"Directrdr" Virus Help, Log posted inside, please help

View previous topic View next topic Go down

"Directrdr" Virus Help, Log posted inside, please help

Post by JesseInsanity on Thu May 06, 2010 3:45 am

I've ran countless virus/spyware/malware scans and yet I can't stop any of my browsers from redirecting from the site Directrdr.com.

Please look at my log and help me fix my problem, thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:41 PM, on 5/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.4\ManyCam.exe"
O4 - Global Startup: run_startmenu.cmd
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

JesseInsanity
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-05-06
OS : Windows XP

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by Dr Jay on Thu May 06, 2010 1:36 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





We need to do some diagnostics to get started.

1. Please download [You must be registered and logged in to see this link.] by noahdfear.
  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply


2. Download [You must be registered and logged in to see this link.] by ad13 and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


3. Please download [You must be registered and logged in to see this link.] by me, and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


4. In your next reply, please post the following logs for my review:
  • Profiles log (1)
  • Win32kDiag log (2)
  • Cheetah log (3)


Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by JesseInsanity on Thu May 06, 2010 5:12 pm

Thank you for replying. Here are my results:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3143855373-11594618-982212904-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Owner

SystemRoot REG_SZ C:\WINDOWS


Running from: C:\Documents and Settings\Owner\My Documents\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\Temp\3fac8d9e-bd1d-4adb-bac5-e0485221dc63.tmp

[1] 2010-05-06 12:08:40 0 C:\WINDOWS\Temp\3fac8d9e-bd1d-4adb-bac5-e0485221dc63.tmp ()





Finished!



Cheetah-Anti-Rogue v1.4.5
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 05/06/2010 - Time: 12:13:17 - Arch.: x86


-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
SpywareBlaster
SUPERAntiSpyware


-- Known infection --

C:\WINDOWS\system32\drivers\kgpcpy.cfg (SecurityTool.RGE)
C:\Program Files\Common Files\ParetoLogic (ParetoLogic.RGE)


Extra message: Detection only.


EOF

JesseInsanity
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-05-06
OS : Windows XP

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by Dr Jay on Thu May 06, 2010 11:33 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by JesseInsanity on Fri May 07, 2010 3:26 am

I used ComboFix. I can tell that my computer is much faster but I still have random popups that won't go away. Here's the new log:

ComboFix 10-05-06.01 - Owner 05/06/2010 22:49:31.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1507 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\recycler\S-1-5-21-2698189306-780860755-2270733306-1003
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 01:36 . 2010-05-07 01:38 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-05-06 19:37 . 2010-05-06 19:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-06 12:00 . 2010-05-06 22:00 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-06 12:00 . 2010-05-06 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-06 02:13 . 2010-05-06 05:33 121888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-06 02:13 . 2010-05-06 05:33 5177312 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-06 01:23 . 2010-05-06 01:23 1152 ----a-w- c:\windows\system32\windrv.sys
2010-05-05 22:20 . 2010-05-06 11:59 -------- d-----w- c:\program files\Realtek AC97
2010-05-05 22:16 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-05-05 22:16 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-05-05 22:16 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-05-05 22:16 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-05-05 20:15 . 2010-05-06 11:58 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-05-05 03:59 . 2010-05-05 03:59 32768 ---ha-w- C:\SZKGFS.dat
2010-05-05 03:58 . 2010-05-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-05 03:57 . 2010-05-05 03:57 -------- d-----w- c:\program files\Common Files\iS3
2010-05-05 03:57 . 2010-05-05 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-04 23:49 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 23:49 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 21:09 . 2010-05-07 00:08 -------- d-----w- c:\windows\system32\NtmsData
2010-05-04 20:32 . 2010-05-04 20:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-05-04 20:27 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-04 20:27 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-04 20:27 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-04 20:27 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-04 20:27 . 2010-05-04 20:27 -------- d-----w- c:\program files\Avira
2010-05-04 20:27 . 2010-05-04 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-03 08:52 . 2010-05-03 08:52 -------- d-----w- C:\FBPUpdate
2010-05-02 00:22 . 2010-05-03 02:04 -------- d-----w- c:\program files\Lavasoft(2)
2010-04-30 23:36 . 2010-04-30 23:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-30 05:45 . 2010-04-30 05:45 -------- d-----w- c:\program files\Productive Web Pages
2010-04-29 02:34 . 2010-04-30 23:36 -------- d-----w- c:\program files\XLink Kai
2010-04-29 02:32 . 2010-04-30 23:28 -------- d-----w- c:\program files\XBC
2010-04-28 16:11 . 2010-04-28 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-04-28 16:11 . 2010-04-28 16:11 -------- d-----w- c:\program files\IObit
2010-04-28 15:58 . 2010-05-01 23:50 -------- d-----w- c:\program files\SpywareBlaster
2010-04-27 03:19 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 03:19 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 03:19 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 03:19 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 03:19 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 03:19 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-04-27 03:18 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-27 03:18 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-27 03:18 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-27 03:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-27 03:18 . 2010-05-07 01:27 -------- d-----w- c:\program files\Spyware Doctor
2010-04-27 03:18 . 2010-04-27 03:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-27 03:18 . 2010-04-27 03:18 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-04-26 23:51 . 2010-05-03 06:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2010-04-26 07:56 . 2010-04-27 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-25 16:44 . 2010-04-25 16:44 -------- d-----w- c:\program files\Enigma Software Group
2010-04-22 14:03 . 2010-04-22 14:04 -------- d-----w- c:\program files\iPod
2010-04-22 14:03 . 2010-04-22 14:04 -------- d-----w- c:\program files\iTunes
2010-04-22 13:57 . 2010-04-22 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-22 13:44 . 2010-04-22 13:44 -------- d-----w- c:\program files\Apple Software Update
2010-04-22 13:39 . 2010-04-22 13:39 -------- d-----w- c:\program files\Bonjour
2010-04-22 01:52 . 2010-04-22 01:52 -------- d-----w- c:\program files\Common Files\Skype
2010-04-20 17:58 . 2010-04-20 17:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-20 12:07 . 2010-04-20 12:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 12:03 . 2010-05-03 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-20 11:49 . 2010-04-20 17:12 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-20 09:42 . 2010-04-20 09:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-18 21:25 . 2010-04-18 21:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AddNewFriends_LLC
2010-04-18 21:23 . 2010-04-18 21:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\TubeBlasterPro
2010-04-18 21:23 . 2010-04-18 21:23 -------- d-----w- c:\program files\TubeBlasterPro
2010-04-18 08:40 . 2010-04-18 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-18 08:39 . 2010-04-27 20:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-18 08:39 . 2010-04-18 08:39 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-16 17:50 . 2010-05-07 01:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 06:23 . 2010-04-15 06:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-15 06:22 . 2010-04-15 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-15 06:22 . 2010-05-06 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 01:38 . 2010-05-06 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-15 01:38 . 2010-05-03 03:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-10 01:52 . 2010-04-10 06:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\diljufbxp
2010-04-09 13:21 . 2010-04-09 13:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-08 14:00 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-08 11:16 . 2010-05-06 18:03 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 11:16 . 2010-04-08 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-08 11:16 . 2010-04-08 11:16 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 05:49 . 2007-11-29 16:52 60273 ----a-w- c:\windows\system32\pthreadGC2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 02:38 . 2010-01-14 03:00 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-07 02:37 . 2010-02-21 21:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-06 19:35 . 2010-04-18 08:40 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 13:39 . 2004-08-27 10:33 14976 ----a-w- c:\windows\system32\drivers\cpqarray.sys
2010-05-06 12:00 . 2010-03-20 08:02 -------- d-----w- c:\program files\Opera
2010-05-06 08:04 . 2010-01-21 09:56 -------- d-----w- c:\program files\CCleaner
2010-05-06 05:33 . 2010-05-06 02:13 5780 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-06 05:33 . 2010-05-06 02:13 15188 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-06 02:13 . 2010-05-06 02:13 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-05-05 04:52 . 2010-05-05 04:11 51432 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-03 18:32 . 2010-01-05 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-03 08:53 . 2010-02-21 09:31 -------- d-----w- c:\program files\FriendBlasterPro
2010-05-03 02:04 . 2010-01-20 23:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-03 01:47 . 2010-01-18 21:46 -------- d-----w- c:\program files\Replay Music 3
2010-04-26 23:51 . 2010-01-07 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WebcamMax
2010-04-25 03:47 . 2010-01-06 12:01 -------- d-----w- c:\program files\Replay Video Capture
2010-04-22 14:03 . 2010-01-05 05:44 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 13:49 . 2010-01-05 05:46 -------- d-----w- c:\program files\QuickTime
2010-04-22 02:02 . 2010-01-10 06:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-04-22 01:32 . 2010-01-10 06:52 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-04-21 23:09 . 2010-04-20 20:05 0 ----a-w- c:\windows\system32\tmp.tmp
2010-04-19 13:15 . 2010-01-05 03:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-18 16:18 . 2010-02-21 20:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony
2010-04-18 08:40 . 2010-04-18 08:40 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-17 15:42 . 2010-01-19 07:55 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-04-11 14:35 . 2010-04-11 14:35 15849560 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-04-09 13:21 . 2010-01-05 03:52 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-09 13:21 . 2010-01-05 03:52 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-09 13:20 . 2010-01-05 03:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 13:20 . 2010-01-05 03:52 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-09 09:21 . 2010-01-06 08:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Camfrog
2010-04-08 07:36 . 2010-01-12 20:19 -------- d-----w- c:\program files\TVersity Codec Pack
2010-04-08 07:12 . 2010-01-07 08:50 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-07 03:45 . 2010-01-14 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer
2010-04-05 23:51 . 2010-04-05 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-05 21:42 . 2010-03-28 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-02 20:37 . 2010-04-01 05:45 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink
2010-04-02 20:27 . 2010-04-02 20:26 -------- d-----w- c:\program files\InterActual
2010-04-02 20:26 . 2010-01-13 19:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-02 09:22 . 2010-01-05 05:00 -------- d-----w- c:\program files\ManyCam 2.4
2010-04-01 07:03 . 2010-04-01 06:59 -------- d-----w- c:\program files\wLite
2010-04-01 07:03 . 2010-04-01 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP5
2010-04-01 06:56 . 2010-04-01 06:56 -------- d-----w- c:\documents and settings\Owner\Application Data\CamTrack
2010-04-01 06:47 . 2010-01-07 12:30 -------- d-----w- c:\program files\WebcamMax
2010-04-01 06:19 . 2010-04-01 06:19 -------- d-----w- c:\documents and settings\Owner\Application Data\NeatImage SL
2010-04-01 05:54 . 2010-01-05 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-04-01 05:44 . 2010-01-05 04:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 05:43 . 2010-01-05 04:15 -------- d-----w- c:\program files\CyberLink
2010-04-01 05:41 . 2010-04-01 05:41 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2010-03-30 14:29 . 2010-02-28 13:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
2010-03-30 13:20 . 2010-01-07 13:42 -------- d-----w- c:\program files\AIM
2010-03-30 13:20 . 2010-03-30 13:20 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-28 05:47 . 2010-03-28 00:28 -------- d-----w- c:\program files\Safari
2010-03-28 00:31 . 2010-01-08 22:25 46316 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-28 00:30 . 2010-01-05 05:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-03-27 23:26 . 2010-03-27 23:26 -------- d-----w- c:\program files\Alwil Software
2010-03-27 23:26 . 2010-03-27 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-27 22:02 . 2010-03-27 22:02 -------- d-----w- c:\program files\CleanMyPC
2010-03-27 21:21 . 2010-03-25 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-27 18:51 . 2010-01-05 04:09 -------- d-----w- c:\program files\Common Files\Java
2010-03-27 18:50 . 2010-01-05 05:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-27 17:52 . 2010-01-28 15:32 -------- d-----w- c:\program files\Winamp
2010-03-27 17:51 . 2010-02-26 02:02 -------- d-----w- c:\program files\Total Video Converter
2010-03-27 17:50 . 2010-03-18 23:31 -------- d-----w- c:\program files\Project64 1.6
2010-03-27 17:11 . 2010-03-08 01:48 -------- d-----w- c:\program files\FrostWire
2010-03-27 17:11 . 2010-03-08 01:21 -------- d-----w- c:\program files\GigaTribe
2010-03-27 17:11 . 2010-03-08 01:49 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2010-03-27 17:09 . 2010-03-20 08:01 -------- d-----w- c:\program files\K-Meleon
2010-03-27 17:09 . 2010-03-20 08:02 -------- d-----w- c:\documents and settings\Owner\Application Data\K-Meleon
2010-03-27 16:52 . 2010-01-20 05:56 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-27 14:51 . 2010-02-25 16:10 -------- d-----w- c:\program files\TagRename
2010-03-11 07:46 . 2010-01-05 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-10 06:15 . 2004-08-26 16:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 04:35 . 2010-01-05 03:47 63360 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-05 04:28 . 2010-03-05 04:28 29926 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2010-03-02 10:42 . 2010-03-02 10:40 89831 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 05:50 . 2010-02-26 05:50 0 ----a-w- c:\windows\Infob.dat
2010-02-26 05:50 . 2010-02-26 05:50 0 ----a-w- c:\windows\Infoa.dat
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:24 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-26 16:12 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 03:51 . 2010-02-22 03:08 82432 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msxml4r.dll
2010-02-22 03:51 . 2010-02-22 03:08 81920 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\LGMobileDL.dll
2010-02-22 03:51 . 2010-02-22 03:08 56648 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\SP_Starter.exe
2010-02-22 03:51 . 2010-02-22 03:08 53248 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\CommonDL.dll
2010-02-22 03:51 . 2010-02-22 03:08 44544 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msxml4a.dll
2010-02-22 03:51 . 2010-02-22 03:08 430080 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\LGMUpgradeDL.dll
2010-02-22 03:51 . 2010-02-22 03:08 413696 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msvcp60.dll
2010-02-22 03:51 . 2010-02-22 03:08 343040 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msvcrt.dll
2010-02-22 03:51 . 2010-02-22 03:08 1833649 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\USB_Driver\LGATOS_SPUSBDriver_WHQL_Eng_Ver_1.0.exe
2010-02-22 03:51 . 2010-02-22 03:08 1233920 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msxml4.dll
2010-02-22 03:51 . 2010-02-22 03:08 1028096 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\mfc42.dll
2010-02-17 13:10 . 2004-08-26 16:12 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 05:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2004-08-26 16:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-26 16:12 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 17:13 . 2010-01-13 19:45 165376 ----a-w- c:\windows\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-08 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-04-21 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mclpbbvm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/4/2010 11:52 PM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/4/2010 11:52 PM 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/26/2010 11:18 PM 218592]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/4/2010 11:52 PM 242896]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/4/2010 11:51 PM 30104]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/24/2010 12:56 AM 691696]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/4/2010 11:52 PM 216200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/26/2004 12:12 PM 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/4/2010 4:27 PM 135336]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/9/2010 9:21 AM 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [4/9/2010 9:20 AM 2325816]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/26/2010 11:19 PM 112592]
S2 DVC150;DVC 150B;c:\windows\system32\drivers\dvc150b.sys [3/1/2010 6:48 AM 30976]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/28/2010 12:11 PM 311568]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/4/2010 7:49 PM 304464]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/4/2010 11:51 PM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/9/2010 9:21 AM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/4/2010 11:51 PM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/4/2010 11:51 PM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/4/2010 11:51 PM 26120]
S3 DVC150B;Dazzle DVC 150B;c:\windows\system32\drivers\dvc150b.sys [3/1/2010 6:48 AM 30976]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/4/2010 7:49 PM 20952]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/26/2010 11:18 PM 366840]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [3/1/2010 7:26 AM 31872]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 Usbatos;LGE SP DL USB Serial Port;c:\windows\system32\drivers\lgusbatos.sys [2/21/2010 2:13 AM 22016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3143855373-11594618-982212904-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-08 05:36]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3143855373-11594618-982212904-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-08 05:36]

2010-05-06 c:\windows\Tasks\Orb Index when idle.job
- c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe [2009-12-21 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v960xjge.default\
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-06 23:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A126AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76bbf28
\Driver\ACPI -> ACPI.sys @ 0xf7483cb8
\Driver\atapi -> atapi.sys @ 0xf7846852
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb8615bd4
PacketIndicateHandler -> NDIS.sys @ 0xb8621a21
SendHandler -> NDIS.sys @ 0xb8615d44
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(976)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
c:\windows\system32\nvcpl.dll
.
Completion time: 2010-05-06 23:12:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 03:12

Pre-Run: 31,527,276,544 bytes free
Post-Run: 31,536,078,848 bytes free

- - End Of File - - 9ABC936527FF55997C0FEEEE502239A7

JesseInsanity
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-05-06
OS : Windows XP

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by Dr Jay on Fri May 07, 2010 3:31 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by JesseInsanity on Fri May 07, 2010 6:29 pm

It didn't find any malware.

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4073

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/7/2010 10:56:32 AM
mbam-log-2010-05-07 (10-56-32).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 281624
Time elapsed: 6 hour(s), 23 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

JesseInsanity
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-05-06
OS : Windows XP

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by JesseInsanity on Fri May 07, 2010 8:42 pm

I reran ComboFix and it found another rootkit.

ComboFix 10-05-07.01 - Owner 05/07/2010 16:23:43.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1505 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 19:56 . 2010-05-07 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-07 19:56 . 2010-05-07 19:56 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-07 01:36 . 2010-05-07 01:38 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-05-06 19:37 . 2010-05-06 19:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-06 12:00 . 2010-05-06 22:00 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-06 12:00 . 2010-05-06 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-06 02:13 . 2010-05-06 02:13 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-05-06 02:13 . 2010-05-06 05:33 121888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-06 02:13 . 2010-05-06 05:33 5177312 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-06 01:23 . 2010-05-06 01:23 1152 ----a-w- c:\windows\system32\windrv.sys
2010-05-05 22:20 . 2010-05-06 11:59 -------- d-----w- c:\program files\Realtek AC97
2010-05-05 22:16 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-05-05 22:16 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-05-05 22:16 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-05-05 22:16 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-05-05 20:15 . 2010-05-06 11:58 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-05-05 03:59 . 2010-05-05 03:59 32768 ---ha-w- C:\SZKGFS.dat
2010-05-05 03:58 . 2010-05-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-05 03:57 . 2010-05-05 03:57 -------- d-----w- c:\program files\Common Files\iS3
2010-05-05 03:57 . 2010-05-05 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-04 23:49 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 23:49 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 21:09 . 2010-05-07 00:08 -------- d-----w- c:\windows\system32\NtmsData
2010-05-04 20:32 . 2010-05-04 20:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-05-04 20:27 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-04 20:27 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-04 20:27 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-04 20:27 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-04 20:27 . 2010-05-04 20:27 -------- d-----w- c:\program files\Avira
2010-05-04 20:27 . 2010-05-04 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-03 08:52 . 2010-05-03 08:52 -------- d-----w- C:\FBPUpdate
2010-05-02 00:22 . 2010-05-03 02:04 -------- d-----w- c:\program files\Lavasoft(2)
2010-04-30 23:36 . 2010-04-30 23:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-30 05:45 . 2010-04-30 05:45 -------- d-----w- c:\program files\Productive Web Pages
2010-04-29 02:34 . 2010-04-30 23:36 -------- d-----w- c:\program files\XLink Kai
2010-04-29 02:32 . 2010-04-30 23:28 -------- d-----w- c:\program files\XBC
2010-04-28 16:11 . 2010-04-28 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-04-28 16:11 . 2010-04-28 16:11 -------- d-----w- c:\program files\IObit
2010-04-28 15:58 . 2010-05-01 23:50 -------- d-----w- c:\program files\SpywareBlaster
2010-04-27 11:06 . 2010-04-27 11:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-27 03:19 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 03:19 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 03:19 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 03:19 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 03:19 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 03:19 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-04-27 03:18 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-27 03:18 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-27 03:18 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-27 03:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-27 03:18 . 2010-05-07 20:01 -------- d-----w- c:\program files\Spyware Doctor
2010-04-27 03:18 . 2010-04-27 03:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-27 03:18 . 2010-04-27 03:18 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-04-26 23:51 . 2010-05-03 06:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2010-04-26 07:56 . 2010-04-27 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-25 16:44 . 2010-04-25 16:44 -------- d-----w- c:\program files\Enigma Software Group
2010-04-22 14:03 . 2010-04-22 14:04 -------- d-----w- c:\program files\iPod
2010-04-22 14:03 . 2010-04-22 14:04 -------- d-----w- c:\program files\iTunes
2010-04-22 13:57 . 2010-04-22 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-22 13:44 . 2010-04-22 13:44 -------- d-----w- c:\program files\Apple Software Update
2010-04-22 13:39 . 2010-04-22 13:39 -------- d-----w- c:\program files\Bonjour
2010-04-22 01:52 . 2010-04-22 01:52 -------- d-----w- c:\program files\Common Files\Skype
2010-04-20 17:58 . 2010-04-20 17:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-20 12:07 . 2010-04-20 12:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 12:03 . 2010-05-03 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-20 11:49 . 2010-04-20 17:12 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-20 09:42 . 2010-04-20 09:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-18 21:25 . 2010-04-18 21:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AddNewFriends_LLC
2010-04-18 21:23 . 2010-04-18 21:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\TubeBlasterPro
2010-04-18 21:23 . 2010-04-18 21:23 -------- d-----w- c:\program files\TubeBlasterPro
2010-04-18 08:40 . 2010-04-18 08:40 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-18 08:40 . 2010-05-06 19:35 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-18 08:40 . 2010-04-18 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-18 08:39 . 2010-04-27 20:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-18 08:39 . 2010-04-18 08:39 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-16 17:50 . 2010-05-07 01:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 06:23 . 2010-04-15 06:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-15 06:22 . 2010-04-15 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-15 06:22 . 2010-05-06 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 01:38 . 2010-05-06 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-15 01:38 . 2010-05-03 03:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-11 14:35 . 2010-04-11 14:35 15849560 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-04-10 01:52 . 2010-04-10 06:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\diljufbxp
2010-04-09 13:21 . 2010-04-09 13:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-08 14:00 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-08 12:39 . 2010-04-08 12:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Trend Micro
2010-04-08 11:16 . 2010-05-06 18:03 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 11:16 . 2010-04-08 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-08 11:16 . 2010-04-08 11:16 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 05:49 . 2007-11-29 16:52 60273 ----a-w- c:\windows\system32\pthreadGC2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 20:08 . 2010-03-25 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-07 20:02 . 2010-02-21 21:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-07 19:56 . 2010-01-05 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-07 19:45 . 2010-01-14 03:00 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-06 13:39 . 2004-08-27 10:33 14976 ----a-w- c:\windows\system32\drivers\cpqarray.sys
2010-05-06 12:00 . 2010-03-20 08:02 -------- d-----w- c:\program files\Opera
2010-05-06 08:04 . 2010-01-21 09:56 -------- d-----w- c:\program files\CCleaner
2010-05-06 05:33 . 2010-05-06 02:13 5780 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-06 05:33 . 2010-05-06 02:13 15188 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-05 04:52 . 2010-05-05 04:11 51432 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-03 18:32 . 2010-01-05 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-03 08:53 . 2010-02-21 09:31 -------- d-----w- c:\program files\FriendBlasterPro
2010-05-03 02:04 . 2010-01-20 23:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-03 01:47 . 2010-01-18 21:46 -------- d-----w- c:\program files\Replay Music 3
2010-04-26 23:51 . 2010-01-07 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WebcamMax
2010-04-25 03:47 . 2010-01-06 12:01 -------- d-----w- c:\program files\Replay Video Capture
2010-04-22 14:03 . 2010-01-05 05:44 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 13:49 . 2010-01-05 05:46 -------- d-----w- c:\program files\QuickTime
2010-04-22 02:02 . 2010-01-10 06:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-04-22 01:32 . 2010-01-10 06:52 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-04-21 23:09 . 2010-04-20 20:05 0 ----a-w- c:\windows\system32\tmp.tmp
2010-04-19 13:15 . 2010-01-05 03:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-18 16:18 . 2010-02-21 20:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony
2010-04-17 15:42 . 2010-01-19 07:55 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-04-09 13:21 . 2010-01-05 03:52 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-09 13:21 . 2010-01-05 03:52 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-09 13:20 . 2010-01-05 03:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 13:20 . 2010-01-05 03:52 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-09 09:21 . 2010-01-06 08:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Camfrog
2010-04-08 07:36 . 2010-01-12 20:19 -------- d-----w- c:\program files\TVersity Codec Pack
2010-04-08 07:12 . 2010-01-07 08:50 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-07 03:45 . 2010-01-14 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer
2010-04-05 23:51 . 2010-04-05 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-05 21:42 . 2010-03-28 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-02 20:37 . 2010-04-01 05:45 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink
2010-04-02 20:27 . 2010-04-02 20:26 -------- d-----w- c:\program files\InterActual
2010-04-02 20:26 . 2010-01-13 19:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-02 09:22 . 2010-01-05 05:00 -------- d-----w- c:\program files\ManyCam 2.4
2010-04-01 07:03 . 2010-04-01 06:59 -------- d-----w- c:\program files\wLite
2010-04-01 07:03 . 2010-04-01 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP5
2010-04-01 06:56 . 2010-04-01 06:56 -------- d-----w- c:\documents and settings\Owner\Application Data\CamTrack
2010-04-01 06:47 . 2010-01-07 12:30 -------- d-----w- c:\program files\WebcamMax
2010-04-01 06:19 . 2010-04-01 06:19 -------- d-----w- c:\documents and settings\Owner\Application Data\NeatImage SL
2010-04-01 05:54 . 2010-01-05 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-04-01 05:44 . 2010-01-05 04:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 05:43 . 2010-01-05 04:15 -------- d-----w- c:\program files\CyberLink
2010-04-01 05:41 . 2010-04-01 05:41 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2010-03-30 14:29 . 2010-02-28 13:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
2010-03-30 13:20 . 2010-01-07 13:42 -------- d-----w- c:\program files\AIM
2010-03-30 13:20 . 2010-03-30 13:20 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-28 05:47 . 2010-03-28 00:28 -------- d-----w- c:\program files\Safari
2010-03-28 00:31 . 2010-01-08 22:25 46316 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-28 00:30 . 2010-01-05 05:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-03-27 23:26 . 2010-03-27 23:26 -------- d-----w- c:\program files\Alwil Software
2010-03-27 23:26 . 2010-03-27 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-27 22:02 . 2010-03-27 22:02 -------- d-----w- c:\program files\CleanMyPC
2010-03-27 18:51 . 2010-01-05 04:09 -------- d-----w- c:\program files\Common Files\Java
2010-03-27 18:50 . 2010-01-05 05:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-27 17:52 . 2010-01-28 15:32 -------- d-----w- c:\program files\Winamp
2010-03-27 17:51 . 2010-02-26 02:02 -------- d-----w- c:\program files\Total Video Converter
2010-03-27 17:50 . 2010-03-18 23:31 -------- d-----w- c:\program files\Project64 1.6
2010-03-27 17:11 . 2010-03-08 01:48 -------- d-----w- c:\program files\FrostWire
2010-03-27 17:11 . 2010-03-08 01:21 -------- d-----w- c:\program files\GigaTribe
2010-03-27 17:11 . 2010-03-08 01:49 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2010-03-27 17:09 . 2010-03-20 08:01 -------- d-----w- c:\program files\K-Meleon
2010-03-27 17:09 . 2010-03-20 08:02 -------- d-----w- c:\documents and settings\Owner\Application Data\K-Meleon
2010-03-27 16:52 . 2010-01-20 05:56 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-27 14:51 . 2010-02-25 16:10 -------- d-----w- c:\program files\TagRename
2010-03-11 07:46 . 2010-01-05 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-10 06:15 . 2004-08-26 16:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 04:35 . 2010-01-05 03:47 63360 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-05 04:28 . 2010-03-05 04:28 29926 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2010-03-02 10:42 . 2010-03-02 10:40 89831 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 05:50 . 2010-02-26 05:50 0 ----a-w- c:\windows\Infob.dat
2010-02-26 05:50 . 2010-02-26 05:50 0 ----a-w- c:\windows\Infoa.dat
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:24 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-26 16:12 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 03:51 . 2010-02-22 03:08 82432 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msxml4r.dll
2010-02-22 03:51 . 2010-02-22 03:08 81920 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\LGMobileDL.dll
2010-02-22 03:51 . 2010-02-22 03:08 56648 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\SP_Starter.exe
2010-02-22 03:51 . 2010-02-22 03:08 53248 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\CommonDL.dll
2010-02-22 03:51 . 2010-02-22 03:08 44544 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msxml4a.dll
2010-02-22 03:51 . 2010-02-22 03:08 430080 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\LGMUpgradeDL.dll
2010-02-22 03:51 . 2010-02-22 03:08 413696 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msvcp60.dll
2010-02-22 03:51 . 2010-02-22 03:08 343040 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msvcrt.dll
2010-02-22 03:51 . 2010-02-22 03:08 1833649 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\USB_Driver\LGATOS_SPUSBDriver_WHQL_Eng_Ver_1.0.exe
2010-02-22 03:51 . 2010-02-22 03:08 1233920 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\msxml4.dll
2010-02-22 03:51 . 2010-02-22 03:08 1028096 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\SmartPhoneSetup\mfc42.dll
2010-02-17 13:10 . 2004-08-26 16:12 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 05:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2004-08-26 16:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-26 16:12 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 17:13 . 2010-01-13 19:45 165376 ----a-w- c:\windows\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-08 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-04-21 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mclpbbvm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/4/2010 11:52 PM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/4/2010 11:52 PM 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/26/2010 11:18 PM 218592]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/4/2010 11:52 PM 242896]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/4/2010 11:51 PM 30104]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/24/2010 12:56 AM 691696]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/4/2010 11:52 PM 216200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/26/2004 12:12 PM 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/4/2010 4:27 PM 135336]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/9/2010 9:21 AM 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [4/9/2010 9:20 AM 2325816]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/26/2010 11:19 PM 112592]
S2 DVC150;DVC 150B;c:\windows\system32\drivers\dvc150b.sys [3/1/2010 6:48 AM 30976]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/28/2010 12:11 PM 311568]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/4/2010 7:49 PM 304464]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/4/2010 11:51 PM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/9/2010 9:21 AM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/4/2010 11:51 PM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/4/2010 11:51 PM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/4/2010 11:51 PM 26120]
S3 DVC150B;Dazzle DVC 150B;c:\windows\system32\drivers\dvc150b.sys [3/1/2010 6:48 AM 30976]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/4/2010 7:49 PM 20952]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/26/2010 11:18 PM 366840]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [3/1/2010 7:26 AM 31872]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 Usbatos;LGE SP DL USB Serial Port;c:\windows\system32\drivers\lgusbatos.sys [2/21/2010 2:13 AM 22016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3143855373-11594618-982212904-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-08 05:36]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3143855373-11594618-982212904-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-08 05:36]

2010-05-07 c:\windows\Tasks\Orb Index when idle.job
- c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe [2009-12-21 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v960xjge.default\
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-07 16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A126AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76bbf28
\Driver\ACPI -> ACPI.sys @ 0xf7483cb8
\Driver\atapi -> atapi.sys @ 0xf7846852
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb8615bd4
PacketIndicateHandler -> NDIS.sys @ 0xb8621a21
SendHandler -> NDIS.sys @ 0xb8615d44
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-07 16:38:31
ComboFix-quarantined-files.txt 2010-05-07 20:38
ComboFix2.txt 2010-05-07 03:12

Pre-Run: 31,446,175,744 bytes free
Post-Run: 31,431,614,464 bytes free

- - End Of File - - D4EB0DFCCD3872BDBBE60424E6B81A64

JesseInsanity
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-05-06
OS : Windows XP

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by Dr Jay on Fri May 07, 2010 10:28 pm

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code:
mbr.exe -f

exit

Post a log (MBR.log).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by JesseInsanity on Fri May 07, 2010 10:35 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

JesseInsanity
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-05-06
OS : Windows XP

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by Dr Jay on Fri May 07, 2010 11:34 pm

Yay.

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by JesseInsanity on Sat May 08, 2010 9:50 am

I couldn't find the log information but it got rid of 306 trojans!

I'm not sure if my problem is fixed yet, I'll check later today.

JesseInsanity
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-05-06
OS : Windows XP

View user profile

Back to top Go down

Re: "Directrdr" Virus Help, Log posted inside, please help

Post by Dr Jay on Sat May 08, 2010 1:29 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum