Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spontaneous Wave Volume Mute with IE popups


  • This topic is locked This topic is locked
26 replies to this topic

#1 PeachyMei

PeachyMei

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 11 July 2010 - 01:59 AM

Hi,


This is my first post, which is of course about some suspected malware. mad.gif I'm not so sure how it started but I'm having the same problem as a few people on this forum. Probably some sketchy website I visited, they say curiosity killed the cat but it also messed up the computer. The sound just randomly shut off. When I started looking at what was the problem I noticed that on the volume control panel the wave volume was muted. I fixed the volume but after a few minutes it will mute itself again. Another odd thing was that although I usually use Firefox, I keep getting IE pop-ups showing an HTTP 404 page. When I looked at Task Manager it shows iexplorer.exe running. If I try to end the process, it will restart in about 10-30 seconds. Oh, and it's being run by SYSTEM instead of Owner like normal IE.

Thanks,

PeachyMei

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 11 July 2010 - 02:11 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.report from MBRcheck
      4.let me know of any problems you may have had

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PeachyMei

PeachyMei
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 12 July 2010 - 12:38 AM

Hi Gringo,

Thanks for responding so quickly! Here are the logs from DDS.

DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 0:59:05.57 on 12/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.64 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe 4
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AVG\AVG9\avgnsx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
svchost.exe 4
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Intense Registry Service] IntEdReg.exe /CHECK
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com\clientapps
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - hxxp://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://www.gamehouse.com/games/abxgh.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.gamehouse.com/games/DreamChronicles.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} - hxxp://www.shockwave.com/content/reaxxion/sis/HLGLauncher.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
DPF: {C7E002D6-324B-4500-883D-84B620FD8640} - hxxp://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} - hxxp://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} -
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: ?
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xubwoc7y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.goodsearch.com/default.aspx
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.http - 94.76.239.95
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-1 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-1 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-1 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-11 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-11 308064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-9-20 200576]
S3 47e340ef-f075-438b-b08c-a70a1127b6fe;47e340ef-f075-438b-b08c-a70a1127b6fe; [x]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2007-1-28 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2007-1-28 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-1-28 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2007-1-28 10368]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2005-11-22 69692]

=============== Created Last 30 ================

2010-07-12 04:57:09 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-06-22 15:26:14 0 d-----w- c:\docume~1\owner\applic~1\FreezeTag
2010-06-21 03:15:33 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX

==================== Find3M ====================

2010-06-02 13:45:21 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40:40 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40:40 126448 ------w- c:\windows\system32\PxInsI64.exe
2010-04-27 18:40:40 123888 ------w- c:\windows\system32\PxCpyI64.exe
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-10-19 19:06:09 18951 ----a-w- c:\program files\common files\nebipiboli.dll
2008-10-19 19:06:09 17855 ----a-w- c:\program files\common files\apady.lib
2008-10-19 19:06:09 15139 ----a-w- c:\program files\common files\hyzofoheg._dl
2008-08-26 21:27:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 1:01:53.39 ===============

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2006 5:12:12 PM
System Uptime: 07/10/2010 2:42:24 PM (-2101 hours ago)

Motherboard: Gateway | | MX6442
Processor: AMD Turion™ 64 Mobile Technology ML-34 | Socket 754 | 1790/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 106 GiB total, 6.763 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 2.483 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP565: 04/04/2010 8:26:42 AM - System Checkpoint
RP566: 05/04/2010 2:11:37 AM - Installed OverDrive Media Console
RP567: 05/04/2010 2:17:18 AM - Installed Windows Media Player 11
RP568: 05/04/2010 2:25:14 AM - Installed Windows XP MSCompPackV1.
RP569: 07/04/2010 4:16:07 AM - System Checkpoint
RP570: 08/04/2010 9:06:56 AM - Avg Update
RP571: 14/04/2010 3:00:34 AM - Software Distribution Service 3.0
RP572: 15/04/2010 3:00:33 AM - Software Distribution Service 3.0
RP573: 16/04/2010 8:17:03 AM - System Checkpoint
RP574: 18/04/2010 10:28:34 AM - System Checkpoint
RP575: 21/04/2010 12:13:11 AM - System Checkpoint
RP576: 21/04/2010 1:11:36 AM - Installed Windows Media Player 11
RP577: 21/04/2010 1:25:17 AM - Installed Windows XP MSCompPackV1.
RP578: 22/04/2010 8:50:12 AM - Avg Update
RP579: 22/04/2010 8:51:58 AM - Avg Update
RP580: 25/04/2010 9:11:51 PM - System Checkpoint
RP581: 28/04/2010 10:33:25 PM - Installed Windows Media Player 11
RP582: 28/04/2010 10:37:30 PM - Installed Windows XP MSCompPackV1.
RP583: 03/05/2010 8:12:09 AM - System Checkpoint
RP584: 05/05/2010 9:01:22 AM - System Checkpoint
RP585: 05/05/2010 9:24:45 AM - Avg Update
RP586: 06/05/2010 10:42:48 AM - System Checkpoint
RP587: 09/05/2010 1:09:53 PM - System Checkpoint
RP588: 10/05/2010 9:15:23 PM - System Checkpoint
RP589: 12/05/2010 3:00:24 AM - Software Distribution Service 3.0
RP590: 27/05/2010 1:39:54 AM - Installed Windows Media Player 11
RP591: 27/05/2010 1:52:43 AM - Installed Windows XP MSCompPackV1.
RP592: 27/05/2010 1:58:07 AM - Software Distribution Service 3.0
RP593: 28/05/2010 7:47:38 PM - System Checkpoint
RP594: 31/05/2010 12:47:03 PM - Installed Windows Media Player 11
RP595: 31/05/2010 12:51:39 PM - Installed Windows XP MSCompPackV1.
RP596: 02/06/2010 12:16:04 AM - Installed Windows Media Player 11
RP597: 02/06/2010 12:27:04 AM - Installed Windows XP MSCompPackV1.
RP598: 02/06/2010 9:46:01 AM - Avg Update
RP599: 08/06/2010 3:34:47 PM - System Checkpoint
RP600: 10/06/2010 3:01:00 AM - Software Distribution Service 3.0
RP601: 17/06/2010 3:56:56 PM - Installed Windows Media Player 11
RP602: 17/06/2010 4:06:27 PM - Installed Windows XP MSCompPackV1.
RP603: 18/06/2010 8:37:39 PM - Installed Windows Media Player 11
RP604: 18/06/2010 8:47:40 PM - Installed Windows XP MSCompPackV1.
RP605: 21/06/2010 9:48:03 AM - System Checkpoint
RP606: 22/06/2010 9:27:36 AM - Installed Windows Media Player 11
RP607: 22/06/2010 9:47:42 AM - Installed Windows XP MSCompPackV1.
RP608: 23/06/2010 3:53:39 PM - System Checkpoint
RP609: 24/06/2010 3:00:27 AM - Software Distribution Service 3.0
RP610: 25/06/2010 9:14:32 AM - Avg Update
RP611: 27/06/2010 12:40:03 PM - System Checkpoint
RP612: 01/07/2010 12:51:00 AM - Installed Windows Media Player 11
RP613: 01/07/2010 1:06:49 AM - Installed Windows XP MSCompPackV1.
RP614: 06/07/2010 1:48:02 AM - Installed Windows Media Player 11
RP615: 06/07/2010 2:03:22 AM - Installed Windows XP MSCompPackV1.

==== Installed Programs ======================


µTorrent
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.3
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
Adventure Ball
Ancient Quest of Saqqarah
AOL Coach Version 2.0(Build:20041026.5 en)
AOL You've Got Pictures Screensaver
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Aztec Bricks
Ballhalla
Batch Update
Bible Data Type System Files
Big Fish Games Client
Boom Voyage
BreakQuest
Brickquest
Broadcom 802.11 Network Adapter
Browser Address Error Redirector
CCS64 V3.1
Chainz 2: Relinked
Chicken Invaders 2
Common System Files
Conexant AC-Link Audio
Cooking Academy
Cooking Academy 2 World Cuisine
Cradle of Rome (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Diner Dash 2
Diner Dash Hometown Hero
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Solution
FishCo
Fizzball
FLV Player 1.3.3
Forgotten Riddles The Mayan Princess
Fruit Lockers 2 The Enchanting Islands
Garden Defense (remove only)
Garmin Communicator Plugin
Garmin USB Drivers
Graphical Query Editor
Hardwood Solitaire III Lite
Heavenly Harmony 1.0.3
Hotel Mogul .
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intense Language Office
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Jojos Fashion Show 2 Las Cruces
Legacy 4.0
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LLS Resource Driver
Magic Ball 3
Mah Jong Quest
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Networks Media Player for Internet Explorer
Moyea FLV to Video Converter version 1.0.1.29
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music AlarmClock v2.1.0
Napster Burn Engine
OEB Resource Driver
OverDrive Media Console
PDF Resource Driver
Pet Vet (remove only)
Photodex Presenter
Pirate Stories Kit Ellis
Plantasia
Power2Go 4.0
PowerDVD
QuickTime
Real Alternative 1.60
Reaxxion
Recovery Software Suite Gateway
Riven
Sandlot Games Client Services
Scholastic's The Magic School Bus Whales
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sentence Diagramming
Slingo Quest Hawaii
Slingo Supreme
Soft Data Fax Modem with SmartCP
Sonic Encoders
Sony Picture Utility
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Strike Ball 2
Sveerz Deluxe
Synaptics Pointing Device Driver
TBS WMP Plug-in
Texas Instruments PCIxx21/x515/xx12 drivers.
The Journeyman Project 3 - Legacy of Time Demo
The Price Is Right
The Sims Deluxe Edition
TIPCI
Treasures of the Deep
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
Video Resource Driver
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
WebFldrs XP
Wild Birds of Canada Discovery CD-ROM
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

11/07/2010 4:12:28 PM, error: HTTP [15005] - Unable to bind to the underlying

transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an

interface which may not exist on this machine. The data field contains the error

number.
10/07/2010 2:46:00 PM, error: System Error [1003] - Error code 100000d1, parameter1

00000018, parameter2 00000002, parameter3 00000000, parameter4 f720b6ee.
10/07/2010 2:45:38 PM, error: System Error [1003] - Error code 10000050, parameter1

e4b3c611, parameter2 00000000, parameter3 f7341b27, parameter4 00000001.
06/07/2010 2:00:29 PM, error: Service Control Manager [7000] - The iPod Service

service failed to start due to the following error: The system cannot find the path

specified.
06/07/2010 2:00:29 PM, error: DCOM [10005] - DCOM got error "%3" attempting to start

the service iPod Service with arguments "" in order to run the server:

{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
06/07/2010 2:00:23 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: Beep

==== End Of File ===========================

RKUnHooker

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2310144 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF67E8000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1200128 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF64E6000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF643A000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF2E6000 C:\WINDOWS\System32\ativvaxx.dll 606208 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF7271000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF1C3D000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6384000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF66CB000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF21B6000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEE477000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF6639000 C:\WINDOWS\system32\drivers\camc6hal.sys 352256 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEE4F6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 245760 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF217C000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF679B000 C:\WINDOWS\system32\DRIVERS\yk51x86.sys 233472 bytes (Marvell, NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller)
0xF1C09000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xBF04E000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF080000 C:\WINDOWS\System32\atikvmag.dll 204800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF65E4000 C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys 200704 bytes (Conexant Systems, Inc., HSFHWATI WDM driver)
0xF63E2000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7443000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF6726000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xEE627000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7244000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF735A000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xEC7F9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF1CAD000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF1CFA000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF66A3000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xF73CF000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF1DC7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF0B9C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6615000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6777000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6754000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF1CD8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF733A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF73F5000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7414000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF722A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7386000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF739F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF0B84000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73B7000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7311000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6423000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEDDD2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF668F000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF67D4000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF220F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF72FE000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7328000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7432000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6412000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEE57F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7772000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77A2000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7582000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF6B11000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF77C2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7782000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEDFCF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF71BA000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7592000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF75F2000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF75C2000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF7752000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF6AE1000 C:\WINDOWS\System32\drivers\sdcplh.sys 57344 bytes (Macrovision Europe Ltd, SDCPLH)
0xF7652000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7792000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77D2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75B2000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7632000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7622000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF721A000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76B2000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76C2000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7692000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF76A2000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF6AD1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7762000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75A2000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77E2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7682000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF77B2000 C:\WINDOWS\system32\drivers\camc6aud.sys 40960 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0xF7572000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF71EA000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7662000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7612000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75E2000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xEE68C000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF7672000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF71FA000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7642000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF720A000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6B01000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEE56F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF75D2000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7602000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF6B21000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7902000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF794A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7822000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7832000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF78DA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF780A000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF78E2000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xF785A000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF77F2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7852000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF782A000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF783A000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7842000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF795A000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF78EA000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78F2000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF793A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF784A000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF781A000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7812000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF7942000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77FA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7912000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF791A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7802000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF790A000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78D2000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF78FA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEEA4C000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7996000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF79A6000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF798A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF79AE000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF7A4E000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7992000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF799E000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF79AA000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF692D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEEA48000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF799A000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF798E000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF79A2000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7982000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7986000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF1DA3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A42000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xEE658000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF711D000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A56000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A76000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7A82000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7A7E000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7A80000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B2C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AD6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A78000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A72000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AD8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A84000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7ADA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AC6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A7A000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7AC2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A7C000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A74000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C88000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B7B000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7B7F000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7B72000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B80000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B3B000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B3A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [BrUsbScn.sys]
WARNING: Virus alike driver modification [BrUsbMdm.sys]
WARNING: Virus alike driver modification [mhndrv.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [bcm42rly.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [wanatw4.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [SbcpHid.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [BrSerWdm.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [el575ND5.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [WudfRd.sys]

MBRCheck

MBRCheck, version 1.0.3

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Unknown MBR code





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.



Enter your choice:





Ok, I think that is all the logs you asked for. I haven't really had any other problems other then the volume and annoying popups. (Other then the fact that I have way too much crap on the laptop and my cd burner isn't working right) Thank you so much for helping me!

PeachyMei

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 12 July 2010 - 01:47 AM

Hello

I Would like you to do the following and make sure it installs the recovery console.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 PeachyMei

PeachyMei
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 12 July 2010 - 10:01 PM

Ok, here is the Combofix log

ComboFix 10-07-12.02 - Owner 12/07/2010 22:06:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.508 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\.#\MBX@13FC@384180.###
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
c:\windows\epydytovul.scr
c:\windows\lames._sy
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\xpsp1hfm.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-06-22 15:26 . 2010-06-23 18:48 -------- d-----w- c:\documents and settings\Owner\Application Data\FreezeTag
2010-06-21 03:15 . 2010-06-21 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 02:20 . 2009-03-30 23:19 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-06-30 00:47 . 2007-03-12 01:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-23 19:06 . 2008-01-19 01:39 -------- d-----w- c:\program files\GameHouse
2010-06-21 03:21 . 2007-10-02 22:58 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2010-06-21 03:20 . 2010-06-21 03:20 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-21 03:20 . 2007-10-02 21:47 -------- d-----w- c:\program files\DivX
2010-06-21 03:20 . 2009-10-19 22:15 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-21 03:20 . 2010-06-21 03:20 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-21 03:20 . 2010-06-21 03:20 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-21 03:20 . 2010-06-21 03:20 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-21 03:20 . 2010-06-21 03:20 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-21 03:18 . 2010-06-21 03:18 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-21 03:17 . 2010-06-21 03:17 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-21 03:17 . 2010-06-21 03:17 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-21 03:15 . 2010-06-21 03:20 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-21 03:15 . 2010-06-21 03:20 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-02 13:45 . 2009-04-01 14:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 13:45 . 2007-07-01 15:34 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 20:34 . 2010-05-27 20:34 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-704bcde5-n\decora-sse.dll
2010-05-27 20:34 . 2010-05-27 20:34 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41e2e0ff-n\msvcp71.dll
2010-05-27 20:34 . 2010-05-27 20:34 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41e2e0ff-n\msvcr71.dll
2010-05-27 20:34 . 2010-05-27 20:34 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-704bcde5-n\decora-d3d.dll
2010-05-27 20:34 . 2010-05-27 20:34 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-41e2e0ff-n\jmc.dll
2010-05-04 17:20 . 2005-11-23 07:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2005-11-23 07:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2005-11-23 07:12 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2005-11-23 07:12 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40 . 2007-10-02 22:56 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-08-03 11:23 126448 ------w- c:\windows\system32\PxInsI64.exe
2010-04-27 18:40 . 2007-08-03 11:23 123888 ------w- c:\windows\system32\PxCpyI64.exe
2010-04-27 18:40 . 2005-11-23 08:54 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-04-20 05:30 . 2005-11-23 07:12 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-10-19 19:06 . 2008-10-19 19:06 18951 ----a-w- c:\program files\Common Files\nebipiboli.dll
2008-10-19 19:06 . 2008-10-19 19:06 17855 ----a-w- c:\program files\Common Files\apady.lib
2008-10-19 19:06 . 2008-10-19 19:06 15139 ----a-w- c:\program files\Common Files\hyzofoheg._dl
.

------- Sigcheck -------

[7] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-15 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Intense Registry Service"="IntEdReg.exe" [2003-08-27 54784]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-8-3 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 12:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18308:TCP"= 18308:TCP:BitComet 18308 TCP
"18308:UDP"= 18308:UDP:BitComet 18308 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 10:39 AM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 10:39 AM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/11/2009 10:08 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/11/2009 10:08 AM 308064]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [20/09/2006 9:15 PM 200576]
S3 47e340ef-f075-438b-b08c-a70a1127b6fe;47e340ef-f075-438b-b08c-a70a1127b6fe; [x]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [28/01/2007 2:06 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [28/01/2007 2:06 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [28/01/2007 2:06 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [28/01/2007 2:06 PM 10368]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [22/11/2005 8:52 PM 69692]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com\clientapps
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://www.gamehouse.com/games/abxgh.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.gamehouse.com/games/DreamChronicles.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xubwoc7y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.goodsearch.com/default.aspx
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.http - 94.76.239.95
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Power2GoExpress - (no file)
SafeBoot-TDSSmqlt.sys
AddRemove-CCS64 V3.1 - c:\program files\Computerbrains\CCS64 V3.1\Uninst.isu
AddRemove-Chainz 2: Relinked - c:\progra~1\SHOCKW~1.COM\CHAINZ~1\UNWISE.EXE
AddRemove-Chicken Invaders 2_is1 - c:\program files\Chicken Invaders 2\ReflexiveArcade\unins000.exe
AddRemove-Fruit Lockers 2 The Enchanting Islands1.0 - c:\windows\Fruit Lockers 2 The Enchanting Islands\uninstall.exe
AddRemove-Intense Language Office - c:\program files\Intense Language Office\Common\Uninst.exe
AddRemove-Riven 1.0 - c:\program files\Riven\DeIsL1.isu
AddRemove-SBC Self Support Tool - c:\progra~1\SBCSEL~1\CustomUninstall.exe
AddRemove-The Journeyman Project 3 - Legacy of Time Demo 1.0 - c:\program files\Red Orb Entertainment\Demos\Journeyman Project 3 Demo\DeIsL1.isu
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113722950} - c:\program files\MSN Games\Diner Dash Hometown Hero\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 22:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-12 22:24:43
ComboFix-quarantined-files.txt 2010-07-13 02:24

Pre-Run: 8,443,719,680 bytes free
Post-Run: 16,691,945,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 4E502CDD3BEF1A5043B926C906CB68AC


Unfortunately, I'm still having the wave muting/IE popups problem mad.gif

The time between spontaneous muting seems to be longer but the popups are happening more frequently. huh.gif

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 12 July 2010 - 10:26 PM

Unfortunately, I'm still having the wave muting/IE popups problem
this should be fixed in the next steps

Print out these instructions to use while in the Recovery Console: (This is for XP only)
    1.Restart your computer.
    2.Before Windows loads, you will be prompted to choose which Operating System to start.
    3.Use the up and down arrow key to select Microsoft Windows Recovery Console
    4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
    5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter'
      fixmbr

after this is complete shut down the computer completly for five min then turn it back on and run this script for me

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Rootkit::
C:\System volume information\Microsoft\services.exe
C:\System volume information\Microsoft\smss.exe


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Rerun MBRcheck

list][*]Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
[*]It will show a Black screen with some data on it
[*]a report called MBRcheck will be on your desktop
[*]open this report
[*]Right click on the screen and select > Select All
[*]Press Control+C
[*]now please copy that report to this thread
[/list]
"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 15 July 2010 - 11:35 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 PeachyMei

PeachyMei
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 15 July 2010 - 04:50 PM

Hi Gringo,

Sorry I've taken so long to post. I started to try the latest set of instructions but as I got to the Recovery Console, the choice #1 said D:\MiniNT and something about causing a serious error if I continued. So I exited the Console and restarted the laptop to try and get back to the Recovery Console. I, then realized that the annoying popups weren't showing up. So I think that the laptop is fixed now. I haven't noticed any recurrence of the problem. But now the communal computer is doing the same thing mine was dry.gif

Here are the logs from it:


DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 17:37:25.12 on Thu 07/15/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.487 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
svchost.exe 4
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe 4
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\user\startm~1\programs\startup\openof~1.lnk - c:\program

files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} -

hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -

hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} -

hxxp://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/BINGAME/POPCAPLOADER_V10.CAB
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix

dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix

dls\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\7yucmatd.default\
FF - prefs.js: browser.startup.homepage -

hxxp://pickeringcs.rosettastoneclassroom.com/en|http://ca.mg202.mail.yahoo.com/dc/launch?.partne

r=rogers-acs&.gx=0&.rand=b92jifmdmtmec
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\gobit games\browserplugin\npgobitgamesplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgobitgamesplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b}

- c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha",

true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-14

216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-14 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-14

243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program

files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-10-2 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-10-2 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-10-2

11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-10-2

10368]

=============== Created Last 30 ================

2010-07-15 21:34:55 0 ----a-w- c:\documents and settings\user\defogger_reenable
2010-07-15 18:36:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-13 21:42:48 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-27 21:30:49 0 d-----w- c:\windows\Totem Tribe
2010-06-27 21:30:49 0 d-----w- c:\program files\Totem Tribe
2010-06-27 19:52:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Enkord

==================== Find3M ====================

2010-07-15 18:36:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 18:34:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 17:38:01.96 ===============




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF62A8000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1171456 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA6A2000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xAA54D000 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF07E000 C:\WINDOWS\System32\ialmdd5.DLL 983040 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xAA497000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF61B4000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF72FC000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA2C6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF60BE000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA40B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA99E3000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA91FA000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 241664 bytes (Intel Corporation, Component GHAL Driver)
0xAA3D1000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAA644000 C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 237568 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xAA292000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF611C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7458000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9D9D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72CF000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8F74000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA336000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF626C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA383000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7402000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAA3AB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA67E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6248000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6191000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA361000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73B2000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7428000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF72B5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73EA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA252000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73D2000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7389000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF617A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9D38000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6294000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA464000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF73A0000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7447000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6169000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7657000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7767000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77F7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7777000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7667000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF75F7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75C7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7747000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7787000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF77A7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7737000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF7637000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7757000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7597000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7797000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7587000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77C7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7727000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF77B7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7627000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA97FB000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF75D7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7617000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7817000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF7837000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7877000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF796F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7807000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7887000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF797F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7977000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7967000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7867000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF786F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF780F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF798F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7827000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7987000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF789F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF727C000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF799F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7A33000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA9D61000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A57000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA146000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7997000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF799B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7A2B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A3B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6B31000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A9F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A8D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7AAD000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A9D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A8B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A87000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AA1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AA3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B4D000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A9B000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A89000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C2C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C81000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CC8000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B4F000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================






MBRCheck, version 1.1.0

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...







Thanks,

PeachyMei


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 15 July 2010 - 06:10 PM

74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
it is still infected

lets do it this way

Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • The program will prompt for confirmation. Type 'YES' and hit Enter.
  • Left click on the title bar (where program name and path is written).
  • From menu chose Edit -> Select All
  • Hit the Enter key on your keyboard to copy selected text.
  • Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  • Restart your PC.
  • Post the text in "MBRCheck results.txt" here, please.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 PeachyMei

PeachyMei
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 16 July 2010 - 05:40 PM

Here is the log from MBRCheck

MBRCheck, version 1.1.0
© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done! Press ENTER to exit...


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 16 July 2010 - 05:43 PM


Greetings

Please restart the computer

  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. report from MBRcheck
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 PeachyMei

PeachyMei
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 16 July 2010 - 05:44 PM

Hi Gringo,

Seems to be working great!! No more rogue iexplorer.exe on task manager. I will keep an eye on this computer to make sure.
thumbup.gif Thank you so MUCH!!!! thumbup.gif


PeachyMei

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 16 July 2010 - 05:50 PM

yes but please send me the logs from my previos post


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 PeachyMei

PeachyMei
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 16 July 2010 - 06:19 PM

Sorry I forgot the logs.

Here they are




MBRCheck, version 1.1.0

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...










ComboFix 10-07-15.05 - user 07/16/2010 19:07:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.587 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\.#
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\st325602.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-15 18:37 . 2010-07-15 18:37 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 18:37 . 2010-07-15 18:37 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 18:36 . 2010-07-15 18:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 18:33 . 2010-07-15 18:33 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-15 18:33 . 2010-07-15 18:33 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 18:33 . 2010-07-15 18:33 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 18:33 . 2010-07-15 18:33 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-13 21:42 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-27 21:30 . 2010-06-27 21:32 -------- d-----w- c:\program files\Totem Tribe
2010-06-27 21:30 . 2010-06-27 21:30 -------- d-----w- c:\windows\Totem Tribe
2010-06-27 19:52 . 2010-06-27 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Enkord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 21:33 . 2009-03-11 02:08 1 ----a-w- c:\documents and settings\user\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-15 18:36 . 2009-03-14 04:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 18:34 . 2009-03-14 04:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 19:25 . 2009-02-12 03:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-11 17:58 . 2010-01-07 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-06-27 21:29 . 2009-04-15 09:10 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2010-06-27 21:25 . 2009-10-12 23:56 -------- d-----w- c:\program files\Games
2010-06-14 14:31 . 2009-02-04 16:54 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 22:00 . 2009-09-11 01:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:24 . 2009-03-14 04:05 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-23 19:02 . 2010-05-23 19:02 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-71b440c2-n\msvcp71.dll
2010-05-23 19:02 . 2010-05-23 19:02 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-71b440c2-n\jmc.dll
2010-05-23 19:02 . 2010-05-23 19:02 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-71b440c2-n\msvcr71.dll
2010-05-04 17:20 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

c:\documents and settings\user\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 18:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/14/2009 12:05 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/14/2009 12:06 AM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 2:34 PM 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 2:36 PM 308136]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 4:44 PM 444224]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [10/2/2009 6:05 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [10/2/2009 6:05 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [10/2/2009 6:05 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [10/2/2009 6:03 PM 10368]
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7yucmatd.default\
FF - prefs.js: browser.startup.homepage - hxxp://pickeringcs.rosettastoneclassroom.com/en|http://ca.mg202.mail.yahoo.com/dc/launch?.partner=rogers-acs&.gx=0&.rand=b92jifmdmtmec
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\GoBit Games\BrowserPlugin\npgobitgamesplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgobitgamesplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 19:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-07-16 19:15:26
ComboFix-quarantined-files.txt 2010-07-16 23:15

Pre-Run: 12,922,638,336 bytes free
Post-Run: 15,558,828,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4980FBEB9A834C86BC68DC45B17C77D3


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 16 July 2010 - 06:48 PM

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 8.2.3
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java™ 6 Update 18 <--- do not remove!!
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ 6 Update 7
    Java™ SE Runtime Environment 6 Update 1
    Spybot - Search & Destroy <-- may be reinstalled later
    Spybot - Search & Destroy 1.4


    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis
  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users