified> Microsoft® Windows® Operating System 1144 C:\WINDOWS\system32\NOTEPAD.EXE
<verified> Microsoft® Windows® Operating System 1128 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 992 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1984 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1296 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1624 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1484 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1480 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1724 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1444 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1428 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 176 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1348 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2096 C:\WINDOWS\system32\wbem\unsecapp.exe
<verified> Microsoft® Windows® Operating System 3028 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\winlogon.exe
<verified> Oracle Information Rights Management De 2512 C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
<verified> Printer Communication System 3684 C:\WINDOWS\system32\dlcdcoms.exe
<verified> Synaptics Pointing Device Driver 2796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


Network activity
----------------
Process firefox.exe (2484) connected on port 80 (HTTP) --> 184.50.252.20
Process firefox.exe (2484) connected on port 80 (HTTP) --> 66.220.147.44
Process firefox.exe (2484) connected on port 80 (HTTP) --> 204.156.15.43
Process firefox.exe (2484) connected on port 80 (HTTP) --> 207.46.192.232
Process firefox.exe (2484) connected on port 80 (HTTP) --> 184.50.245.115
Process firefox.exe (2484) connected on port 80 (HTTP) --> 204.156.15.9
Process firefox.exe (2484) connected on port 80 (HTTP) --> 74.125.157.102

Process svchost.exe (1428) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> Cyberlink PowerCinema 3.0 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
<unsigned> DellDevice Monitor C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
<unsigned> Drive Letter Access Component C:\WINDOWS\system32\dla\tfswctrl.exe
<unsigned> FRXPRO C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
<unsigned> InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
<unsigned> Microsoft Office 2000 C:\Program Files\Microsoft Office\Office\OSA9.EXE
<unsigned> NavLogon.dll C:\WINDOWS\system32\NavLogon.dll
<unsigned> netWaiting.exe C:\Program Files\NetWaiting\netWaiting.exe
<unsigned> PowerISO Virtual Drive Manager F:\Program Files\PowerISO\PWRISOVM.EXE
<unsigned> QuickSet C:\Program Files\Dell\QuickSet\quickset.exe
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
<unsigned> TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

<verified> Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
<verified> AcroTray - Adobe Acrobat Distiller help F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe
<verified> Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
<verified> Ad-Aware Tray Application C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Acrobat F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrobat_sl.exe
<verified> Adobe CS4 Service Manager C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> AVG Internet Security C:\Program Files\AVG\AVG8\avgtray.exe
<verified> AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
<verified> C-Major Audio C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
<verified> DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
<verified> Google Update C:\Documents and Settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe
<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> LWEMon.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\LogonUI.EXE
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> Oracle Information Rights Management De C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
<verified> SpybotSD.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
<verified> Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Timer DLL C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll
<verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<unsigned> DivX® Content Upload Plugin C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
<unsigned> Drive Letter Access Component c:\windows\system32\dla\tfswshx.dll
<unsigned> EconPlayer.ocx C:\WINDOWS\Downloaded Program Files\EconPlayer.ocx
<unsigned> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> Java™ Platform SE 6 U17 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MetaStream 3 Plugin C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
<unsigned> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> Microsoft ClearAdjust Module C:\WINDOWS\Downloaded Program Files\clearadjust.dll
<unsigned> MJOLauncher Module C:\WINDOWS\Downloaded Program Files\mjolauncher.dll
<unsigned> Nexon Game Controller C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
<unsigned> nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
<unsigned> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<unsigned> PearsonInstallAsst2.ocx C:\WINDOWS\Downloaded Program Files\PearsonInstallAsst2.ocx
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
<unsigned> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<unsigned> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
<unsigned> Shockwave for Director C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
<unsigned> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<unsigned> TestGen Plug-in 7.3 C:\Program Files\Internet Explorer\plugins\nptgeqplugin.dll
<unsigned> TestGenXInstall.dll C:\WINDOWS\Downloaded Program Files\TestGenXInstall.dll
<unsigned> unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
<unsigned> WinampPlayer.dll C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
<unsigned> xwrapper.ocx C:\Program Files\Internet Explorer\plugins\xwrapper.ocx

<verified> AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe Contribute CS4 C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
<verified> Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
<verified> AOL Media Playback Control C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Contribute f:\program files\adobe2\/adobe contribute cs4/contributeieplugin.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
<verified> Facebook Photo Uploader C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FacebookPhotoUploader.ocx
<verified> Facebook Photo Uploader C:\WINDOWS\Downloaded Program Files\CONFLICT.2\FacebookPhotoUploader.ocx
<verified> Facebook Photo Uploader C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx
<verified> getPlusPlus for Adobe 16263 C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
<verified> getPlusPlus for Adobe 16263 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
<verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
<verified> Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Move Streaming Media Player C:\Documents and Settings\Albert\Application Data\Move Networks\plugins\npqmp071502000008.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
<verified> SHOUTcast Radio IE Toolbar c:\program files\shoutcast radio toolbar\shoutcasttb.dll
<verified> Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! activeX Plug-in Bridge C:\Program Files\Yahoo!\Common\npyaxmpb.dll
<verified> Yahoo! Messenger C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


Missing files
-------------
File not found: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
referenced in: HLKM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\"Path"


Scan
----
<unsigned> MD5: de3b8e41165d9c61fb7c77fc0765e6e3 C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
<unsigned> MD5: f4dcc3149ef542af4e55b4e9def96736 C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: c1eb9968ec89fba5f3a264e2e57923ab C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
<unsigned> MD5: 87af77718e3bfb5a7766f575609c057a C:\Program Files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
<unsigned> MD5: 5706a9bc07aa1a61748b7c37d518672f C:\Program Files\Common Files\Apple\Mobile Device Support\bin\CFNetwork.dll
<unsigned> MD5: 92599fe833c307fe6ade661908cfc5ac C:\Program Files\Common Files\Apple\Mobile Device Support\bin\CoreFoundation.dll
<unsigned> MD5: 114c844ff5c47a2cdf2ef5a4f4c8215d C:\Program Files\Common Files\Apple\Mobile Device Support\bin\libobjc.i386.A.dll
<unsigned> MD5: 980995d78138f62e082fbd2af549b4fe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\pthreadGC2.dll
<unsigned> MD5: 003cb9477ede79fcd99d6b8669a335ab C:\Program Files\Common Files\Apple\Mobile Device Support\bin\sqlite3.dll
<unsigned> MD5: 9074e71190873c880d7791701ce676ba C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YSFileShim.dll
<unsigned> MD5: a611aed01a534087a0292d47a39fdcc2 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\zlib1.dll
<unsigned> MD5: 583b7d111304be63d7d9cb65482d2187 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<unsigned> MD5: 9e109b03018763fdcb075ce74547be22 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
<unsigned> MD5: fdd5d54d4eacce42b260225863f9a0f0 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
<unsigned> MD5: a532d8bae6caaef24b3c84553fa7f37c C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
<unsigned> MD5: c923f4d287ddb197e0d2a8d64f456b30 C:\Program Files\Dell Photo AIO Printer 944\dlcdscw.dll
<unsigned> MD5: 8dd2cfe68931f1b8e744a70c3950c42a C:\Program Files\Dell\QuickSet\dadkeyb.dll
<unsigned> MD5: f65343bd123b0d517afa20a9bda24f10 C:\Program Files\Dell\QuickSet\IWH10.dll
<unsigned> MD5: 004c802a8214f8d2c72af136bc07bab0 C:\Program Files\Dell\QuickSet\IWH9.dll
<unsigned> MD5: 11d8a00c7eff1aaec8e8464769c84a3d C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
<unsigned> MD5: 90753c9e5c84b3ec5c299b554e5a86e3 C:\Program Files\Dell\QuickSet\quickset.exe
<unsigned> MD5: a476968c08667b1e09f2a95234e8ceef C:\Program Files\Digital Line Detect\BVRPDiag.dll
<unsigned> MD5: b66e56733e2cd6a10fda5919625fbf46 C:\Program Files\Digital Line Detect\DLG.exe
<unsigned> MD5: e14f0925b4ece11ff0c1d53b155266c4 C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
<unsigned> MD5: 30c11d027da6df390772146490273fd1 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: dcefc06a923943cff59749fcf7dc01bf C:\Program Files\Internet Explorer\plugins\nptgeqplugin.dll
<unsigned> MD5: 4b8fe2760e9b7c91b4d1e64231f6b00c C:\Program Files\Internet Explorer\plugins\xwrapper.ocx
<unsigned> MD5: dee8f03d1eace0c8f914a2c76568ea32 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MD5: b70fa5fea34b4f803e543f92b6c206be C:\Program Files\Microsoft Office\Office\OSA9.EXE
<unsigned> MD5: 2cb7c019a1ab8ea3d281c9606d097331 C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<unsigned> MD5: 7c50b6946f9304a28995da8803d8d751 C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
<unsigned> MD5: 6f9b85c270d7287011670411801c9dbf C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: a0b507e037c3d2369f42a7bbfd08d878 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 2294930212bb0472b19e824dc35999ad C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
<unsigned> MD5: e93467c5327c2760fcab2b4670847496 C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<unsigned> MD5: 8d9d6896ae583b4025e810342b50257e C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
<unsigned> MD5: b6a50dbf117db339e81dca97fd96340f C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<unsigned> MD5: 8a5657af7b9944d1aca509fb1ef2a12a C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: 14062265b274c0a43b4a401cca776f5e C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 3d84a7e0cd7a1fc93eab9f2d50e5bd9c C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
<unsigned> MD5: 7206da15f187595389741f85dc47d2a5 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 8b1db47ae508698be86b84dfb4a3526a C:\Program Files\NetWaiting\BVRPCTLN.DLL
<unsigned> MD5: 131966da924ddffbe8ae6aad0f048630 C:\Program Files\NetWaiting\BVRPDiag.dll
<unsigned> MD5: 208e667393822ba7c9349be19cadbee8 C:\Program Files\NetWaiting\ModemMOH.dll
<unsigned> MD5: 2f92ed73ac0335c73b07aadc9ca79674 C:\Program Files\NetWaiting\mohrc.dll
<unsigned> MD5: 676b1d0bfa5ef8005395ab43f33de1f1 C:\Program Files\NetWaiting\netWaiting.exe
<unsigned> MD5: e3b13d52c99acb7120f419f3234e0107 C:\Program Files\Oracle\Information Rights Management\Desktop\DesktopSealerResource.dll
<unsigned> MD5: f559dd8ffc3a89da658ff4c15edba344 C:\Program Files\Oracle\Information Rights Management\Desktop\Languages.dll
<unsigned> MD5: 41dcd0b9a8e6066ad9b71f9e108d9db5 C:\Program Files\Oracle\Information Rights Management\Desktop\MsgError.dll
<unsigned> MD5: fa7f9a29e08c1f1e288658ef0b0009e1 C:\Program Files\Oracle\Information Rights Management\Desktop\seal.dll
<unsigned> MD5: 2bd09485e04470a2965ec874777fdcab C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll
<unsigned> MD5: 08ed3f9bc285547aa1281fe4ff2c2385 C:\Program Files\Oracle\Information Rights Management\Desktop\smdesktopsealer.dll
<unsigned> MD5: 9efba6358df505d6e451d7cf981e0bda C:\Program Files\Oracle\Information Rights Management\Desktop\smFilt.dll
<unsigned> MD5: 0a195a3f17928cf41611a20eb42a7c9e C:\Program Files\Oracle\Information Rights Management\Desktop\smSearchResource.dll
<unsigned> MD5: 44beead8920c6f3d1884640b82db7858 C:\Program Files\Oracle\Information Rights Management\Desktop\smSyncMgrResource.dll
<unsigned> MD5: 295f3f6856b4e75444039227d001b9cd C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: e2177dfefe6dba82e13a66f1bcbce56b C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 18bf2d5cb7e6a979b61a9ac0f05bff26 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 43cf388dab66e46f5f2231ae8bb7089a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 8cbd57d84729debee1e83cb5fa3e3d7a C:\Program Files\QuickTime\QTTask.exe
<unsigned> MD5: 8a5657af7b9944d1aca509fb1ef2a12a C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
<unsigned> MD5: 3d84a7e0cd7a1fc93eab9f2d50e5bd9c C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
<unsigned> MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe
<unsigned> MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> MD5: f9354ac8336b37e2693e3ed941f0e5d4 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: 667f078955a93fe382f74d5f109dfe31 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
<unsigned> MD5: 939522429b24a97d57e84c2a2daec45e C:\WINDOWS\Downloaded Program Files\clearadjust.dll
<unsigned> MD5: 3fea9d2edf23b0283c7a66c8dea380bd C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> MD5: cdbe35ea59bc9223e4f800bd1db82d27 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> MD5: 4f98fe3ef4a631ce17cf1085f5756215 C:\WINDOWS\Downloaded Program Files\EconPlayer.ocx
<unsigned> MD5: d8fb851a9fbd62352fd74283f9c14c77 C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> MD5: 346095dc2bb642ca18a4e7e05442ce8c C:\WINDOWS\Downloaded Program Files\mjolauncher.dll
<unsigned> MD5: f8deb38f965876664468fb2dbc3b4644 C:\WINDOWS\Downloaded Program Files\PearsonInstallAsst2.ocx
<unsigned> MD5: b43771342bde83a1e0b414cdec24bf33 C:\WINDOWS\Downloaded Program Files\TestGenXInstall.dll
<unsigned> MD5: 6f678556a6fce04fc94f3435f6313705 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
<unsigned> MD5: 30698355067d07da5f9eb81132c9fdd6 C:\WINDOWS\system32\dla\tfsnboio.sys
<unsigned> MD5: fb9d825bb4a2abdf24600f7505050e2b C:\WINDOWS\system32\dla\tfsncofs.sys
<unsigned> MD5: cafd8cca11aa1e8b6d2ea1ba8f70ec33 C:\WINDOWS\system32\dla\tfsndrct.sys
<unsigned> MD5: 8db1e78fbf7c426d8ec3d8f1a33d6485 C:\WINDOWS\system32\dla\tfsndres.sys
<unsigned> MD5: b92f67a71cc8176f331b8aa8d9f555ad C:\WINDOWS\system32\dla\tfsnifs.sys
<unsigned> MD5: 85985faa9a71e2358fcc2edefc2a3c5c C:\WINDOWS\system32\dla\tfsnopio.sys
<unsigned> MD5: bba22094f0f7c210567efdaf11f64495 C:\WINDOWS\system32\dla\tfsnpool.sys
<unsigned> MD5: 81340bef80b9811e98ce64611e67e3ff C:\WINDOWS\system32\dla\tfsnudf.sys
<unsigned> MD5: c035fd116224ccc8325f384776b6a8bb C:\WINDOWS\system32\dla\tfsnudfa.sys
<unsigned> MD5: 32182cbbdc1dc700096ec3253e31cb3c C:\WINDOWS\system32\dla\tfswcres.dll
<unsigned> MD5: 2ca827ba68d0cdb5437c40c6f53d7f20 C:\WINDOWS\system32\dla\tfswctrl.exe
<unsigned> MD5: 37943b990d318145d1efcbeef8f9566a c:\windows\system32\dla\tfswshx.dll
<unsigned> MD5: ec94e05b76d033b74394e7b2175103cf C:\WINDOWS\system32\drivers\APPDRV.sys
<unsigned> MD5: 54ab078660e536da72b21a27f56b035b C:\WINDOWS\system32\drivers\ASPI32.sys
<unsigned> MD5: e814854e6b246ccf498874839ab64d77 C:\WINDOWS\system32\drivers\drvmcdb.sys
<unsigned> MD5: ee83a4ebae70bc93cf14879d062f548b C:\WINDOWS\system32\drivers\DRVNDDM.sys
<unsigned> MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
<unsigned> MD5: b17228142cec9b3c222239fd935a37ca C:\WINDOWS\system32\DRIVERS\omci.sys
<unsigned> MD5: 444f122e68db44c0589227781f3c8b3f C:\WINDOWS\system32\drivers\pfc.sys
<unsigned> MD5: 30d94039a729571146eb9d736ec1aadd C:\WINDOWS\system32\drivers\SBCPHID.sys
<unsigned> MD5: d7968049be0adbb6a57cee3960320911 C:\WINDOWS\system32\drivers\sscdbhk5.sys
<unsigned> MD5: c3ffd65abfb6441e7606cf74f1155273 C:\WINDOWS\system32\drivers\SSRTLN.sys
<unsigned> MD5: 48d2ca257a22481f830d9ce434e3827a C:\WINDOWS\System32\Drivers\ymidusb.sys
<unsigned> MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
<unsigned> MD5: c8d5ebecf889534fe52537f18cfeb1c0 C:\WINDOWS\system32\NavLogon.dll
<unsigned> MD5: 53f7546e8daefb3a0813f5e19c4613c9 C:\WINDOWS\system32\NSNDIS5.SYS
<unsigned> MD5: b5c05ce075f48cc44c154f0ce25c4cfe C:\WINDOWS\system32\tfswapi.dll
<unsigned> MD5: 1b7524806d0270b81360c63a2fa047cb C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
<unsigned> MD5: ccc2e312486ae6b80970211da472268b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
<unsigned> MD5: 9090454e6772f7cfbce240bf4dc5f7e8 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
<unsigned> MD5: 9818ff792cb0fe3a7c226fb5aa194010 F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\AcroTray.DEU
<unsigned> MD5: 35b000440df7855da29ca7df50d6952d F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\AcroTray.FRA
<unsigned> MD5: 44a81087db05e3cbd1c0f848bd6c4c0d F:\Program Files\dBpoweramp\dBShell.dll
<unsigned> MD5: baa3e635383278ec32a160967a53db59 F:\Program Files\PowerISO\PWRISOSH.DLL
<unsigned> MD5: 61d35eee356fba70f4e30e6a5b7d8d6c F:\Program Files\PowerISO\PWRISOVM.EXE


No file uploaded.

Scan finished - communication took 8 sec
Total traffic - 0.08 MB sent, 3.81 KB recvd
Scanned 1328 files and modules - 136 seconds

==============================================================================
  • 0

#6
shhheah
Posted 06 July 2010 - 12:14 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
also, and I could not run TDSSkiller because I was denied administrative login. I cannot explain why because I have the credentials for my own computer.
  • 0

#7
RKinner
Posted 06 July 2010 - 12:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I see the instructions I gave you for TDSSKiller were for Vista. Sorry.

Try it again and just bring up the command prompt without trying to Run As Administrator.

If that doesn't work then:

Boot into Safe Mode with Networking

http://www.computerh...sues/chsafe.htm

Choose the Administrator login (no password)

Try downloading TDSSKILLER.zip from

http://support.kaspe...4TDSSKiller.zip
to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.


Copy the next line

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

Open a Command window (Start, All Programs, Accessories, Command Prompt) then right click and select Paste then Enter.
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Also download mbr.exe from

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop.


Then run it. It should create a log file on your desktop. Open it and copy the text and paste it into a reply.


Ron
  • 0

#8
shhheah
Posted 06 July 2010 - 01:01 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
TDSS

13:52:23:393 3340 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
13:52:23:393 3340 ================================================================================
13:52:23:393 3340 SystemInfo:

13:52:23:393 3340 OS Version: 5.1.2600 ServicePack: 3.0
13:52:23:393 3340 Product type: Workstation
13:52:23:393 3340 ComputerName: ALBERT
13:52:23:393 3340 UserName: Albert
13:52:23:393 3340 Windows directory: C:\WINDOWS
13:52:23:393 3340 System windows directory: C:\WINDOWS
13:52:23:393 3340 Processor architecture: Intel x86
13:52:23:393 3340 Number of processors: 2
13:52:23:393 3340 Page size: 0x1000
13:52:23:393 3340 Boot type: Normal boot
13:52:23:393 3340 ================================================================================
13:52:23:752 3340 Initialize success
13:52:23:752 3340
13:52:23:752 3340 Scanning Services ...
13:52:24:439 3340 Raw services enum returned 406 services
13:52:24:455 3340
13:52:24:455 3340 Scanning Drivers ...
13:52:25:486 3340 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:52:25:533 3340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:52:25:565 3340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:52:25:611 3340 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
13:52:25:658 3340 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:52:25:705 3340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:52:25:752 3340 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:52:25:783 3340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:52:25:861 3340 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:52:25:893 3340 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:52:25:908 3340 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:52:26:002 3340 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:52:26:049 3340 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:52:26:065 3340 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:52:26:096 3340 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:52:26:112 3340 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:52:26:143 3340 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
13:52:26:190 3340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:52:26:221 3340 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:52:26:237 3340 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:52:26:252 3340 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:52:26:299 3340 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
13:52:26:330 3340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:52:26:377 3340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:52:26:424 3340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:52:26:612 3340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:52:26:658 3340 AvgLdx86 (96e8aa914dae8ab817de504a7e75b5a5) C:\WINDOWS\System32\Drivers\avgldx86.sys
13:52:26:674 3340 AvgMfx86 (97a381475f5215c22931841a174f8e8d) C:\WINDOWS\System32\Drivers\avgmfx86.sys
13:52:26:705 3340 AvgTdiX (f35c173dfd596dd3140506b5670ecdf5) C:\WINDOWS\System32\Drivers\avgtdix.sys
13:52:26:721 3340 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:52:26:737 3340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:52:26:893 3340 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:52:26:893 3340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:52:26:908 3340 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:52:26:955 3340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:52:27:002 3340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:52:27:033 3340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:52:27:127 3340 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:52:27:174 3340 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:52:27:190 3340 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:52:27:205 3340 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:52:27:237 3340 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:52:27:268 3340 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:52:27:315 3340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:52:27:362 3340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:52:27:440 3340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:52:27:487 3340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:52:27:518 3340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:52:27:627 3340 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:52:27:659 3340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:52:27:690 3340 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
13:52:27:705 3340 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
13:52:27:737 3340 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:52:27:784 3340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:52:27:815 3340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:52:27:846 3340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:52:27:877 3340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:52:27:924 3340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:52:27:940 3340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:52:27:987 3340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:52:28:018 3340 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:52:28:049 3340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:52:28:143 3340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:52:28:174 3340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:52:28:221 3340 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:52:28:268 3340 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
13:52:28:330 3340 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:52:28:393 3340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:52:28:409 3340 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:52:28:455 3340 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:52:28:455 3340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:52:28:549 3340 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:52:28:674 3340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:52:28:737 3340 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:52:28:752 3340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:52:28:799 3340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:52:28:831 3340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:52:28:893 3340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:52:28:909 3340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:52:28:956 3340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:52:28:987 3340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:52:29:018 3340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:52:29:049 3340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:52:29:065 3340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:52:29:159 3340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:52:29:221 3340 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
13:52:29:252 3340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:52:29:299 3340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:52:29:346 3340 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:52:29:424 3340 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:52:29:471 3340 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:52:29:502 3340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:52:29:518 3340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:52:29:534 3340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:52:29:565 3340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:52:29:596 3340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:52:29:690 3340 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:52:29:737 3340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:52:29:799 3340 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:52:29:862 3340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:52:29:877 3340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:52:29:909 3340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:52:29:924 3340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:52:29:971 3340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:52:29:987 3340 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:52:30:002 3340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:52:30:034 3340 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:52:30:049 3340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:52:30:065 3340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:52:30:143 3340 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
13:52:30:190 3340 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\WINDOWS\system32\DRIVERS\netaapl.sys
13:52:30:221 3340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:52:30:253 3340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:52:30:471 3340 NETw5x32 (90f7fad201e62732cbe6625b07e4c8f1) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
13:52:30:799 3340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:52:30:846 3340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:52:30:909 3340 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
13:52:30:956 3340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:52:31:018 3340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:52:31:128 3340 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:52:31:206 3340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:52:31:237 3340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:52:31:268 3340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:52:31:299 3340 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
13:52:31:315 3340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:52:31:346 3340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:52:31:409 3340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:52:31:440 3340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:52:31:503 3340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:52:31:534 3340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:52:31:596 3340 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:52:31:612 3340 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:52:31:659 3340 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
13:52:31:690 3340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:52:31:721 3340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:52:31:800 3340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:52:31:846 3340 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:52:31:878 3340 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:52:31:909 3340 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:52:31:987 3340 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:52:32:003 3340 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:52:32:018 3340 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:52:32:034 3340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:52:32:081 3340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:52:32:096 3340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:52:32:112 3340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:52:32:143 3340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:52:32:159 3340 RDPCDD (42082c7ac6a808f1922f59fe9902538f) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:52:32:159 3340 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 42082c7ac6a808f1922f59fe9902538f, Fake md5: 4912d5b403614ce99c28420f75353332
13:52:32:159 3340 File "C:\WINDOWS\system32\DRIVERS\RDPCDD.sys" infected by TDSS rootkit ... 13:52:32:534 3340 Backup copy found, using it..
13:52:32:612 3340 will be cured on next reboot
13:52:32:737 3340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:52:32:815 3340 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:52:32:846 3340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:52:32:893 3340 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
13:52:32:909 3340 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
13:52:32:940 3340 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
13:52:33:050 3340 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
13:52:33:097 3340 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
13:52:33:128 3340 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:52:33:175 3340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:52:33:284 3340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:52:33:362 3340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:52:33:393 3340 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:52:33:393 3340 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:52:33:409 3340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:52:33:456 3340 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:52:33:487 3340 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:52:33:534 3340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:52:33:612 3340 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\System32\Drivers\sptd.sys
13:52:33:643 3340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:52:33:690 3340 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
13:52:33:784 3340 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
13:52:33:815 3340 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:52:33:862 3340 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
13:52:33:940 3340 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
13:52:34:003 3340 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:52:34:034 3340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:52:34:065 3340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:52:34:097 3340 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:52:34:222 3340 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:52:34:253 3340 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:52:34:268 3340 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:52:34:362 3340 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:52:34:425 3340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:52:34:487 3340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:52:34:534 3340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:52:34:581 3340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:52:34:612 3340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:52:34:659 3340 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
13:52:34:690 3340 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
13:52:34:706 3340 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
13:52:34:784 3340 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
13:52:34:800 3340 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
13:52:34:815 3340 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
13:52:34:831 3340 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
13:52:34:847 3340 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
13:52:34:878 3340 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
13:52:34:940 3340 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:52:34:972 3340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:52:35:003 3340 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:52:35:050 3340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:52:35:097 3340 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:52:35:128 3340 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:52:35:144 3340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:52:35:237 3340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:52:35:269 3340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:52:35:315 3340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:52:35:378 3340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:52:35:394 3340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:52:35:409 3340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:52:35:456 3340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:52:35:487 3340 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:52:35:519 3340 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:52:35:550 3340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:52:35:628 3340 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
13:52:35:753 3340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:52:35:831 3340 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:52:35:909 3340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:52:36:003 3340 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:52:36:034 3340 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
13:52:36:081 3340 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
13:52:36:128 3340 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
13:52:36:159 3340 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
13:52:36:237 3340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:52:36:269 3340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:52:36:300 3340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:52:36:362 3340 YMIDUSB (48d2ca257a22481f830d9ce434e3827a) C:\WINDOWS\system32\Drivers\ymidusb.sys
13:52:36:362 3340 Reboot required for cure complete..
13:52:36:941 3340 Cure on reboot scheduled successfully
13:52:36:941 3340
13:52:36:941 3340 Completed
13:52:36:941 3340
13:52:36:941 3340 Results:
13:52:36:941 3340 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:52:36:941 3340 File objects infected / cured / cured on reboot: 1 / 0 / 1
13:52:36:941 3340
13:52:36:941 3340 KLMD(ARK) unloaded successfully

MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
  • 0

#9
RKinner
Posted 06 July 2010 - 01:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Make sure you have rebooted after running TDSSKIller. Delete the old TDSSKIller.txt file then run it again. IT said it was going to fix it on reboot so I want to see if it did. Also run mbr again as before.

Ron
  • 0

#10
shhheah
Posted 06 July 2010 - 01:21 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
14:17:46:218 0932 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
14:17:46:218 0932 ================================================================================
14:17:46:218 0932 SystemInfo:

14:17:46:218 0932 OS Version: 5.1.2600 ServicePack: 3.0
14:17:46:218 0932 Product type: Workstation
14:17:46:218 0932 ComputerName: ALBERT
14:17:46:218 0932 UserName: Albert
14:17:46:218 0932 Windows directory: C:\WINDOWS
14:17:46:218 0932 System windows directory: C:\WINDOWS
14:17:46:218 0932 Processor architecture: Intel x86
14:17:46:218 0932 Number of processors: 2
14:17:46:218 0932 Page size: 0x1000
14:17:46:218 0932 Boot type: Normal boot
14:17:46:218 0932 ================================================================================
14:17:46:562 0932 Initialize success
14:17:46:562 0932
14:17:46:562 0932 Scanning Services ...
14:17:47:171 0932 Raw services enum returned 406 services
14:17:47:171 0932
14:17:47:171 0932 Scanning Drivers ...
14:17:48:640 0932 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:17:48:687 0932 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:17:48:734 0932 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:17:48:765 0932 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
14:17:48:812 0932 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:17:48:843 0932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:17:48:906 0932 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:17:48:953 0932 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:17:48:984 0932 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:17:49:000 0932 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:17:49:031 0932 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:17:49:093 0932 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:17:49:125 0932 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:17:49:156 0932 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:17:49:203 0932 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:17:49:218 0932 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:17:49:265 0932 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
14:17:49:343 0932 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:17:49:406 0932 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:17:49:421 0932 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:17:49:453 0932 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:17:49:484 0932 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
14:17:49:531 0932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:17:49:578 0932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:17:49:640 0932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:17:49:671 0932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:17:49:734 0932 AvgLdx86 (96e8aa914dae8ab817de504a7e75b5a5) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:17:49:781 0932 AvgMfx86 (97a381475f5215c22931841a174f8e8d) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:17:49:812 0932 AvgTdiX (f35c173dfd596dd3140506b5670ecdf5) C:\WINDOWS\System32\Drivers\avgtdix.sys
14:17:49:828 0932 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:17:49:843 0932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:17:50:031 0932 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:17:50:062 0932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:17:50:109 0932 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:17:50:140 0932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:17:50:187 0932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:17:50:203 0932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:17:50:234 0932 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:17:50:312 0932 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:17:50:328 0932 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:17:50:359 0932 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:17:50:390 0932 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:17:50:406 0932 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:17:50:453 0932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:17:50:500 0932 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:17:50:625 0932 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:17:50:656 0932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:17:50:687 0932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:17:50:734 0932 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:17:50:765 0932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:17:50:812 0932 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
14:17:50:828 0932 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
14:17:50:859 0932 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:17:50:906 0932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:17:50:953 0932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:17:50:984 0932 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:17:51:015 0932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:17:51:046 0932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:17:51:078 0932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:17:51:093 0932 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:17:51:156 0932 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:17:51:203 0932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:17:51:218 0932 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:17:51:281 0932 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:17:51:328 0932 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:17:51:390 0932 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:17:51:453 0932 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:17:51:546 0932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:17:51:578 0932 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:17:51:609 0932 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:17:51:640 0932 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:17:51:718 0932 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:17:51:796 0932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:17:51:843 0932 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:17:51:859 0932 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:17:51:890 0932 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:17:51:968 0932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:17:51:984 0932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:17:52:031 0932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:17:52:078 0932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:17:52:093 0932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:17:52:125 0932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:17:52:156 0932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:17:52:171 0932 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:17:52:187 0932 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:17:52:312 0932 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
14:17:52:390 0932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:17:52:421 0932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:17:52:515 0932 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
14:17:52:578 0932 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:17:52:625 0932 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:17:52:656 0932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:17:52:750 0932 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:17:52:765 0932 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:17:52:796 0932 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:17:52:875 0932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:17:52:906 0932 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:17:52:937 0932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:17:53:015 0932 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:17:53:062 0932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:17:53:093 0932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:17:53:109 0932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:17:53:125 0932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:17:53:156 0932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:17:53:171 0932 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:17:53:218 0932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:17:53:250 0932 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:17:53:328 0932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:17:53:390 0932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:17:53:406 0932 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:17:53:453 0932 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\WINDOWS\system32\DRIVERS\netaapl.sys
14:17:53:484 0932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:17:53:515 0932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:17:53:734 0932 NETw5x32 (90f7fad201e62732cbe6625b07e4c8f1) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
14:17:53:953 0932 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:17:54:000 0932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:17:54:031 0932 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
14:17:54:171 0932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:17:54:203 0932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:17:54:343 0932 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:17:54:500 0932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:17:54:531 0932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:17:54:562 0932 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:17:54:609 0932 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
14:17:54:656 0932 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:17:54:687 0932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:17:54:718 0932 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:17:54:750 0932 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:17:54:812 0932 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:17:54:843 0932 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:17:54:906 0932 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:17:54:937 0932 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:17:54:984 0932 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
14:17:55:000 0932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:17:55:125 0932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:17:55:156 0932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:17:55:187 0932 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:17:55:203 0932 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:17:55:250 0932 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:17:55:312 0932 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:17:55:328 0932 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:17:55:343 0932 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:17:55:343 0932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:17:55:390 0932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:17:55:406 0932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:17:55:421 0932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:17:55:453 0932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:17:55:468 0932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:17:55:500 0932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:17:55:531 0932 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:17:55:625 0932 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:17:55:671 0932 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:17:55:703 0932 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
14:17:55:734 0932 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
14:17:55:859 0932 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
14:17:55:906 0932 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
14:17:55:921 0932 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:17:55:953 0932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:17:56:000 0932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:17:56:031 0932 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:17:56:046 0932 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:17:56:109 0932 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:17:56:125 0932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:17:56:171 0932 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:17:56:218 0932 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:17:56:250 0932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:17:56:421 0932 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\System32\Drivers\sptd.sys
14:17:56:468 0932 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:17:56:515 0932 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:17:56:593 0932 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:17:56:640 0932 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:17:56:656 0932 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
14:17:56:750 0932 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
14:17:56:796 0932 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:17:56:812 0932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:17:56:843 0932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:17:56:906 0932 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:17:56:953 0932 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:17:57:031 0932 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:17:57:046 0932 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:17:57:093 0932 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:17:57:140 0932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:17:57:203 0932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:17:57:281 0932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:17:57:359 0932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:17:57:437 0932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:17:57:515 0932 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
14:17:57:546 0932 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
14:17:57:593 0932 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
14:17:57:609 0932 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
14:17:57:625 0932 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
14:17:57:640 0932 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
14:17:57:640 0932 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
14:17:57:671 0932 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
14:17:57:687 0932 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
14:17:57:750 0932 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:17:57:781 0932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:17:57:812 0932 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:17:57:859 0932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:17:57:984 0932 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:17:58:015 0932 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:17:58:062 0932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:17:58:078 0932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:17:58:109 0932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:17:58:156 0932 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:17:58:187 0932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:17:58:218 0932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:17:58:218 0932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:17:58:296 0932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:17:58:453 0932 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:17:58:531 0932 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:17:58:562 0932 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:17:58:656 0932 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
14:17:58:765 0932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:17:58:843 0932 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:17:58:984 0932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:17:59:078 0932 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:17:59:125 0932 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
14:17:59:156 0932 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
14:17:59:218 0932 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
14:17:59:265 0932 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
14:17:59:296 0932 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:17:59:375 0932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:17:59:421 0932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:17:59:671 0932 YMIDUSB (48d2ca257a22481f830d9ce434e3827a) C:\WINDOWS\system32\Drivers\ymidusb.sys
14:17:59:671 0932
14:17:59:671 0932 Completed
14:17:59:671 0932
14:17:59:687 0932 Results:
14:17:59:687 0932 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:17:59:687 0932 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:17:59:687 0932
14:17:59:687 0932 KLMD(ARK) unloaded successfully



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
  • 0

Advertisements

#11
RKinner
Posted 06 July 2010 - 01:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK, TDSSKiller is happy now. But mbr still looks bad. I assume you still have the problem?

What we usually do next is to boot into the Recovery Console and run fixmbr. The problem is that with a Dell and maybe with an HP/Compaq there is a hidden partion used to restore the system to how it came from the factory and fixmbr will kill off the hidden partition.

This is the easiest way to get into the Recovery Console:

Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from two to 10 seconds. OK

Now when you reboot you will see a black screen which offers you two options, The Recovery Console and your usually Windows XP. Use the up or down arrow to select the Recovery Console and then hit Enter. You will eventually get to a black screen with a prompt. Type:

fixmbr

and hit Enter then

exit and Enter.

It should reboot. Run mbr again and see if it still says

user: error reading MBR

Ron
  • 0

#12
shhheah
Posted 06 July 2010 - 02:17 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
When I enter the recovery console, the cursor is blinking but I cannot type anything for minutes. The pc error beeps when I try to type.
  • 0

#13
RKinner
Posted 06 July 2010 - 02:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We can try to use the mbr.exe program that we downloaded earlier. Make sure it is still on your desktop and delete any old mbr.txt ot mbr.log files.

Copy the text between the lines of stars by highlighting and Ctrl + c

****************************************

"%userprofile%\Desktop\MBR.EXE" -f

***********************************************

Start, Run, cmd, OK or Start, All Programs, Accessories, Command Prompt to open a Command Window.

Right click and select Paste. Then hit Enter. When it finishes close the Command Window.

On your desktop should be a file mbr.txt or mbr.log (I forget which). Please open it by double clicking or right click and Open with Notepad and copy the text and paste it into a reply.

Ron
  • 0

#14
shhheah
Posted 06 July 2010 - 02:38 PM

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I got the same result:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
  • 0

#15
RKinner
Posted 06 July 2010 - 06:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
What kind of keyboard do you have? It's not wireless or anything is it? It's acting like it doesn't understand the output of the keyboard when you are in the Recovery Console. Do you have another keyboard you could try?
(Make sure you shut it down before changing the keyboard out)

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP