Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Virus - Can't find it!


  • Please log in to reply

#16
shhheah

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It's the keyboard on a Dell laptop not responding. I have a USB keyboard available. Should I try using it?
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Might as well.

Ron
  • 0

#18
shhheah

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Still no response with USB keyboard.
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I'll have to ask one of the gurus. See if they can help.

Will get back to you when I hear something.

Ron
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
They have asked us to uninstall Daemon Tools:

The following should be uninstalled via the Control Panel:
Daemon Tools and Daemon Tools Lite
Alcohol 120%
AstroBurn
StarBurn

For a complete uninstall, and so our tools may run unhindered, please also follow the steps on http://www.duplexsecure.com/en/faq page for uninstalling the SPTD driver which these emulators use.
Follow the instructions where it says
Q: How can I remove SPTD driver on 32-bit OS?

Then delete the old mbr.txt file and run mbr again. Let's see if things look different.

Ron
  • 0

#21
shhheah

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I'm sorry, but none of those programs are on my list. I can't find them if they are installed. Do I still run SPTD program?
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Yes.

It is running:
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

Ron
  • 0

#23
shhheah

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
When I first run the installer, it found no previous version and "Install" was my only option. I accidentally choose Install, then Uninstalled the second time. Still same MBR log this time.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
OK we will pull it with Combofix

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:


File::
c:\windows\system32\Drivers\PsSdk30.drv
c:\windows\system32\drivers\sptd.sys

RenV::

Driver::
PsSdk30
sptd


RootKit::
c:\windows\system32\Drivers\PsSdk30.drv
c:\windows\system32\drivers\sptd.sys



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#25
shhheah

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ComboFix 10-07-03.06 - Albert 07/07/2010 0:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1228 [GMT -5:00]
Running from: c:\documents and settings\Albert\Desktop\george.exe
Command switches used :: c:\documents and settings\Albert\Desktop\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\Drivers\PsSdk30.drv"
"c:\windows\system32\drivers\sptd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PSSDK30
-------\Legacy_SPTD
-------\Service_PsSdk30
-------\Service_sptd


((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-06 18:00 . 2010-07-06 18:02 -------- d-----w- c:\documents and settings\Albert\Application Data\QuickScan
2010-07-06 03:03 . 2010-07-06 15:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\edmbqvqgw
2010-07-06 03:02 . 2010-07-06 03:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-03 08:31 . 2010-07-03 08:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-03 08:30 . 2010-07-03 08:30 -------- d-----w- c:\program files\NOS
2010-07-03 08:29 . 2010-07-03 08:29 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 18:54 . 2005-08-16 09:18 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-07-03 08:36 . 2009-03-02 04:00 -------- d-----w- c:\program files\Dl_cats
2010-07-03 08:30 . 2009-11-21 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-03 08:30 . 2006-11-05 01:15 -------- d-----w- c:\documents and settings\Albert\Application Data\BitTorrent
2010-06-29 23:38 . 2006-06-05 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-17 17:39 . 2006-06-14 04:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-17 17:26 . 2010-01-07 05:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-15 03:35 . 2010-05-18 23:37 -------- d-----w- c:\documents and settings\Albert\Application Data\Wirecast
2010-06-15 02:23 . 2009-09-22 22:20 -------- d-----w- c:\documents and settings\Albert\Application Data\DiskAid
2010-06-08 22:07 . 2010-05-06 01:35 -------- d-----w- c:\documents and settings\Albert\Application Data\vlc
2010-06-07 20:26 . 2010-04-05 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-07 20:14 . 2009-08-13 00:40 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-07 20:14 . 2007-02-02 23:50 -------- d-----w- c:\program files\DivX
2010-06-07 20:06 . 2010-06-03 17:21 -------- d-----w- c:\documents and settings\Albert\Application Data\Skype
2010-06-07 18:52 . 2010-06-03 17:21 -------- d-----w- c:\documents and settings\Albert\Application Data\skypePM
2010-06-07 07:50 . 2008-07-20 21:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 17:36 . 2010-06-03 17:27 -------- d-----w- c:\documents and settings\Albert\Application Data\Pamela
2010-06-03 17:27 . 2010-06-03 17:27 -------- d-----w- c:\program files\Pamela
2010-06-03 17:21 . 2010-06-03 17:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-03 17:15 . 2010-06-03 17:14 -------- d-----r- c:\program files\Skype
2010-06-03 17:15 . 2010-06-03 17:15 -------- d-----w- c:\program files\Common Files\Skype
2010-06-03 17:14 . 2010-06-03 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-30 02:46 . 2010-05-30 02:46 4 ----a-w- c:\documents and settings\Albert\Application Data\czyiwa.dat
2010-05-29 03:43 . 2008-08-27 22:48 32 -c--a-w- c:\windows\msocreg32.dat
2010-05-24 04:47 . 2010-05-24 04:47 -------- d-----w- c:\program files\HotRecorder
2010-05-18 23:37 . 2010-05-18 23:37 -------- d-----w- c:\documents and settings\Albert\Application Data\Vara Software
2010-05-18 23:37 . 2010-05-18 23:37 -------- d-----w- c:\program files\Common Files\eSellerate
2010-05-18 23:37 . 2010-05-18 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Telestream
2010-05-18 23:37 . 2010-05-18 23:37 -------- d-----w- c:\program files\Ustream
2010-05-18 04:04 . 2006-06-05 05:27 -------- d-----w- c:\program files\Google
2010-05-17 16:02 . 2010-05-17 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-05-06 12:06 . 2006-06-14 05:11 42032 -c--a-w- c:\documents and settings\Albert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-04 17:20 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2005-08-16 09:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40 . 2008-02-06 20:52 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2007-02-02 23:51 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2006-09-27 21:53 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-04-20 05:30 . 2005-08-16 09:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-03-02 16:20 . 2006-06-13 04:33 104 -csha-r- c:\windows\system32\1DB60C6654.sys
2006-07-18 05:53 . 2006-06-12 23:26 88 -csha-r- c:\windows\system32\54660CB61D.sys
2007-03-02 16:20 . 2006-06-12 23:26 6580 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Google Update"="c:\documents and settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-06 133104]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2008-08-21 371000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="f:\program files\Adobe2\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"Acrobat Assistant 8.0"="f:\program files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728]
"PWRISOVM.EXE"="f:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"iPhoneVideoConverter_upgrade"="c:\program files\E-Zsoft\iPhoneVideoConverter\iPhoneVideoConverter.exe" [2009-09-08 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 05:08 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=xgusb.cpl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmd23.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BeatPack\\BeatPack.exe"=
"f:\\Program Files\\µTorrent\\uTorrent.exe"=
"f:\\Program Files\\EA Sports\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\EA Sports\\Madden NFL 08\\MAINAPP.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ustream\\Ustream Producer\\rsrc\\Desktop Presenter.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/31/2009 5:34 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/17/2008 1:33 AM 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/17/2008 1:33 AM 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/17/2008 1:32 AM 231704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/3/2009 8:51 PM 24652]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\d:\applications\Windows Virtual CD\VCdRom.sys --> d:\applications\Windows Virtual CD\VCdRom.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/17/2008 1:32 AM 875288]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/17/2010 11:04 PM 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/17/2009 4:17 PM 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-07 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-07 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-07 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:10]

2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 06:28]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 06:28]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005Core.job
- c:\documents and settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-06 05:36]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005UA.job
- c:\documents and settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-06 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: {1F2AC2F8-C3C5-48A7-A8FF-E06BA3CE58DE} = 192.168.2.1
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxps://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cab
FF - ProfilePath - c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: c:\documents and settings\Albert\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Albert\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dlcdcoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wiaacmgr.exe
.
**************************************************************************
.
Completion time: 2010-07-07 01:04:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 06:04
ComboFix2.txt 2010-07-04 20:25
ComboFix3.txt 2009-12-29 21:07

Pre-Run: 5,719,818,240 bytes free
Post-Run: 5,601,042,432 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - D8A96B268F1146870FA50951404364A7
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Can you run mbr again and post the log?

Ron
  • 0

#27
shhheah

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Could you run OTL, Quick Scan, again and post the log. I'm seeing a proxy in Combofix that I don't like the looks of.

I assume we still have no sound. Is that correct?

Ron
  • 0

#29
shhheah

shhheah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Correct. Still NO sound.

OTL logfile created on: 7/7/2010 2:18:50 PM - Run 3
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Albert\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.60 Gb Free Space | 12.35% Space Free | Partition Type: NTFS
Drive D: | 12.54 Gb Total Space | 0.90 Gb Free Space | 7.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 43.96 Gb Free Space | 18.88% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 483.69 Mb Total Space | 93.98 Mb Free Space | 19.43% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: ALBERT
Current User Name: Albert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Documents and Settings\Albert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
PRC - C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)
PRC - F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()
PRC - C:\Program Files\Microsoft Office\Office\WINWORD.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Albert\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (StyleXPService) -- File not found
SRV - (gusvc) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (dlcd_device) -- C:\WINDOWS\System32\dlcdcoms.exe ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...l...&channel=us
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...x-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/07 14:17:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/07 14:18:47 | 00,000,000 | ---D | M]

[2008/06/17 16:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Extensions
[2010/07/07 13:40:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions
[2010/06/07 15:16:32 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
[2009/05/18 22:02:18 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/10/20 12:18:57 | 00,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2010/06/07 15:16:19 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{1476ff20-0a3c-11db-9cd8-0800200c9a66}
[2008/06/19 20:11:32 | 00,000,000 | ---D | M] (Abstract Classic) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2010/06/07 15:16:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
[2009/08/23 12:20:23 | 00,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009/03/21 23:48:54 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/06/07 15:16:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2010/06/07 15:16:16 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2008/04/19 21:37:54 | 00,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/08/23 12:20:25 | 00,000,000 | ---D | M] (Fast Video Download) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/07/06 13:00:01 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/07/03 03:30:46 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/06/27 00:29:21 | 00,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/14 10:22:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/08/23 12:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/08/23 12:20:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\CrystalFox_Qute@BigRedBrent
[2010/06/07 15:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2010/06/07 15:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2010/06/07 15:12:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/05/28 15:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\extensions\[email protected]
[2009/01/04 23:18:36 | 00,001,899 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\flickr-tags.xml
[2007/05/06 23:43:37 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\siteadvisor.xml
[2009/10/20 12:19:08 | 00,001,189 | ---- | M] () -- C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\p6i9mjrs.default\searchplugins\winamp-search.xml
[2010/07/07 13:40:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/11 21:41:43 | 00,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2008/09/10 01:09:32 | 00,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe2\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe2\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] F:\Program Files\Adobe2\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iPhoneVideoConverter_upgrade] C:\Program Files\E-Zsoft\iPhoneVideoConverter\iPhoneVideoConverter.exe (E-Z soft)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Albert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} https://care.windstr...aller_3-0-0.cab (SecurityManager Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.co.../EconPlayer.cab (Pearson MyEconLab Player Control)
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} https://care.windstr...TELControls.cab (ConnectivityTester Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/01 22:32:56 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 00,000,054 | RHS- | M] () - F:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/07/07 14:14:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/07 14:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/07 14:09:26 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/07 13:48:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Desktop\Pwnage
[2010/07/07 09:56:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/07 09:44:29 | 00,000,000 | ---D | C] -- C:\george
[2010/07/07 00:29:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/06 22:22:32 | 00,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Albert\Desktop\SPTDinst-v169-x86.exe
[2010/07/06 13:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Application Data\QuickScan
[2010/07/06 12:50:15 | 01,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Albert\Desktop\TDSSKiller.exe
[2010/07/06 10:09:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\edmbqvqgw
[2010/07/05 22:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/05 22:02:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/05 22:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/03 03:30:45 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/03 03:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/03 03:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(2)
[2010/07/02 01:05:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/24 21:05:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Desktop\Music
[2010/06/24 21:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Albert\Desktop\Pictures
[2010/05/17 23:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/17 23:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/20 04:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/06/15 22:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/09 09:33:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/06 20:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/06/12 17:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/06/04 23:41:33 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdserv.dll
[2006/06/04 23:41:33 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/06/04 23:41:33 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/06/04 23:41:33 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdprox.dll
[2006/06/04 23:41:33 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/06/04 23:41:32 | 00,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/06/04 23:41:32 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/06/04 23:41:32 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/06/04 23:41:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomm.dll
[3 C:\Documents and Settings\Albert\My Documents\*.tmp files -> C:\Documents and Settings\Albert\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Albert\Desktop\*.tmp files -> C:\Documents and Settings\Albert\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/07/07 14:14:52 | 15,204,352 | ---- | M] () -- C:\Documents and Settings\Albert\ntuser.dat
[2010/07/07 14:14:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/07 13:56:27 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Albert\My Documents\~$rapio Albert Trevino.doc
[2010/07/07 13:38:03 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005UA.job
[2010/07/07 13:25:33 | 00,000,310 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/07 13:25:22 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/07 13:24:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 13:24:54 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/07 12:11:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/07 12:11:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/07 12:11:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/07 12:11:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/07 12:11:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/07 09:58:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 09:58:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/07 09:58:52 | 21,374,56640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 09:57:27 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Albert\ntuser.ini
[2010/07/06 22:22:35 | 00,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Albert\Desktop\SPTDinst-v169-x86.exe
[2010/07/06 19:39:49 | 00,000,767 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/06 19:39:49 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/06 19:38:00 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1555433744-3350049914-2593877280-1005Core.job
[2010/07/06 13:53:16 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\mbr.exe
[2010/07/06 04:33:29 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\Spybot - Search & Destroy.lnk
[2010/07/04 14:58:26 | 03,726,344 | R--- | M] () -- C:\Documents and Settings\Albert\Desktop\george.exe
[2010/07/02 01:01:08 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Albert\My Documents\Serapio Albert Trevino.doc
[2010/07/02 00:56:51 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/07/02 00:56:49 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/07/01 09:33:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/30 17:25:08 | 01,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Albert\Desktop\TDSSKiller.exe
[2010/06/24 20:54:09 | 00,182,034 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.pk
[2010/06/24 20:54:08 | 18,632,432 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.wav
[2010/06/24 20:52:22 | 00,399,594 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.pk
[2010/06/24 20:52:19 | 40,910,064 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.wav
[2010/06/24 20:02:42 | 25,210,608 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.wav
[2010/06/24 20:02:42 | 00,246,274 | ---- | M] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.pk
[3 C:\Documents and Settings\Albert\My Documents\*.tmp files -> C:\Documents and Settings\Albert\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Albert\Desktop\*.tmp files -> C:\Documents and Settings\Albert\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 13:56:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Albert\My Documents\~$rapio Albert Trevino.doc
[2010/07/06 13:53:16 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\mbr.exe
[2010/07/06 04:41:16 | 21,374,56640 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/04 15:04:41 | 03,726,344 | R--- | C] () -- C:\Documents and Settings\Albert\Desktop\george.exe
[2010/07/02 01:01:07 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Albert\My Documents\Serapio Albert Trevino.doc
[2010/06/24 21:05:28 | 06,903,157 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\Young_Jeezy_-_Done_It(Instrumental).mp3
[2010/06/24 21:05:28 | 02,538,937 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\Tonight.mp3
[2010/06/24 20:54:09 | 00,182,034 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.pk
[2010/06/24 20:53:25 | 18,632,432 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\TONIGHT_mixdown.wav
[2010/06/24 20:52:22 | 00,399,594 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.pk
[2010/06/24 20:50:45 | 40,910,064 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\BYYOURSIDE_mixdown.wav
[2010/06/24 19:56:50 | 00,246,274 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.pk
[2010/06/24 19:56:10 | 25,210,608 | ---- | C] () -- C:\Documents and Settings\Albert\Desktop\CRSNEVERTOOLATE_mixdown.wav
[2010/06/24 03:30:41 | 15,204,352 | ---- | C] () -- C:\Documents and Settings\Albert\ntuser.dat
[2010/05/29 21:46:12 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\czyiwa.dat
[2010/05/23 23:47:33 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/05/23 23:47:33 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/05/18 18:37:47 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\net.telestream.ustreamproducer.prefs.xml
[2009/10/28 18:06:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\downloads.m3u
[2009/10/24 17:11:15 | 00,000,029 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\default.rss
[2008/10/24 18:34:38 | 00,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2008/10/20 21:36:03 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/09/20 16:02:02 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/20 16:02:02 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/08/27 18:41:21 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/07/12 13:07:18 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/29 18:06:50 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008/06/29 18:06:50 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008/06/29 18:06:50 | 00,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008/06/29 18:06:50 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008/06/29 18:06:50 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008/06/29 18:06:49 | 00,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008/06/29 18:06:49 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008/06/29 18:06:49 | 00,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008/06/29 18:06:49 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008/06/29 18:06:48 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008/05/18 10:54:52 | 00,000,072 | ---- | C] () -- C:\WINDOWS\wb.ini
[2008/05/18 10:39:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/03/14 21:42:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/26 16:44:32 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/27 17:30:09 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/29 19:52:45 | 00,447,777 | ---- | C] () -- C:\WINDOWS\System32\DAE.dll.rsr
[2006/09/15 20:10:58 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/29 22:05:54 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/06/17 17:18:08 | 00,000,013 | ---- | C] () -- C:\WINDOWS\System32\MSVC60SVV.DLL
[2006/06/13 20:57:43 | 00,125,952 | ---- | C] () -- C:\Documents and Settings\Albert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/13 01:43:55 | 00,000,196 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/06/12 23:33:06 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\1DB60C6654.sys
[2006/06/12 23:32:18 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\PFP120JPR.{PB
[2006/06/12 23:32:18 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Albert\Application Data\PFP120JCM.{PB
[2006/06/12 18:26:22 | 00,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/12 18:26:22 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\54660CB61D.sys
[2006/06/12 16:00:35 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Albert\Local Settings\Application Data\fusioncache.dat
[2006/06/05 00:31:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/05 00:19:35 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/05 00:14:45 | 00,000,206 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/05 00:08:38 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/04 23:41:33 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/06/04 23:41:33 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/06/04 23:41:33 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/06/04 23:41:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/06/04 23:41:33 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/06/04 23:41:32 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/06/04 23:41:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/06/04 23:41:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/06/04 23:41:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/06/04 23:41:31 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/06/04 23:40:57 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/06/04 23:39:29 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 17:05:54 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
[2005/04/09 10:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/09/24 07:59:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/23 14:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/08/13 15:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Ableton
[2007/02/26 16:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\acccore
[2007/03/03 15:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Aim
[2008/06/17 12:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Antares
[2008/09/01 19:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Applied Acoustics Systems
[2010/07/03 03:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\BitTorrent
[2006/06/15 18:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Cakewalk
[2009/10/11 22:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\com.adobe.ExMan
[2010/01/10 20:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\dBpoweramp
[2006/12/29 19:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Digidesign
[2010/06/14 21:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\DiskAid
[2008/04/19 18:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Flickr
[2006/11/09 18:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\flightgear.org
[2006/06/25 16:48:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Kazaa Lite
[2006/06/17 22:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Leadertech
[2007/02/11 01:59:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\MP3Downloads
[2009/05/12 06:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\MPEG Streamclip
[2006/08/29 22:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Nikon
[2007/02/28 19:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Opera
[2008/03/15 19:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\PACE Anti-Piracy
[2010/06/03 12:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Pamela
[2009/08/20 15:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Propellerhead Software
[2010/07/06 13:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\QuickScan
[2007/01/26 18:05:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Red Chair Software
[2009/02/02 21:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\SealedMedia
[2008/08/27 23:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Steinberg
[2009/11/27 12:13:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\SystemRequirementsLab
[2009/12/22 15:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\uTorrent
[2010/05/18 18:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Vara Software
[2007/03/04 17:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Viewpoint
[2008/08/27 11:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\VSO_HWE
[2009/06/12 16:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Waves Audio
[2008/11/30 23:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\WinFF
[2010/06/14 22:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Wirecast
[2010/03/24 20:19:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Albert\Application Data\Xilisoft
[2009/08/13 15:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/05/03 20:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/08/16 20:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/08/29 22:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/10/02 10:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2008/10/24 18:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/10/29 01:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2006/08/29 22:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/03/15 19:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/08/11 19:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/10/20 12:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SHOUTcast Radio Toolbar
[2010/05/18 18:37:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Telestream
[2008/09/17 01:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/29 22:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/05/03 20:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/14 22:33:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{152EF68B-16AC-49D3-A3E6-E39F7613A2D7}
[2009/10/14 21:43:56 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2E36EF44-3E35-4623-B1DD-517C334DF1C5}
[2010/07/07 14:24:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 22:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/25 16:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/13 12:07:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/14 12:54:39 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D3409287-B0B7-40DE-981C-3CAD8C8EE6A8}
[2009/10/14 12:52:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/07/07 12:11:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/07/07 12:11:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/07/07 12:11:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/07/07 12:11:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/07/07 12:11:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1425 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:pAWVyFuUTuNu5WmdghFASvy
@Alternate Data Stream - 1415 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:n0qOmPVdbIxa8UCKq7lTP3
@Alternate Data Stream - 1392 bytes -> C:\Program Files\Common Files\System:ZNNi3sRCJmEWC4beuooPTr9CEpu
@Alternate Data Stream - 1334 bytes -> C:\Documents and Settings\Albert\Local Settings\Application Data\lW2lApL4cZ:fjXowHvtLFSkNwHGhAYnhwWtM
< End of report >
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - (StyleXPService) -- File not found
SRV - (gusvc) -- File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
FF - prefs.js..network.proxy.type: 4
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1425 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:pAWVyFuUTuNu5WmdghFASvy
@Alternate Data Stream - 1415 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:n0qOmPVdbIxa8UCKq7lTP3
@Alternate Data Stream - 1392 bytes -> C:\Program Files\Common Files\System:ZNNi3sRCJmEWC4beuooPTr9CEpu
@Alternate Data Stream - 1334 bytes -> C:\Documents and Settings\Albert\Local Settings\Application Data\lW2lApL4cZ:fjXowHvtLFSkNwHGhAYnhwWtM

:Files
C:\WINDOWS\wc98pp.dll
C:\WINDOWS\Tasks\ParetoLogic Registration.job 
	 
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP