Dvd43 plug-in - Activators Patch

26.08.2021 4 Comments

dvd43 plug-in  - Activators Patch

#Tags:avs,disc,creator Newest patch AVS Disc Creator 5.0.2.516 FileChip Scan and fix plugin affected with Internet Explorer. Copy the Activation Key from the keygen to the activation window and 8. click on "Next" 9. Premier Edition SP1 crack" UNLIMITED IN A tools Note: In. niducox.acmetoy.com. dvd43 plug-in  - Activators Patch

Similar video

dvd43 000,151,297 ÿÿÿÿ•€ ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:28,22,43,bb,49,cf,22,df,f9,25,c6,d6,e8,02,20,8e,ac,f1,bf,02,66,
81,6a,df,4a,59,d8,6a,81,39,cf,cc,b5,00,e6,7a,49,c0,c3,5d,33,e5,59,39,37,ca,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
i:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5176)
i:\windows\system32\WININET.dll
i:\progra~1\WINDOW~2\wmpband.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
i:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-08-17 21:35:02
ComboFix-quarantined-files.txt 2010-08-18 04:34
ComboFix2.txt 2010-08-17 17:52
ComboFix3.txt 2010-04-13 05:29

Pre-Run: 75,997,523,968 bytes free
Post-Run: 75,980,402,688 bytes smadav pro free download WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
i:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 0487AC969F0DBD0D0D88393A273C3636


  • August 18th, 2010, 01:42 AM#12

    I have no idea, what AOL is talking about. I think, AOL is the least security tool, you have to worry about

    Combofix log looks good

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ============================================================

    Update Malwarebytes, run "Quick scan" and post new log.

    =========================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
    1. August 13th, 2010, 02:05 PM#1

      Resolved [RESOLVED] Rogue Security Tool

      Hi Guys,

      I seem to have some Security Tool that wants to clean my PC (sure!!). I noticed there are new icons in the systray (that say 30126 when I hover over them). I cannot start ANY program, including ANY Malware/Spyware removal programs. Instead, some Security Tool control panel starts and asks to run it. Everything seems frozen.

      I re-started in Safe Mode, ran Spybot S&D - no threats and SuperAntiSpyware - removed 1 Rogue Security Tool. Stopped MalwareBytes halfway through - no threats. I haven't updated these programs in a few months because I was afraid to connect to the internet. I ran HijackThis and got a logfile, see below.

      Should I re-scan? Should I connect to the internet to dvd43 plug-in - Activators Patch anti-virus programs?

      Please advise,
      Mark

      HJT logfile:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 2:02:46 AM, on 8/13/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.17023)
      Boot mode: Safe mode

      Running processes:
      I:\WINDOWS\System32\smss.exe
      I:\WINDOWS\system32\winlogon.exe
      I:\WINDOWS\system32\services.exe
      I:\WINDOWS\system32\lsass.exe
      I:\WINDOWS\system32\svchost.exe
      I:\Program Files\Windows Defender\MsMpEng.exe
      I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      I:\WINDOWS\system32\svchost.exe
      I:\WINDOWS\Explorer.EXE
      I:\HJT\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: Dvd43 plug-in - Activators Patch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - I:\Program Files\AOL Toolbar\aoltb.dll
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (I:\Documents and Settings\MARK\Application Data\Mozilla\Profiles\default\bzncicaa.slt\prefs.js)
      N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://I%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (I:\Documents and Settings\MARK\Application Data\Mozilla\Profiles\default\bzncicaa.slt\prefs.js)
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - I:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - I:\Program Files\AOL Toolbar\aoltb.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\.\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
      O4 - HKLM\.\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\.\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\.\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\.\Run: [BDRegion] I:\Program Files\Cyberlink\Shared Files\brs.exe
      O4 - HKLM\.\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\.\Run: [LanguageShortcut] "I:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\.\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\.\Run: [WD Button Manager] WDBtnMgr.exe
      O4 - HKLM\.\Run: [Google Quick Search Box] "I:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
      O4 - HKCU\.\Run: [ATI Remote Control] I:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
      O4 - HKCU\.\Run: [swg] "I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\.\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\.\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\.\RunOnce: [30126] "I:\Documents and Settings\Mark\Local Settings\Application Data\30126.exe" 0 25
      O4 - HKCU\.\RunOnce: [012690625] "I:\DOCUME~1\Mark\LOCALS~1\APPLIC~1\012690625.exe" 0 27
      O4 - HKUS\S-1-5-18\.\Run: [DWQueuedReporting] "I:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\.\Run: [DWQueuedReporting] "I:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
      O4 - Startup: AOL Desktop.lnk = I:\Program Files\Common Files\AOL\Launch\aollaunch.exe
      O8 - Extra context menu item: &AOL Toolbar Search - I:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Google Sidewiki. - res://I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - I:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
      O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - I:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho.vex/hcImpl.cab
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives./as2stubie.cab
      O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage.ex-2.2.5.0.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso.an8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu.?1170464592171
      O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives./as2stubie.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives.ree/asinst.cab
      O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
      O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage.ex-2.2.1.6.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - I:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
      O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - I:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
      O23 - Service: Apache2 - Apache Software Foundation - I:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaSrv - C-Dilla Ltd - I:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
      O23 - Service: Crypkey License - Kenonic Controls Ltd. - I:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: IIS Admin (IISADMIN) - Unknown owner - I:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - I:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - I:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - I:\WINDOWS\system32\IoctlSvc.exe
      O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - I:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
      O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - I:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner dvd43 plug-in - Activators Patch I:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - I:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: WLSVC - Unknown owner - I:\Program Files\D-Link\DWA-130 revE\WLSVC.exe
      O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - I:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

      --
      End of file - 12191 bytes


    2. August 13th, 2010, 02:27 PM#2

      HJT is not what it once was.So please.
      http://discussions.virtualdr.com/sho.d.php?t=167915
      And post the logs in this thread.


    3. August 16th, 2010, 09:25 PM#3

      Hi,

      Sorry it took a while to respond, had some difficulty performing scans. Each time I start MalwareBytes or Gmer scans, my computer would lock up. I had to do the scans in Safe Mode (I didn't update Malware bytes, no internet in Safe Mode).

      Also, I could not access the Save button for GMER scan. In Safe Mode, the screen resolution was not big enough to see the button. Didn't know how else to save the logfile. Therefore, I made a screenshot of the GMER window when it finished. Maybe that will be helpful. Here's a link to the screenshot:
      http://www.stardancestudio.com/images/gmer.jpg

      &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Database version: 4052

      Windows 5.1.2600 Service Pack 3 (Safe Mode)
      Internet Explorer dvd43 plug-in - Activators Patch 8/14/2010 2:16:20 AM
      mbam-log-2010-08-14 (02-16-20)123.txt

      Scan type: Quick scan
      Objects scanned: 158249
      Time elapsed: 19 minute(s), 29 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 1
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 1

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> No action taken.

      Registry Values Infected:
      (No malicious items detected)

      Registry Dvd43 plug-in - Activators Patch Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      I:\Documents and Settings\Mark\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

      %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


      DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
      Run by Mark at 0:33:56.04 on Mon 08/16/2010
      Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_19
      Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1492 [GMT -7:00]

      AV: Avira AntiVir PersonalEdition abelssoft recordify 2020 - Activators Patch scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

      ============== Running Processes ===============

      I:\WINDOWS\system32\svchost -k DcomLaunch
      svchost.exe
      I:\Program Files\Windows Defender\MsMpEng.exe
      I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      I:\WINDOWS\system32\svchost.exe -k netsvcs
      I:\WINDOWS\Explorer.EXE
      I:\WINDOWS\system32\ctfmon.exe
      I:\Documents and Settings\Mark\Desktop\dds.scr

      ============== Pseudo HJT Report ===============

      mStart Page = hxxp://www.msn.com
      uInternet Settings,ProxyOverride = *.local
      uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - i:\program files\aol toolbar\aoltb.dll
      uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - i:\program files\yahoo!\companion\installs\cpn\yt.dll
      mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - i:\program files\aol toolbar\aoltb.dll
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - i:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
      BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - i:\progra~1\spybot~1\spybot~1\SDHelper.dll
      BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - i:\program files\google\google toolbar\GoogleToolbar_32.dll
      BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - i:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
      BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - i:\program files\yahoo!\companion\installs\cpn\yt.dll
      TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - i:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
      TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - i:\program files\aol toolbar\aoltb.dll
      TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - i:\program files\google\google toolbar\GoogleToolbar_32.dll
      TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - i:\program files\aol toolbar\toolbar.dll
      TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
      EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
      uRun: [ATI Remote Control] i:\program files\ati multimedia\remctrl\ATIX10.exe
      uRun: [swg] "i:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
      uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
      uRun: [MSMSGS] "i:\program CleanMyMac X 4.3.0.3 Crack - Crack Key For U /background
      uRun: [AdobeBridge]
      uRunOnce: [012690625] "i:\docume~1\mark\locals~1\applic~1\012690625.exe" 0 27
      uRunOnce: [30126] "i:\documents and settings\mark\local settings\application data\30126.exe" 0 25
      mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
      mRun: [avgnt] "i:\program files\avira\antivir personaledition classic\avgnt.exe" /min
      mRun: [Adobe Reader Speed Launcher] "i:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
      mRun: [Adobe ARM] "i:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
      mRun: [BDRegion] i:\program files\cyberlink\shared files\brs.exe
      mRun: [RemoteControl] "i:\program files\cyberlink\powerdvd\PDVDServ.exe"
      mRun: [LanguageShortcut] "i:\program files\cyberlink\powerdvd\language\Language.exe"
      mRun: [QuickTime Task] "i:\program files\quicktime\qttask.exe" -atboottime
      mRun: [WD Button Manager] WDBtnMgr.exe
      mRun: [Google Quick Search Box] "i:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
      mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      dRun: [DWQueuedReporting] "i:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
      StartupFolder: i:\docume~1\mark\startm~1\programs\startup\aoldes~1.lnk - i:\program files\common files\aol\launch\aollaunch.exe
      mPolicies-system: HideFastUserSwitching = 1 (0x1)
      IE: &AOL Toolbar Search - i:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
      IE: E&xport to Microsoft Excel - i:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
      IE: Google Sidewiki. - i:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
      IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - i:\progra~1\mi1933~1\office12\ONBttnIE.dll
      IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - i:\program files\ati multimedia\tv\EXPLBAR.DLL
      IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - i:\program files\hp\smart web printing\hpswp_extensions.dll
      IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - i:\program files\hp\smart web printing\hpswp_extensions.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - i:\progra~1\mi1933~1\office12\REFIEBAR.DLL
      IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - i:\windows\system32\Shdocvw.dll
      IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - i:\progra~1\spybot~1\spybot~1\SDHelper.dll
      DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
      DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
      DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
      DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
      DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170464592171
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
      DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
      DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
      DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
      DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
      DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
      DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
      Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - i:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
      Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - i:\program files\microsoft office\office12\GrooveSystemServices.dll
      Notify: AtiExtEvent - Ati2evxx.dll
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll
      SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - i:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
      SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - i:\progra~1\wifd1f~1\MpShHook.dll
      SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - i:\program files\superantispyware\SASSEH.DLL
      SEH: Groove GFS Dvd43 plug-in - Activators Patch Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - i:\program files\microsoft office\office12\GrooveShellExtensions.dll

      ================= FIREFOX ===================

      FF - ProfilePath - i:\docume~1\mark\applic~1\mozilla\firefox\profiles\734kbsrg.default user\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
      FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
      FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

      ---- FIREFOX POLICIES ----
      i:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
      i:\program files\mozilla firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
      i:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
      i:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
      i:\program dvd43 plug-in - Activators Patch firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
      i:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
      i:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
      i:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
      i:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
      i:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
      i:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
      i:\program files\mozilla firefox\greprefs\all.js dvd43 plug-in - Activators Patch pref("network.enablePad", false); // Allow client to do proxy autodiscovery
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version",
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
      i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

      ============= SERVICES / DRIVERS ===============

      R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [2010-2-9 64288]
      R0 MacOpen;MacOpen;i:\windows\system32\drivers\MacOpen.sys [2007-3-4 177152]
      R0 Pnp680;SiI 680 ATA Controller;i:\windows\system32\drivers\PnP680.sys [2006-11-15 66736]
      R1 AvgAsCln;AVG Anti-Spyware Clean Driver;i:\windows\system32\drivers\AvgAsCln.sys [2007-3-2 3968]
      R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;i:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
      R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
      R2 WinDefend;Windows Defender;i:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
      S0 pavboot;pavboot;i:\windows\system32\drivers\pavboot.sys [2010-4-11 28552]
      Dvd43 plug-in - Activators Patch AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;i:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
      S1 avgio;avgio;i:\program files\avira\antivir personaledition classic\avgio.sys [2010-4-9 11608]
      S1 SASDIFSV;SASDIFSV;i:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
      S1 SASKUTIL;SASKUTIL;i:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
      S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;i:\program files\avira\antivir personaledition classic\sched.exe [2010-4-9 68865]
      S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;i:\program files\avira\antivir personaledition classic\avguard.exe [2010-4-9 151297]
      S2 gupdate;Google Update Service (gupdate);i:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
      S2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;i:\windows\system32\drivers\WLNdis50.sys [2010-2-5 20480]
      S2 WLSVC;WLSVC;i:\program files\d-link\dwa-130 reve\WLSVC.exe [2010-2-5 167936]
      S3 avgntflt;avgntflt;i:\program files\avira\antivir personaledition classic\avgntflt.sys [2010-4-9 52056]
      S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;i:\windows\system32\drivers\RTL8192su.sys [2010-2-5 572544]
      S3 SASENUM;SASENUM;i:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

      =============== Created Last 30 ================


      ==================== Find3M ====================


      ============= FINISH: 0:35:20.06 =========

      Last edited by stardanz1; August 16th, 2010 at 09:27 PM.

    4. August 16th, 2010, 09:47 PM#4

      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT

      DDS (Ver_10-03-17.01)

      Microsoft Windows XP Professional
      Boot Device: \Device\HarddiskVolume1
      Install Date: 2/2/2007 4:34:30 PM
      System Uptime: 8/15/2010 10:40:17 AM (14 hours ago)

      Motherboard: Intel Corporation Language: ENU ----

      Notice: Undefined variable: z_bot in /sites/teethsmile.us/activators-patch/dvd43-plug-in-activators-patch.php on line 178

      Notice: Undefined variable: z_empty in /sites/teethsmile.us/activators-patch/dvd43-plug-in-activators-patch.php on line 178

      4 Comments

      Leave a Comment