BleepingComputer.com: Redirects in Google and Firefox

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

Redirects in Google and Firefox Got hit with malware - fixed most of it already

#1 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 09 June 2011 - 07:10 PM

Two days ago, my DH's PC was hit with something. Lost desktop icons, admin tools, all program items. Strange radio stations played intermittently. Rogue XP Spyware popups kept occurring and notes that our hard drive was about to fail. I thought he was using this computer at school and logging on to their highly secure network which does an antivirus check daily. Turns out, he hasn't done that for months, and he had no spyware/anti virus protection. Ugh.

I ran Spyware Doctor, Registry Mechanic, Malwarebytes, Super Anti Spyware. I tried installing TDSS and Combofix, but they would not install. Went into safe mode with networking and ran all the above. I also cleared java cache, firefox cache, IE cache, all browser histories, cookies, etc. I got the hidden icons returned and program files are visible. Radio has seemed to stop playing - I found that when it started an IEXPLORE.EXE system process would start and I would shut it down to stop the radio. Hasn't come on since yesterday.

So the issue I have left is the browser hijacking in both firefox and ie. Can you check the logs to see if I have rootkit causing the issues?
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dan Moon at 14:50:26 on 2011-06-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3544.2481 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r215959\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
svchost.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\32788R22FWJFW\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{B4663D70-DAE4-442E-BC2E-637285DABAF4} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{B5B3D094-D145-4AF3-9F3C-9EF72C16CC7E} : DhcpNameServer = 10.0.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan moon\application data\mozilla\firefox\profiles\pugcmp9n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm71968US&ptb=Jjl0gnNPHBLNBfCHWMdNoA&ind=2011022421&ptnrS=ZRxdm71968US&si=&n=77ddc455&psa=&st=kwd&searchfor=
FF - plugin: c:\documents and settings\dan moon\application data\mozilla\firefox\profiles\pugcmp9n.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-15 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-6-7 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-6-7 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-7 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-7 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-15 251560]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-6-7 233976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-6-8 632792]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-12-14 113024]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-12-14 160256]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-7 33552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-12-14 1656960]
S3 cpuz132;cpuz132;\??\c:\docume~1\danmoo~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\danmoo~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-24 39984]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-12-15 70664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-15 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-15 1117144]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
.
=============== Created Last 30 ================
.
2011-06-09 20:55:56 98816 ----a-w- c:\windows\sed.exe
2011-06-09 20:55:56 518144 ----a-w- c:\windows\SWREG.exe
2011-06-09 20:55:56 256512 ----a-w- c:\windows\PEV.exe
2011-06-09 20:55:56 208896 ----a-w- c:\windows\MBR.exe
2011-06-09 20:55:46 -------- d-s---w- C:\ComboFix
2011-06-09 20:12:40 -------- d-----w- c:\documents and settings\dan moon\application data\SUPERAntiSpyware.com
2011-06-09 20:12:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-09 20:12:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-09 17:44:10 726528 ----a-w- c:\windows\system32\SET61.tmp
2011-06-09 17:44:10 420864 ----a-w- c:\windows\system32\SET60.tmp
2011-06-09 07:28:41 -------- d-----w- C:\_OTM
2011-06-09 07:09:34 4778 ----a-w- c:\windows\system32\tmp.reg
2011-06-09 03:22:04 -------- d-sh--w- c:\documents and settings\dan moon\IECompatCache
2011-06-08 18:34:18 -------- d-sh--w- c:\documents and settings\dan moon\PrivacIE
2011-06-08 18:33:10 -------- d-sh--w- c:\documents and settings\dan moon\IETldCache
2011-06-08 18:16:51 -------- d-----w- c:\windows\ie8updates
2011-06-08 18:14:50 -------- dc----w- c:\windows\ie8
2011-06-08 18:11:21 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-08 18:11:17 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-08 18:11:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-08 18:11:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-08 18:11:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-08 18:11:15 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-08 18:11:15 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-08 18:11:13 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-08 17:25:52 -------- d-----w- c:\documents and settings\dan moon\application data\PCTools
2011-06-08 17:15:51 -------- d-----w- c:\program files\Registrar Lite
2011-06-08 07:41:21 -------- d-----w- c:\documents and settings\dan moon\application data\Registry Mechanic
2011-06-08 07:35:40 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-06-08 07:35:40 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-06-08 07:35:40 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-06-08 07:35:40 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-06-08 07:35:40 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-06-08 05:47:37 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-06-08 05:47:37 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-06-08 05:47:37 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-06-08 05:47:03 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-08 05:47:03 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-08 05:46:57 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-06-08 04:52:30 -------- d-s---w- c:\documents and settings\dan moon\UserData
2011-06-08 04:51:15 388096 ----a-r- c:\documents and settings\dan moon\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-08 04:51:14 -------- d-----w- c:\program files\Trend Micro
2011-06-08 00:31:54 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-05-29 20:03:16 -------- d-----w- c:\program files\Zero G Registry
2011-05-29 20:03:16 -------- d-----w- c:\program files\Edusoft Grader
2011-05-29 20:02:59 -------- d-----w- c:\documents and settings\dan moon\InstallAnywhere
.
==================== Find3M ====================
.
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 20:35:32 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-11 16:55:10 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-06 20:28:38 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-06 20:26:34 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
.
============= FINISH: 14:51:49.25 ===============

Attached File(s)

  • Attached File  attach.txt (21.55K)
    Number of downloads: 2
  • Attached File  ark.txt (14.33K)
    Number of downloads: 3

#2 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 14 June 2011 - 12:30 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 16 June 2011 - 01:31 AM

Hi, thanks for the help. Here are the three logs as you requested.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Dan Moon at 23:05:37 on 2011-06-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3544.2448 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r215959\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
svchost.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{B4663D70-DAE4-442E-BC2E-637285DABAF4} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{B4663D70-DAE4-442E-BC2E-637285DABAF4} : DhcpNameServer = 10.0.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan moon\application data\mozilla\firefox\profiles\pugcmp9n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm71968US&ptb=Jjl0gnNPHBLNBfCHWMdNoA&ind=2011022421&ptnrS=ZRxdm71968US&si=&n=77ddc455&psa=&st=kwd&searchfor=
FF - plugin: c:\documents and settings\dan moon\application data\mozilla\firefox\profiles\pugcmp9n.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-6-10 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-6-10 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-6-10 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-10 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-10 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-6-10 251560]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-6-10 233976]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-6-10 337872]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-6-8 632792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-6-10 371472]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-6-10 1117144]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-12-14 113024]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-6-10 70664]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-12-14 160256]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-10 33552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 PEVSystemStart;PEVSystemStart;"c:\fix32438f\pev.cfxxe" exec /i "c:\fix32438f\regt.cfxxe" /s "c:\fix32438f\cregb.dat" --> c:\fix32438f\pev.cfxxe [?]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-12-14 1656960]
S3 cpuz132;cpuz132;\??\c:\docume~1\danmoo~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\danmoo~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
.
=============== Created Last 30 ================
.
2011-06-10 19:35:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-10 19:35:42 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-10 19:35:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-10 19:11:16 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-10 19:05:32 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-06-10 19:05:32 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-06-10 19:05:32 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-06-10 18:55:33 767952 ----a-w- c:\windows\BDTSupport.dll
2011-06-10 18:55:32 2078672 ----a-w- c:\windows\PCTBDCore.dll
2011-06-10 18:55:32 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-06-10 18:55:32 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-06-10 18:39:14 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-10 18:39:14 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-10 18:39:14 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-10 18:39:10 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-10 18:39:10 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-10 18:39:09 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-06-10 18:39:06 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-10 18:38:57 -------- d-----w- c:\program files\PC Tools Security
2011-06-10 18:24:52 -------- d-sha-r- C:\cmdcons
2011-06-10 18:18:35 -------- d-----w- C:\fix
2011-06-09 20:55:56 98816 ----a-w- c:\windows\sed.exe
2011-06-09 20:55:56 518144 ----a-w- c:\windows\SWREG.exe
2011-06-09 20:55:56 256512 ----a-w- c:\windows\PEV.exe
2011-06-09 20:55:56 208896 ----a-w- c:\windows\MBR.exe
2011-06-09 20:55:46 -------- d-----w- C:\ComboFix
2011-06-09 20:12:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-09 07:28:41 -------- d-----w- C:\_OTM
2011-06-09 03:22:04 -------- d-sh--w- c:\documents and settings\dan moon\IECompatCache
2011-06-08 18:34:18 -------- d-sh--w- c:\documents and settings\dan moon\PrivacIE
2011-06-08 18:33:10 -------- d-sh--w- c:\documents and settings\dan moon\IETldCache
2011-06-08 18:16:51 -------- d-----w- c:\windows\ie8updates
2011-06-08 18:14:50 -------- dc----w- c:\windows\ie8
2011-06-08 18:11:21 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-08 18:11:17 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-08 18:11:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-08 18:11:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-08 18:11:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-08 18:11:15 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-08 18:11:15 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-08 18:11:13 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-08 17:25:52 -------- d-----w- c:\documents and settings\dan moon\application data\PCTools
2011-06-08 17:15:51 -------- d-----w- c:\program files\Registrar Lite
2011-06-08 07:41:21 -------- d-----w- c:\documents and settings\dan moon\application data\Registry Mechanic
2011-06-08 07:35:40 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-06-08 07:35:40 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-06-08 07:35:40 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-06-08 07:35:40 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-06-08 07:35:40 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-06-08 04:52:30 -------- d-s---w- c:\documents and settings\dan moon\UserData
2011-06-08 04:51:15 388096 ----a-r- c:\documents and settings\dan moon\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-08 04:51:14 -------- d-----w- c:\program files\Trend Micro
2011-06-08 00:31:54 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-05-29 20:03:16 -------- d-----w- c:\program files\Zero G Registry
2011-05-29 20:03:16 -------- d-----w- c:\program files\Edusoft Grader
2011-05-29 20:02:59 -------- d-----w- c:\documents and settings\dan moon\InstallAnywhere
.
==================== Find3M ====================
.
.
============= FINISH: 23:08:19.15 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/15/2009 8:38:59 PM
System Uptime: 6/15/2011 1:29:36 PM (10 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 411.288 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP407: 3/18/2011 7:38:09 AM - System Checkpoint
RP408: 3/20/2011 11:43:59 AM - System Checkpoint
RP409: 3/21/2011 1:01:34 PM - System Checkpoint
RP410: 3/22/2011 1:41:07 PM - System Checkpoint
RP411: 3/23/2011 6:55:56 PM - System Checkpoint
RP412: 3/23/2011 9:27:00 PM - Software Distribution Service 3.0
RP413: 3/24/2011 9:27:20 PM - System Checkpoint
RP414: 3/26/2011 11:55:23 AM - System Checkpoint
RP415: 3/27/2011 12:24:17 PM - System Checkpoint
RP416: 3/28/2011 3:01:55 PM - System Checkpoint
RP417: 3/29/2011 5:53:44 PM - System Checkpoint
RP418: 3/31/2011 7:03:44 PM - System Checkpoint
RP419: 4/2/2011 12:34:09 PM - System Checkpoint
RP420: 4/3/2011 12:51:52 PM - System Checkpoint
RP421: 4/4/2011 2:37:57 PM - System Checkpoint
RP422: 4/6/2011 7:35:06 AM - System Checkpoint
RP423: 4/7/2011 9:12:37 AM - System Checkpoint
RP424: 4/8/2011 11:13:27 AM - System Checkpoint
RP425: 4/9/2011 12:58:53 PM - System Checkpoint
RP426: 4/11/2011 7:33:08 AM - System Checkpoint
RP427: 4/12/2011 11:30:54 AM - System Checkpoint
RP428: 4/13/2011 11:38:23 AM - System Checkpoint
RP429: 4/14/2011 1:45:02 PM - System Checkpoint
RP430: 4/16/2011 1:18:57 PM - System Checkpoint
RP431: 4/17/2011 11:09:20 AM - Software Distribution Service 3.0
RP432: 4/18/2011 11:31:40 AM - System Checkpoint
RP433: 4/19/2011 11:35:10 AM - System Checkpoint
RP434: 4/20/2011 12:14:10 PM - System Checkpoint
RP435: 4/21/2011 10:13:04 AM - Software Distribution Service 3.0
RP436: 4/22/2011 11:09:36 AM - System Checkpoint
RP437: 4/23/2011 11:37:06 AM - System Checkpoint
RP438: 4/24/2011 12:11:51 PM - System Checkpoint
RP439: 4/25/2011 12:29:59 PM - System Checkpoint
RP440: 4/26/2011 1:04:40 PM - System Checkpoint
RP441: 4/26/2011 9:09:08 PM - Software Distribution Service 3.0
RP442: 4/28/2011 8:42:33 AM - System Checkpoint
RP443: 4/29/2011 8:46:38 AM - System Checkpoint
RP444: 4/30/2011 9:20:18 AM - System Checkpoint
RP445: 5/1/2011 12:14:05 PM - System Checkpoint
RP446: 5/2/2011 1:16:33 PM - System Checkpoint
RP447: 5/3/2011 1:40:19 PM - System Checkpoint
RP448: 5/4/2011 1:54:18 PM - System Checkpoint
RP449: 5/5/2011 2:56:07 PM - System Checkpoint
RP450: 5/8/2011 3:29:40 PM - System Checkpoint
RP451: 5/9/2011 6:31:10 PM - System Checkpoint
RP452: 5/10/2011 8:50:22 PM - System Checkpoint
RP453: 5/11/2011 9:09:12 PM - System Checkpoint
RP454: 5/12/2011 7:32:14 PM - Software Distribution Service 3.0
RP455: 5/14/2011 4:16:05 PM - System Checkpoint
RP456: 5/15/2011 4:37:39 PM - System Checkpoint
RP457: 5/17/2011 8:21:39 AM - System Checkpoint
RP458: 5/18/2011 8:03:01 PM - System Checkpoint
RP459: 5/20/2011 9:06:55 PM - System Checkpoint
RP460: 5/21/2011 10:04:02 PM - System Checkpoint
RP461: 5/23/2011 7:34:20 AM - System Checkpoint
RP462: 5/24/2011 7:35:02 AM - System Checkpoint
RP463: 5/25/2011 9:27:48 AM - System Checkpoint
RP464: 5/26/2011 9:42:00 AM - System Checkpoint
RP465: 5/27/2011 11:01:10 AM - System Checkpoint
RP466: 5/28/2011 11:19:16 AM - System Checkpoint
RP467: 5/29/2011 12:56:11 PM - System Checkpoint
RP468: 5/30/2011 1:05:44 PM - System Checkpoint
RP469: 5/31/2011 3:46:51 PM - System Checkpoint
RP470: 6/1/2011 7:36:18 PM - System Checkpoint
RP471: 6/3/2011 12:06:01 PM - System Checkpoint
RP472: 6/4/2011 12:26:33 PM - System Checkpoint
RP473: 6/5/2011 12:27:21 PM - System Checkpoint
RP474: 6/6/2011 4:35:23 PM - System Checkpoint
RP475: 6/7/2011 9:51:14 PM - Installed HiJackThis
RP476: 6/8/2011 12:47:43 AM - Made by Registry Mechanic
RP477: 6/8/2011 10:10:44 AM - Made by Registry Mechanic
RP478: 6/8/2011 11:15:09 AM - Installed Windows Internet Explorer 8.
RP479: 6/8/2011 11:16:35 AM - Software Distribution Service 3.0
RP480: 6/8/2011 1:39:20 PM - Made by Registry Mechanic
RP481: 6/9/2011 2:39:52 PM - Software Distribution Service 3.0
RP482: 6/9/2011 7:00:54 PM - Made by Registry Mechanic
RP483: 6/10/2011 12:28:32 PM - Removed Java™ 6 Update 13
RP484: 6/10/2011 12:35:08 PM - Installed Java™ 6 Update 26
RP485: 6/11/2011 1:02:48 PM - System Checkpoint
RP486: 6/11/2011 7:02:08 PM - Made by Registry Mechanic
RP487: 6/11/2011 9:07:40 PM - Made by Registry Mechanic
RP488: 6/15/2011 1:05:40 PM - System Checkpoint
RP489: 6/15/2011 8:44:31 PM - Made by Registry Mechanic
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Brother MFL-Pro Suite MFC-790CW
Browser Defender 3.0
Crossword Weaver 8.0
Dell Touchpad
Dell Wireless WLAN Card Utility
DiskAid 4.11
Edusoft Grader
Google Chrome
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 3500
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 26
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows XP Video Decoder Checkup Utility
MotoHelper MergeModules
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenDNS Updater 2.2.1
PaperPort Image Printer
PowerTeacher Gradebook
QuickSet
QuickTime
Registry Mechanic 10.0
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spyware Doctor with AntiVirus 8.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 12:28:42 AM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:28:42 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:28:42 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:28:42 AM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:28:42 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:28:42 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:28:42 AM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:28:42 AM, error: Service Control Manager [7034] - The Adobe Active File Monitor V5 service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:28:42 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/9/2011 12:28:42 AM, error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/9/2011 12:28:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 12:20:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
6/9/2011 12:02:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/9/2011 1:49:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/9/2011 1:26:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm PCTSD SASDIFSV SASKUTIL TfFsMon TfSysMon
6/8/2011 9:12:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm PCTSD TfFsMon TfSysMon
6/8/2011 9:11:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/8/2011 12:57:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/8/2011 12:53:55 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
6/8/2011 12:53:55 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/8/2011 12:53:55 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/8/2011 12:53:35 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
6/8/2011 1:25:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/11/2011 9:24:42 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{B5B3D094-D145-4AF3-9F3C-9EF72C16CC7E} because another computer on the network has the same name. The server could not start.
6/11/2011 9:18:58 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.3 with the system having network hardware address 00:1A:E9:AB:1D:FC. Network operations on this system may be disrupted as a result.
6/11/2011 9:09:33 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.1 with the system having network hardware address 30:46:9A:96:38:D2. Network operations on this system may be disrupted as a result.
6/11/2011 8:25:20 PM, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
6/11/2011 8:25:16 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
6/11/2011 10:34:24 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.4 with the system having network hardware address 60:FB:42:4B:86:EA. Network operations on this system may be disrupted as a result.
6/10/2011 12:19:03 PM, error: PlugPlayManager [11] - The device Root\LEGACY_CATCHME\0000 disappeared from the system without first being prepared for removal.
6/10/2011 11:34:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
6/10/2011 11:18:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm TfFsMon TfSysMon
.
==== End Of File ===========================


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB86CA000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6049792 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF297000 C:\WINDOWS\System32\igxpdx32.DLL 3461120 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xBF058000 C:\WINDOWS\System32\igxpdv32.DLL 2355200 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1867776 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1867776 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA4165000 C:\WINDOWS\system32\drivers\sthda.sys 1490944 bytes (IDT, Inc., IDT PC Audio)
0x9B800000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1392640 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x9CCA5000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 851968 bytes
0xB9E33000 iaStor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9CE2000 pctEFA.sys 675840 bytes (PC Tools, PC Tools Extended File Attributes)
0xB9C07000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB8420000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA3EC7000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8347000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA4071000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9C48D000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB9D87000 pctDS.sys 356352 bytes (PC Tools, PC Tools Data Store)
0xBF5E4000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB84CF000 C:\WINDOWS\system32\DRIVERS\yk51x86.sys 290816 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0xB9DDE000 PCTCore.sys 274432 bytes (PC Tools, PC Tools KDS Core Driver)
0x9BABC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA4035000 C:\WINDOWS\system32\drivers\pctgntdi.sys 245760 bytes (PC Tools, PC Tools Generic TDI Driver)
0xA3F37000 C:\WINDOWS\System32\Drivers\PCTSD.sys 241664 bytes (PC Tools, PC Tools SD Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 212992 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB849C000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 208896 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xB83A5000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9C885000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9BDA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9B52A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA3F72000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x9CD75000 C:\WINDOWS\System32\Drivers\RTS5121.sys 176128 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for 2K/XP/Vista)
0xB866A000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA3FBF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F03000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA400F000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA4141000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8692000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB83FD000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA3F9D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134528 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9F48000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F29000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA4125000 C:\WINDOWS\system32\drivers\AESTAud.sys 114688 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xB9BC0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9CA7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB83E6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9CBD8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB86B6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA40CA000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9CCF000 TfSysMon.sys 77824 bytes (PC Tools, ThreatFire System Monitor)
0xB9C94000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9E21000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB83D5000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9CBE000 TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0x9D8F9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9BC3D000 C:\WINDOWS\system32\drivers\pctplsg.sys 65536 bytes (PC Tools, PC Tools SG Plugin Driver)
0xA5232000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA278000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA4718000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA5BD0000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA258000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9C30D000 C:\WINDOWS\system32\drivers\TfNetMon.sys 49152 bytes (PC Tools, ThreatFire Network Monitor)
0xA5202000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xA5BE0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9B640000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9E285000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA288000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA5212000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9BD85000 C:\Program Files\PC Tools Security\PCTSDInj32.sys 36864 bytes (PC Tools, UM Injection Driver)
0xA5222000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA549D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA6EBD000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x9CF66000 C:\DOCUME~1\DANMOO~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA6EB5000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA54A5000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA330000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9DE04000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA42E5000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9B84000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9DFE2000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA3FEF000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9E889000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA4418000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0x9E87D000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9B9C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA4410000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5A4000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xA42F1000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5C6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5C4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5C8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5CE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA60C000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBA60E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5C0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6EB000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0x9D445000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA4759000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
0x8A606A91 Unknown page with executable code, 1391 bytes
0x8A605288 Unknown page with executable code, 3448 bytes
0x8A607191 Unknown page with executable code, 3695 bytes
0xBA0C8000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x8A609E7A Unknown thread object [ ETHREAD 0x8AFEA020 ] TID: 172, 600 bytes
0x8A60C008 Unknown thread object [ ETHREAD 0x8AFEADA8 ] TID: 176, 600 bytes
0x8A60BCDC Unknown page with executable code, 804 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#4 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 16 June 2011 - 02:08 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 16 June 2011 - 06:12 PM

Hi, I've closed out and disabled my spyware and anti-virus programs. I ran Combo Fix and it won't go past the "Output folder: C:\32788R22FWJFW" line.

#6 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 16 June 2011 - 06:24 PM

I tried running it again and I got
Can't write: C:\32788R22FWJFW\iexplore.exe and then it asked to abort, retry, ignore

#7 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 16 June 2011 - 06:34 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#8 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 16 June 2011 - 07:21 PM

The only way I could get it to run in Safe Mode is to completely remove my Spyware Doctor program (it kept saying it was active even though I disabled it) and then hitting "ignore" when it got to the "Can't write: C:\32788R22FWJFW\iexplore.exe". It took a few times to get it to run without stalling.

ComboFix 11-06-16.01 - Dan Moon 06/16/2011 17:08:16.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3544.3280 [GMT -7:00]
Running from: c:\documents and settings\Dan Moon\Desktop\fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-16 23:41 . 2011-06-16 23:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-06-10 19:36 . 2011-06-10 19:36 -------- d-----w- c:\program files\Common Files\Java
2011-06-10 19:35 . 2011-06-10 19:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-10 19:35 . 2011-06-10 19:35 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-10 19:35 . 2011-06-10 19:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-10 18:55 . 2011-05-20 18:44 767952 ----a-w- c:\windows\BDTSupport.dll
2011-06-10 18:55 . 2011-05-20 18:44 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-06-10 18:55 . 2011-05-20 18:44 2078672 ----a-w- c:\windows\PCTBDCore.dll
2011-06-10 18:55 . 2011-05-20 18:44 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-06-10 18:38 . 2011-06-16 23:53 -------- d-----w- c:\program files\PC Tools Security
2011-06-10 18:18 . 2011-06-10 18:19 -------- d-----w- C:\fix
2011-06-09 20:55 . 2011-06-10 18:18 -------- d-----w- C:\ComboFix
2011-06-09 20:12 . 2011-06-09 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-09 19:02 . 2011-06-09 19:02 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-06-09 07:28 . 2011-06-09 07:28 -------- d-----w- C:\_OTM
2011-06-09 03:22 . 2011-06-09 03:22 -------- d-sh--w- c:\documents and settings\Dan Moon\IECompatCache
2011-06-08 20:29 . 2011-06-08 20:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Registry Mechanic
2011-06-08 20:25 . 2011-06-08 20:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2011-06-08 20:23 . 2011-06-08 20:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-06-08 20:23 . 2011-06-08 20:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-08 18:34 . 2011-06-08 18:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-06-08 18:34 . 2011-06-08 18:34 -------- d-sh--w- c:\documents and settings\Dan Moon\PrivacIE
2011-06-08 18:33 . 2011-06-08 18:33 -------- d-sh--w- c:\documents and settings\Dan Moon\IETldCache
2011-06-08 18:14 . 2011-06-08 18:16 -------- dc----w- c:\windows\ie8
2011-06-08 18:11 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-08 18:11 . 2011-02-22 23:06 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-08 18:11 . 2011-02-22 23:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-08 18:11 . 2011-02-22 23:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-08 18:11 . 2011-02-22 23:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-08 18:11 . 2011-02-22 23:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-08 18:11 . 2011-02-22 23:06 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-08 18:11 . 2011-02-22 23:06 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-08 17:25 . 2011-06-08 17:25 -------- d-----w- c:\documents and settings\Dan Moon\Application Data\PCTools
2011-06-08 17:15 . 2011-06-10 18:14 -------- d-----w- c:\program files\Registrar Lite
2011-06-08 07:41 . 2011-06-08 07:50 -------- d-----w- c:\documents and settings\Dan Moon\Application Data\Registry Mechanic
2011-06-08 04:52 . 2011-06-08 04:52 -------- d-s---w- c:\documents and settings\Dan Moon\UserData
2011-06-08 04:51 . 2011-06-08 04:51 388096 ----a-r- c:\documents and settings\Dan Moon\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-08 04:51 . 2011-06-08 04:51 -------- d-----w- c:\program files\Trend Micro
2011-06-08 00:31 . 2011-06-08 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-29 20:03 . 2011-05-29 20:05 -------- d-----w- c:\program files\Edusoft Grader
2011-05-29 20:03 . 2011-05-29 20:03 -------- d-----w- c:\program files\Zero G Registry
2011-05-29 20:02 . 2011-05-29 20:02 -------- d-----w- c:\documents and settings\Dan Moon\InstallAnywhere
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-06-09 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-03 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-03 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-05-20 247760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dan Moon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 15:55 61440 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-05-29 20:49 1085440 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-22 01:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-24 02:51 233472 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 18:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 03:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-04-05 18:01 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 03:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"yksvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [12/14/2009 1:04 PM 160256]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [6/10/2011 11:55 AM 337872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 9:27 PM 135664]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 9:47 AM 202048]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [12/14/2009 1:04 PM 113024]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [12/14/2009 1:04 PM 1656960]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 9:27 PM 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 04:27]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 04:27]
.
2011-05-26 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-06-16 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-05-10 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{B4663D70-DAE4-442E-BC2E-637285DABAF4}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Dan Moon\Application Data\Mozilla\Firefox\Profiles\pugcmp9n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm71968US&ptb=Jjl0gnNPHBLNBfCHWMdNoA&ind=2011022421&ptnrS=ZRxdm71968US&si=&n=77ddc455&psa=&st=kwd&searchfor=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(312)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(1432)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-06-16 17:13:26
ComboFix-quarantined-files.txt 2011-06-17 00:13
ComboFix2.txt 2011-06-10 18:29
.
Pre-Run: 442,089,340,928 bytes free
Post-Run: 442,073,866,240 bytes free
.
- - End Of File - - AB5E1FC0637234DD8851BCAF5E35532E

#9 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 16 June 2011 - 07:24 PM

I still get redirects in Firefox after running Combo Fix.

#10 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 16 June 2011 - 08:51 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 16 June 2011 - 10:05 PM

I cannot get tdsskiller to execute. I did the download, opened it from the desktop, and nothing happens. Tried it in Safe Mode, same thing. Tried renaming it, nothing.

#12 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 16 June 2011 - 10:12 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 17 June 2011 - 02:38 AM

My only clean computer is a Mac. I can't download these to it, right?

#14 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,462
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 17 June 2011 - 02:51 AM

I don't think so

can you connect to the internet from the infected computer to download these and put on th usb



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15 User is offline   moonatics 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 25-April 10

Posted 18 June 2011 - 12:19 AM

I followed all steps of downloading and sending to the newly formatted USB. When I boot in USB (after F12 pressing), I get "Missing Operating System" in upper left corner. I have reinstalled twice, following the instructions, and continue to get this message. ????

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users