Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect Virus on Windows XP


  • This topic is locked This topic is locked
40 replies to this topic

#1 ttnguyen77

ttnguyen77

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 25 April 2011 - 09:53 AM

The other day, I noticed that my laptop was infected with some sort of malware that caused my desktop background to go black and most of my icons to disappear. Symantic Anti-Virus flagged it as "Ultra Defragger". After doing some research, I downloaded rkill, malwarebytes, ccleaner and unhide to get rid of it. This seemed to work but it looks like some sort of browser redirecting virus/malware remained. Malwarebytes, Symantic and Stinger are not picking it up.

Trying to resolve these issues has proven to be an aggravating experience to say the least. Any help from the experts would be greatly appreciated!!!!!!

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.

If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Thank you so much for your help!!!!!!!!! In addition to being redirected to random sites when I click on a search result, I will hear weird audio seeming out of nowhere (even when I'm not using explorer).

DDS Log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Tom at 21:10:53.50 on Tue 04/26/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1223 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tom\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: bmnet.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://al-fdc-sa2.advisor-connection.com/dana-cached/sc/JuniperSetupClient.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {0CF3CAE6-C07C-4F6E-8219-80089FD0309A} - c:\program files\pdfcamp\PDFcampCUCheck.vbs
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110420.002\naveng.sys [2011-4-20 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110420.002\navex15.sys [2011-4-20 1393144]
S0 cerc6;cerc6; [x]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\tom\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\tom\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-7-27 121416]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2009-3-31 190080]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2009-5-4 148096]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2011-04-21 19:06:30 -------- d-----w- c:\program files\CCleaner
2011-04-21 17:46:14 -------- d-----w- c:\windows\PIF
2011-04-21 14:36:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 14:36:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-21 06:13:24 -------- d-----w- c:\docume~1\tom\applic~1\Malwarebytes
2011-04-21 06:11:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-14 19:05:06 40408 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2011-04-14 19:03:55 -------- d-----w- c:\program files\common files\Research In Motion
2011-04-14 19:03:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\LG
2011-04-14 19:03:52 -------- d-----w- c:\program files\AT&T
2011-04-14 19:03:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\AT&T
2011-04-07 03:37:20 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-07 03:37:19 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-04-07 03:37:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-07 03:37:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-04 02:13:22 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-04-02 15:34:16 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\Mozilla
2011-03-30 20:22:40 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2011-03-30 20:22:40 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll
2011-03-30 20:22:32 -------- d-----w- c:\program files\Juniper Networks
2011-03-30 20:19:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Juniper Networks
2011-03-30 20:19:34 -------- d-----w- c:\docume~1\tom\applic~1\Juniper Networks
2011-03-30 20:14:28 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2011-03-30 20:14:28 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-30 20:08:32 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-30 20:08:32 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-30 20:07:25 -------- d-----w- c:\docume~1\tom\applic~1\AT&T
2011-03-30 20:06:25 -------- d-----w- c:\program files\common files\Motorola Shared
2011-03-30 20:04:20 -------- d-----w- c:\program files\Sierra Wireless Inc
2011-03-30 20:04:19 -------- d-----w- c:\docume~1\tom\applic~1\Sierra Wireless
2011-03-30 19:33:07 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\Thomson Financial
2011-03-30 19:12:18 -------- d-----w- C:\SS 2009 Utilities
2011-03-30 19:11:48 130627 ----a-w- C:\WEXS11.exe
2011-03-30 19:10:51 -------- d-----w- c:\windows\Install Logs
2011-03-30 19:09:31 -------- d-----w- c:\program files\Seagate Software
2011-03-30 19:09:30 -------- d-----w- c:\windows\Crystal
2011-03-30 19:08:41 -------- d-----w- c:\program files\BETASystems
2011-03-30 19:06:38 -------- d-----w- c:\docume~1\tom\applic~1\Thomson Financial
2011-03-30 19:06:22 81920 ----a-w- c:\windows\system32\pdfxp.dll
2011-03-30 19:06:22 40960 ----a-w- c:\windows\system32\unpdf.exe
2011-03-30 19:05:29 -------- d-----w- c:\windows\SPOOL
2011-03-30 19:05:16 -------- d-----w- c:\program files\Thomson Financial
2011-03-30 19:05:16 -------- d-----w- c:\program files\PDFcamp
2011-03-30 18:50:01 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-30 18:50:01 215920 ----a-w- c:\windows\system32\muweb.dll
2011-03-30 18:50:01 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-03-30 18:32:45 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\ApplicationHistory
2011-03-30 18:30:02 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-03-30 18:30:02 6075904 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-03-30 18:30:02 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-30 18:30:02 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-30 18:30:02 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-03-30 18:30:02 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-03-30 18:30:02 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-03-30 18:30:02 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-03-30 17:21:53 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-03-30 17:19:03 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-30 17:18:40 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-30 17:18:33 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-30 17:18:33 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-30 17:18:33 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-30 17:18:33 117760 ------w- c:\windows\system32\prntvpt.dll
2011-03-30 17:18:32 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-30 17:18:32 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-03-30 17:18:31 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-30 17:18:31 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-03-30 17:18:31 -------- d-----w- C:\dfc355fc1196bc0eb3321cc7b38003c9
2011-03-30 17:13:12 -------- d-----w- c:\windows\system32\URTTemp
2011-03-30 17:11:07 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-30 16:59:03 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-03-30 16:59:03 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-03-30 16:59:03 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-03-30 16:57:25 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\Symantec
2011-03-30 16:56:41 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-03-30 16:56:41 123200 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-30 16:56:32 -------- d-----w- c:\program files\Symantec
2011-03-30 16:56:22 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-03-30 16:56:22 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-03-30 16:56:22 -------- d-----w- c:\program files\Symantec AntiVirus
2011-03-30 16:56:22 -------- d-----w- c:\program files\common files\Symantec Shared
2011-03-30 16:56:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2011-03-30 16:54:52 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\Adobe
2011-03-30 16:50:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-03-30 16:49:55 -------- d-sh--w- c:\documents and settings\tom\UserData
2011-03-30 16:49:15 -------- d-----w- c:\windows\system32\PreInstall
2011-03-30 16:49:13 -------- d-----w- c:\windows\$hf_mig$
2011-03-30 16:48:21 -------- d-----w- c:\windows\system32\Adobe
2011-03-30 16:46:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-30 16:46:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 16:41:37 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-03-30 16:35:04 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\PowerDVD DX
2011-03-30 16:34:01 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-03-30 16:34:01 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-03-30 16:34:01 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-03-30 16:34:00 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-03-30 16:34:00 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-03-30 16:33:54 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-03-30 16:33:54 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-03-30 16:32:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
2011-03-30 16:28:19 -------- d-----w- c:\program files\common files\SureThing Shared
2011-03-30 16:27:53 -------- d-----w- c:\program files\common files\Sonic Shared
2011-03-30 16:27:26 -------- d-----w- c:\program files\Roxio
2011-03-30 16:27:10 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2011-03-30 16:27:10 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2011-03-30 16:27:08 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-03-30 16:07:30 -------- d-----w- c:\windows\Internet Logs
2011-03-30 16:07:13 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2011-03-30 16:07:13 101904 ----a-w- c:\windows\system32\dneinobj.dll
2011-03-30 16:07:00 -------- d-----w- c:\program files\common files\Deterministic Networks
2011-03-30 16:06:57 -------- d-----w- c:\program files\Cisco Systems
2011-03-30 16:06:21 -------- d-----w- C:\Cisco VPN
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
============= FINISH: 21:11:21.81 ===============


GMER Log:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-26 21:43:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST980825AS rev.8.04
Running: gmer.exe; Driver: C:\DOCUME~1\Tom\LOCALS~1\Temp\kwpdikow.sys


---- System - GMER 1.0.15 ----

SSDT 89AC2A80 ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys BA0F3BD0 4 Bytes [B0, A5, 53, 80]
INITc VolSnap.sys BA0F3BF8 4 Bytes [B8, A1, 4F, 80]
INITc VolSnap.sys BA0F3C20 4 Bytes [B6, AE, 4F, 80]
INITc VolSnap.sys BA0F3C48 4 Bytes [30, FF, 4F, 80]
INITc VolSnap.sys BA0F3C70 4 Bytes [7A, A8, 4F, 80]
INITc ...
? C:\DOCUME~1\Tom\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\explorer.exe[1304] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 00FB18D5
.text C:\WINDOWS\explorer.exe[1304] WININET.dll!HttpAddRequestHeadersW 3D9AA4FD 5 Bytes JMP 00FB1A9D
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0129000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0126000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0104000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0127000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0128000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0059000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 89CC6E7A
Thread System [4:124] 89CC9008

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 27 April 2011 - 03:17 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:48 AM

Posted 02 May 2011 - 11:08 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ttnguyen77

ttnguyen77
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 02 May 2011 - 07:22 PM

Thank you so much for you help!

DDS.txt


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Tom at 20:05:49.19 on Mon 05/02/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1441 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tom\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: bmnet.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://al-fdc-sa2.advisor-connection.com/dana-cached/sc/JuniperSetupClient.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {0CF3CAE6-C07C-4F6E-8219-80089FD0309A} - c:\program files\pdfcamp\PDFcampCUCheck.vbs
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110420.002\naveng.sys [2011-4-20 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110420.002\navex15.sys [2011-4-20 1393144]
S0 cerc6;cerc6; [x]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\tom\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\tom\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-7-27 121416]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2009-3-31 190080]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2009-5-4 148096]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2011-04-21 19:06:30 -------- d-----w- c:\program files\CCleaner
2011-04-21 17:46:14 -------- d-----w- c:\windows\PIF
2011-04-21 14:36:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 14:36:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-21 06:13:24 -------- d-----w- c:\docume~1\tom\applic~1\Malwarebytes
2011-04-21 06:11:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-14 19:05:06 40408 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2011-04-14 19:03:55 -------- d-----w- c:\program files\common files\Research In Motion
2011-04-14 19:03:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\LG
2011-04-14 19:03:52 -------- d-----w- c:\program files\AT&T
2011-04-14 19:03:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\AT&T
2011-04-07 03:37:20 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-07 03:37:19 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-04-07 03:37:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-07 03:37:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-04 02:13:22 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
.
==================== Find3M ====================
.
2011-03-30 16:46:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-30 16:46:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 20:05:58.26 ===============










Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2011 11:38:10 AM
System Uptime: 5/2/2011 7:58:37 PM (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel Pentium III Xeon processor | Microprocessor | 2392/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 61.127 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1: 3/30/2011 11:40:27 AM - System Checkpoint
RP2: 3/30/2011 11:43:54 AM - Installed OZ776 SCR Driver V1.1.4.202
RP3: 3/30/2011 11:46:20 AM - Installed Intel® PROSet/Wireless WiFi Software.
RP4: 3/30/2011 11:47:59 AM - Installed Broadcom Gigabit Integrated Controller.
RP5: 3/30/2011 11:48:29 AM - Installed Windows XP Wdf01005.
RP6: 3/30/2011 11:49:41 AM - Removed Intel® PROSet/Wireless WiFi Software.
RP7: 3/30/2011 11:52:37 AM - Installed SigmaTel Audio
RP8: 3/30/2011 11:53:31 AM - Installed Windows Media Player 11
RP9: 3/30/2011 11:53:41 AM - Installed Windows XP Wudf01000.
RP10: 3/30/2011 11:54:39 AM - Installed Windows XP MSCompPackV1.
RP11: 3/30/2011 11:57:15 AM - Installed Microsoft Office Professional Plus 2007
RP12: 3/30/2011 12:06:55 PM - Installed Cisco Systems VPN Client 5.0.00.0340
RP13: 3/30/2011 12:27:07 PM - Installed DirectX
RP14: 3/30/2011 12:46:41 PM - Installed Java™ 6 Update 24
RP15: 3/30/2011 12:49:12 PM - Software Distribution Service 3.0
RP16: 3/30/2011 12:50:47 PM - Software Distribution Service 3.0
RP17: 3/30/2011 12:54:21 PM - Installed Adobe Reader 8.1.2
RP18: 3/30/2011 12:56:01 PM - Installed Symantec AntiVirus
RP19: 3/30/2011 1:13:00 PM - Software Distribution Service 3.0
RP20: 3/30/2011 2:13:19 PM - Installed Windows XP WgaNotify.
RP21: 3/30/2011 2:21:26 PM - Software Distribution Service 3.0
RP22: 3/30/2011 3:05:12 PM - Installed Thomson ONE 4.5 Build 31
RP23: 3/30/2011 3:08:37 PM - Installed Thomson Reuters BETALink 10.2 Build 37.
RP24: 3/30/2011 4:05:54 PM - Installed AT&T Communication Manager.
RP25: 4/3/2011 10:08:40 PM - Software Distribution Service 3.0
RP26: 4/13/2011 11:02:01 PM - System Checkpoint
RP27: 4/14/2011 3:03:04 PM - Removed AT&T Communication Manager.
RP28: 4/14/2011 3:03:48 PM - Installed AT&T Communication Manager.
RP29: 4/14/2011 3:05:12 PM - Install LG USB NDIS Driver
RP30: 4/16/2011 9:37:27 AM - Software Distribution Service 3.0
RP31: 4/21/2011 12:53:50 AM - Software Distribution Service 3.0
RP32: 4/21/2011 10:28:39 PM - Software Distribution Service 3.0
RP33: 4/25/2011 8:34:36 AM - System Checkpoint
RP34: 4/25/2011 10:06:33 AM - Restore Operation
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
AT&T Communication Manager
Broadcom Gigabit Integrated Controller
CCleaner
Cisco Systems VPN Client 5.0.00.0340
Conexant HDA D330 MDC V.92 Modem
Dell Touchpad
DirectXInstallService
DW WLAN Card Utility
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 24
Juniper Networks Host Checker
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OZ776 SCR Driver V1.1.4.202
PowerDVD
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Symantec AntiVirus
Thomson ONE 4.5 Build 31
Thomson Reuters BETALink 10.2 Build 37
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
4/25/2011 8:10:24 AM, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================











log from RKUnhooker


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8C2B000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6279168 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF2E9000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xBF059000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)
0xB8944000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2650112 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9FE6A000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110420.002\navex15.sys 1388544 bytes (Symantec Corporation, AV Engine)
0xA5CCF000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xA5A93000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xA594E000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA0739000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xB9E3D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB8872000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xA1013000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA0FB5000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB86D8000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA115E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA0619000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA371F000 C:\Program Files\Symantec AntiVirus\savrt.sys 348160 bytes (Symantec Corporation, AutoProtect)
0xBF692000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA01A0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA111E000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 217088 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA5C05000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB875C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA0819000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E10000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB88ED000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xB8919000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x9FCEB000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA1083000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8BCB000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA10D0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA10F8000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA5C81000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8BF3000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB884F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA10AE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EF3000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB87E2000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xA0846000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xA3702000 C:\Program Files\Symantec\SYMEVENT.SYS 118784 bytes (Symantec Corporation, Symantec Event Library)
0xB9DF6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F13000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA0F9D000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9ECA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB879D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA0E30000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0x9FE56000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110420.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xA36EE000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xB8C17000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA11B7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9EE1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB878C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA49DA000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB9288000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA2A8000 C:\WINDOWS\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0xB92A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xA6524000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB9278000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA3303000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA712A000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA288000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB9248000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB92B8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB9228000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB9258000 C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 45056 bytes (Juniper Networks, dsNcAdapter)
0xA714A000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9298000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9238000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA298000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA2EB5000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB84BA000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA268000 C:\WINDOWS\System32\drivers\swmsflt.sys 36864 bytes (-, Sierra Wireless Filter Driver)
0xA6EFA000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3D8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA4A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA73EE000 C:\DOCUME~1\Tom\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA408000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA360E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA73D6000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA400000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3E0000 C:\WINDOWS\System32\Drivers\tcpipBM.SYS 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA468000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9D91000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA0A0A000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xBA55C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB86C8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9D95000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA5F51000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA416B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9D85000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA35CA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA021D000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 12288 bytes (Symantec Corporation, Redirector Filter Driver)
0xB9D8D000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xA58A4000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA62C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 BMLoad.sys 8192 bytes (Bytemobile, Inc., Bytemobile Kernel Driver Loader)
0xBA65A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA610000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA63C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA640000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F2000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5F4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA606000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA706000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6A4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA684000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x89DC5A91 Unknown page with executable code, 1391 bytes
0x89DC4288 Unknown page with executable code, 3448 bytes
0x89DC6191 Unknown page with executable code, 3695 bytes
0xBA0E8000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x89DC8E7A Unknown thread object [ ETHREAD 0x89D6B020 ] TID: 120, 600 bytes
0x89DCB008 Unknown thread object [ ETHREAD 0x89D6B5B8 ] TID: 124, 600 bytes
0x89DCA0DE Unknown thread object [ ETHREAD 0x89D6B340 ] , 600 bytes
0x89DC8B45 Unknown thread object [ ETHREAD 0x89DAD020 ] , 600 bytes
0x89DCACDC Unknown page with executable code, 804 bytes

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:48 AM

Posted 02 May 2011 - 07:53 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ttnguyen77

ttnguyen77
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 03 May 2011 - 02:51 PM

I ran combofix successfully. Halfway through, I got the message "Combofix has detected the presence of rootkit activity and needs to reboot the machine". After it rebooted, the scan ran fine. When I click on a google/yahoo/bing search result, it still only directs me to the correct site half of the time.

Thanks again!

ComboFix 11-05-02.04 - Tom 05/03/2011 15:20:40.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1589 [GMT -4:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\0200000043b2eefe1231C.manifest
c:\documents and settings\LocalService\Application Data\0200000043b2eefe1231O.manifest
c:\documents and settings\LocalService\Application Data\0200000043b2eefe1231P.manifest
c:\documents and settings\LocalService\Application Data\0200000043b2eefe1231S.manifest
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 00:22 . 2011-05-03 00:22 155648 ----a-w- c:\windows\system32\mslbui32.dll
2011-05-03 00:22 . 2011-05-03 00:22 692736 ----a-w- c:\windows\system32\odbcji3232.exe
2011-05-03 00:22 . 2011-05-03 00:22 692736 ----a-w- c:\windows\system32\txflog32.exe
2011-04-21 19:06 . 2011-04-21 19:06 -------- d-----w- c:\program files\CCleaner
2011-04-21 17:46 . 2011-04-21 17:46 -------- d-----w- c:\windows\PIF
2011-04-21 14:36 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 14:36 . 2011-04-21 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-21 06:13 . 2011-04-21 06:13 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes
2011-04-21 06:11 . 2011-04-21 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-21 04:53 . 2011-04-21 04:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2011-04-21 04:53 . 2011-04-21 04:53 -------- d-----w- c:\documents and settings\Tom\Application Data\Roxio
2011-04-14 19:05 . 2010-04-26 19:04 40408 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2011-04-14 19:03 . 2011-04-14 19:03 -------- d-----w- c:\program files\Common Files\Research In Motion
2011-04-14 19:03 . 2011-04-14 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\LG
2011-04-14 19:03 . 2011-04-14 19:03 -------- d-----w- c:\program files\AT&T
2011-04-14 19:03 . 2011-04-14 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2011-04-10 03:53 . 2011-04-21 04:54 -------- d-----w- c:\program files\Microsoft Silverlight
2011-04-07 03:37 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-07 03:37 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-04-07 03:37 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-07 03:37 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-05 11:28 . 2011-04-05 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-04-04 02:13 . 2011-04-04 02:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-30 16:46 . 2011-03-30 16:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-30 16:46 . 2011-03-30 16:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33 . 2011-03-30 15:33 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2008-04-13 23:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-13 23:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2008-04-13 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2008-04-13 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2008-04-13 23:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2008-04-13 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2008-04-13 23:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-13 23:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-03-30 16:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2008-04-13 23:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2008-04-13 23:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-13 23:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-13 23:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-13 23:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-13 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-03_18.26.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-03 19:19 . 2011-05-03 19:19 16384 c:\windows\Temp\Perflib_Perfdata_4a8.dat
+ 2008-04-13 23:00 . 2011-05-03 19:23 72824 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2011-05-03 18:25 72824 c:\windows\system32\perfc009.dat
+ 2008-04-13 23:00 . 2011-05-03 19:23 445472 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2011-05-03 18:25 445472 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-23 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-23 142360]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-14 244208]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-10-29 2498560]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-07-27 883272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2011-3-30 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\mslbui32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Thomson Financial\\Thomson ONE\\sharedrdc.exe"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
"c:\\WINDOWS\\system32\\txflog32.exe"=
.
R2 ProtectedStorage32;Protected Storage ;c:\windows\system32\txflog32.exe [5/2/2011 8:22 PM 692736]
S0 cerc6;cerc6; [x]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [5/14/2008 11:32 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [5/14/2008 11:32 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Tom\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Tom\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [7/27/2010 6:19 PM 121416]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [5/14/2008 11:31 AM 1120752]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 1:30 PM 124608]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [3/31/2009 2:45 PM 190080]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [5/4/2009 3:57 PM 148096]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
*Deregistered* - EraserUtilDrvI10
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0CF3CAE6-C07C-4F6E-8219-80089FD0309A}]
2009-09-03 19:58 703 ----a-w- c:\program files\PDFcamp\PDFcampCUCheck.vbs
.
.
------- Supplementary Scan -------
.
LSP: bmnet.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 15:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1504)
c:\windows\system32\bmnet.dll
.
Completion time: 2011-05-03 15:25:56
ComboFix-quarantined-files.txt 2011-05-03 19:25
ComboFix2.txt 2011-05-03 19:04
ComboFix3.txt 2011-05-03 18:27
.
Pre-Run: 65,644,367,872 bytes free
Post-Run: 65,639,301,120 bytes free
.
- - End Of File - - 566EA68FE936268F292805659A131773

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:48 AM

Posted 03 May 2011 - 05:08 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ttnguyen77

ttnguyen77
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 05 May 2011 - 09:10 AM

Here's the report. It said no threats found.


2011/05/05 10:08:18.0234 2132 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 10:08:18.0796 2132 ================================================================================
2011/05/05 10:08:18.0796 2132 SystemInfo:
2011/05/05 10:08:18.0796 2132
2011/05/05 10:08:18.0796 2132 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/05 10:08:18.0796 2132 Product type: Workstation
2011/05/05 10:08:18.0796 2132 ComputerName: TOM-7DC6C92EE6F
2011/05/05 10:08:18.0796 2132 UserName: Tom
2011/05/05 10:08:18.0796 2132 Windows directory: C:\WINDOWS
2011/05/05 10:08:18.0796 2132 System windows directory: C:\WINDOWS
2011/05/05 10:08:18.0796 2132 Processor architecture: Intel x86
2011/05/05 10:08:18.0796 2132 Number of processors: 2
2011/05/05 10:08:18.0796 2132 Page size: 0x1000
2011/05/05 10:08:18.0796 2132 Boot type: Normal boot
2011/05/05 10:08:18.0796 2132 ================================================================================
2011/05/05 10:08:19.0234 2132 Initialize success
2011/05/05 10:08:24.0078 1476 ================================================================================
2011/05/05 10:08:24.0078 1476 Scan started
2011/05/05 10:08:24.0078 1476 Mode: Manual;
2011/05/05 10:08:24.0078 1476 ================================================================================
2011/05/05 10:08:25.0718 1476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/05 10:08:25.0781 1476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/05 10:08:25.0859 1476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/05 10:08:25.0921 1476 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/05 10:08:26.0109 1476 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/05/05 10:08:26.0203 1476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/05 10:08:26.0328 1476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/05 10:08:26.0390 1476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/05 10:08:26.0437 1476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/05 10:08:26.0515 1476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/05 10:08:26.0578 1476 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/05 10:08:26.0765 1476 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/05 10:08:26.0937 1476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/05 10:08:27.0000 1476 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
2011/05/05 10:08:27.0203 1476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/05 10:08:27.0281 1476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/05 10:08:27.0343 1476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/05 10:08:27.0406 1476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/05 10:08:27.0515 1476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/05 10:08:27.0562 1476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/05 10:08:27.0656 1476 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/05/05 10:08:27.0718 1476 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/05/05 10:08:27.0843 1476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/05 10:08:27.0953 1476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/05 10:08:28.0015 1476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/05 10:08:28.0078 1476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/05 10:08:28.0140 1476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/05 10:08:28.0203 1476 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/05/05 10:08:28.0265 1476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/05 10:08:28.0328 1476 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/05/05 10:08:28.0484 1476 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/05 10:08:28.0562 1476 EraserUtilDrvI10 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys
2011/05/05 10:08:28.0718 1476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/05 10:08:28.0796 1476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/05 10:08:28.0828 1476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/05 10:08:28.0875 1476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/05 10:08:28.0937 1476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/05 10:08:29.0000 1476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/05 10:08:29.0031 1476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/05 10:08:29.0093 1476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/05 10:08:29.0156 1476 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
2011/05/05 10:08:29.0234 1476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/05 10:08:29.0343 1476 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/05 10:08:29.0421 1476 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/05 10:08:29.0531 1476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/05 10:08:29.0625 1476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/05 10:08:29.0968 1476 ialm (37eb2dc75d8f6451ae55071610dc24e1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/05 10:08:30.0343 1476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/05 10:08:30.0484 1476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/05 10:08:30.0515 1476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/05 10:08:30.0546 1476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/05 10:08:30.0593 1476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/05 10:08:30.0656 1476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/05 10:08:30.0718 1476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/05 10:08:30.0781 1476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/05 10:08:30.0859 1476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/05 10:08:30.0921 1476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/05 10:08:30.0984 1476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/05 10:08:31.0078 1476 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/05 10:08:31.0140 1476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/05 10:08:31.0203 1476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/05 10:08:31.0250 1476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/05 10:08:31.0296 1476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/05 10:08:31.0343 1476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/05 10:08:31.0406 1476 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/05 10:08:31.0453 1476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/05 10:08:31.0515 1476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/05 10:08:31.0546 1476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/05 10:08:31.0578 1476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/05 10:08:31.0640 1476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/05 10:08:31.0687 1476 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/05 10:08:31.0875 1476 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110420.002\naveng.sys
2011/05/05 10:08:31.0968 1476 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110420.002\navex15.sys
2011/05/05 10:08:32.0125 1476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/05 10:08:32.0218 1476 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/05 10:08:32.0296 1476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/05 10:08:32.0359 1476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/05 10:08:32.0421 1476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/05 10:08:32.0437 1476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/05 10:08:32.0484 1476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/05 10:08:32.0593 1476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/05 10:08:32.0609 1476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/05 10:08:32.0656 1476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/05 10:08:32.0781 1476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/05 10:08:32.0828 1476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/05 10:08:32.0859 1476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/05 10:08:32.0937 1476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/05 10:08:33.0000 1476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/05 10:08:33.0031 1476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/05 10:08:33.0078 1476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/05 10:08:33.0140 1476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/05 10:08:33.0187 1476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/05 10:08:33.0234 1476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/05 10:08:33.0296 1476 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/05/05 10:08:33.0500 1476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/05 10:08:33.0515 1476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/05 10:08:33.0531 1476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/05 10:08:33.0593 1476 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/05 10:08:33.0671 1476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/05 10:08:33.0703 1476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/05 10:08:33.0718 1476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/05 10:08:33.0734 1476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/05 10:08:33.0796 1476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/05 10:08:33.0812 1476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/05 10:08:33.0875 1476 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/05 10:08:33.0937 1476 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/05 10:08:33.0968 1476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/05 10:08:34.0031 1476 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/05 10:08:34.0062 1476 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/05 10:08:34.0187 1476 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/05/05 10:08:34.0203 1476 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/05/05 10:08:34.0281 1476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/05 10:08:34.0328 1476 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/05 10:08:34.0359 1476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/05 10:08:34.0390 1476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/05 10:08:34.0546 1476 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/05 10:08:34.0656 1476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/05 10:08:34.0734 1476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/05 10:08:34.0812 1476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/05 10:08:34.0890 1476 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/05 10:08:34.0968 1476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/05 10:08:35.0015 1476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/05 10:08:35.0062 1476 swmsflt (4f3ca882769b78b7f9b1dd96df4b6996) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/05/05 10:08:35.0140 1476 SWNC8U20 (384b7805c856b92bb6662fca26acdb4d) C:\WINDOWS\system32\DRIVERS\swnc8u20.sys
2011/05/05 10:08:35.0203 1476 SWNC8U51 (90fed2b18e0a8284b8be6b9a4ff10dc0) C:\WINDOWS\system32\DRIVERS\swnc8u51.sys
2011/05/05 10:08:35.0250 1476 SWNC8U80 (384b7805c856b92bb6662fca26acdb4d) C:\WINDOWS\system32\DRIVERS\swnc8u80.sys
2011/05/05 10:08:35.0328 1476 SWUMX20 (086f352446a171acd850ccdef6632310) C:\WINDOWS\system32\DRIVERS\swumx20.sys
2011/05/05 10:08:35.0421 1476 SWUMX51 (8d4ee23f4f326d246fa988a9d891d9f1) C:\WINDOWS\system32\DRIVERS\swumx51.sys
2011/05/05 10:08:35.0468 1476 SWUMX80 (086f352446a171acd850ccdef6632310) C:\WINDOWS\system32\DRIVERS\swumx80.sys
2011/05/05 10:08:35.0625 1476 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/05 10:08:35.0687 1476 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/05 10:08:35.0734 1476 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/05 10:08:35.0843 1476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/05 10:08:35.0937 1476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/05 10:08:35.0984 1476 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2011/05/05 10:08:36.0031 1476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/05 10:08:36.0062 1476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/05 10:08:36.0125 1476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/05 10:08:36.0234 1476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/05 10:08:36.0312 1476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/05 10:08:36.0406 1476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/05 10:08:36.0468 1476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/05 10:08:36.0500 1476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/05 10:08:36.0562 1476 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/05 10:08:36.0609 1476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/05 10:08:36.0671 1476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/05 10:08:36.0734 1476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/05 10:08:36.0812 1476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/05 10:08:36.0906 1476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/05 10:08:37.0000 1476 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/05/05 10:08:37.0171 1476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/05 10:08:37.0281 1476 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/05 10:08:37.0421 1476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/05 10:08:37.0531 1476 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/05 10:08:37.0656 1476 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/05 10:08:37.0734 1476 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/05 10:08:37.0796 1476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/05 10:08:37.0875 1476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/05 10:08:38.0109 1476 ================================================================================
2011/05/05 10:08:38.0109 1476 Scan finished
2011/05/05 10:08:38.0109 1476 ================================================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:48 AM

Posted 05 May 2011 - 11:11 AM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ttnguyen77

ttnguyen77
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 05 May 2011 - 12:03 PM

Here you go. Thank you again!



Windows IP Configuration



Host Name . . . . . . . . . . . . : tom-7dc6c92ee6f

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-21-70-B0-76-BB



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-22-5F-39-99-62



Ethernet adapter Network Connect Adapter:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 00-FF-98-CC-90-89



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Sierra Wireless HSDPA Network Adapter #2

Physical Address. . . . . . . . . : 00-A0-D5-FF-FF-94

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 166.204.16.208

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 166.204.16.208

DHCP Server . . . . . . . . . . . : 166.204.16.253

DNS Servers . . . . . . . . . . . : 209.183.35.23

209.183.33.23

Lease Obtained. . . . . . . . . . : Thursday, May 05, 2011 10:04:42 AM

Lease Expires . . . . . . . . . . : Sunday, May 08, 2011 10:04:42 AM

DNS request timed out.
timeout was 2 seconds.
Server: schinetdns.mycingular.net
Address: 209.183.33.23

Name: google.com
Addresses: 209.85.225.106, 209.85.225.147, 209.85.225.99, 209.85.225.103
209.85.225.104, 209.85.225.105

Server: alpinetdns.mycingular.net
Address: 209.183.35.23

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43



Pinging google.com [74.125.159.104] with 32 bytes of data:



Reply from 74.125.159.104: bytes=32 time=87ms TTL=56

Reply from 74.125.159.104: bytes=32 time=87ms TTL=56



Ping statistics for 74.125.159.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 87ms, Average = 87ms



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=107ms TTL=48

Reply from 67.195.160.76: bytes=32 time=107ms TTL=48



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 107ms, Maximum = 107ms, Average = 107ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 70 b0 76 bb ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 22 5f 39 99 62 ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
0x4 ...00 ff 98 cc 90 89 ...... Juniper Network Connect Virtual Adapter - Packet Scheduler Miniport
0x10006 ...00 a0 d5 ff ff 94 ...... Sierra Wireless HSDPA Network Adapter #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 166.204.16.208 166.204.16.208 40
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
166.204.16.208 255.255.255.255 127.0.0.1 127.0.0.1 40
166.204.255.255 255.255.255.255 166.204.16.208 166.204.16.208 40
224.0.0.0 240.0.0.0 166.204.16.208 166.204.16.208 40
255.255.255.255 255.255.255.255 166.204.16.208 4 1
255.255.255.255 255.255.255.255 166.204.16.208 3 1
255.255.255.255 255.255.255.255 166.204.16.208 2 1
255.255.255.255 255.255.255.255 166.204.16.208 166.204.16.208 1
Default Gateway: 166.204.16.208
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:48 AM

Posted 05 May 2011 - 12:17 PM

Resetting Router

Letís try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ttnguyen77

ttnguyen77
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 05 May 2011 - 01:01 PM

My computer is a laptop. I use an AT&T wireless card when I'm away and Verizon wireless router when I'm at home. Nothing wrong with our other computers though. Same issue whether I'm using either connection. Do I still have to go through these steps?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:48 AM

Posted 05 May 2011 - 01:28 PM

no

I want you to run this next then


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ttnguyen77

ttnguyen77
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 05 May 2011 - 02:03 PM

Here you go. Thanks.


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-05 15:02:00
-----------------------------
15:02:00.406 OS Version: Windows 5.1.2600 Service Pack 3
15:02:00.406 Number of processors: 2 586 0x1706
15:02:00.406 ComputerName: TOM-7DC6C92EE6F UserName: Tom
15:02:01.281 Initialize success
15:02:05.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:02:05.718 Disk 0 Vendor: ST980825AS 8.04 Size: 76319MB BusType: 3
15:02:07.734 Disk 0 MBR read successfully
15:02:07.734 Disk 0 MBR scan
15:02:07.734 Disk 0 Windows XP default MBR code
15:02:09.750 Disk 0 scanning sectors +156296385
15:02:09.921 Disk 0 scanning C:\WINDOWS\system32\drivers
15:02:16.031 Service scanning
15:02:17.062 Disk 0 trace - called modules:
15:02:17.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:02:17.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d0cab8]
15:02:17.156 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x89d0e4d0]
15:02:17.156 Scan finished successfully
15:02:41.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tom\Desktop\MBR.dat"
15:02:41.671 The log file has been saved successfully to "C:\Documents and Settings\Tom\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:48 AM

Posted 05 May 2011 - 03:18 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ttnguyen77

ttnguyen77
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 05 May 2011 - 04:07 PM

OTL logfile created on: 5/5/2011 5:01:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4076 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 61.10 Gb Free Space | 81.98% Space Free | Partition Type: NTFS

Computer Name: TOM-7DC6C92EE6F | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\txflog32.exe (wpcubed GmbH)
PRC - C:\WINDOWS\system32\odbcji3232.exe (wpcubed GmbH)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
PRC - C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
PRC - C:\Program Files\AT&T\Communication Manager\bmop.exe (Bytemobile, Inc.)
PRC - C:\Program Files\AT&T\Communication Manager\bmctl.exe (Bytemobile, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\igfxdo.dll (Intel Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (HidServ) -- File not found
SRV - (ProtectedStorage32) -- C:\WINDOWS\system32\txflog32.exe (wpcubed GmbH)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110420.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110420.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWNC8U51) Sierra Wireless MUX NDIS Driver (UMTS51) -- C:\WINDOWS\system32\drivers\swnc8u51.sys (Sierra Wireless Inc.)
DRV - (SWUMX51) Sierra Wireless USB MUX Driver (UMTS51) -- C:\WINDOWS\system32\drivers\swumx51.sys (Sierra Wireless Inc.)
DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) -- C:\WINDOWS\system32\drivers\swumx20.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U20) Sierra Wireless MUX NDIS Driver (UMTS20) -- C:\WINDOWS\system32\drivers\swnc8u20.sys (Sierra Wireless Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 DF 55 03 58 7E 16 4D A5 4E 13 15 C4 65 04 64 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 DF 55 03 58 7E 16 4D A5 4E 13 15 C4 65 04 64 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 DF 55 03 58 7E 16 4D A5 4E 13 15 C4 65 04 64 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 DF 55 03 58 7E 16 4D A5 4E 13 15 C4 65 04 64 [binary data]

IE - HKU\S-1-5-21-725345543-1645522239-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 DF 55 03 58 7E 16 4D A5 4E 13 15 C4 65 04 64 [binary data]
IE - HKU\S-1-5-21-725345543-1645522239-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/05/03 15:24:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1645522239-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1645522239-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1645522239-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1645522239-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://al-fdc-sa2.advisor-connection.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.183.35.23 209.183.33.23
O20 - AppInit_DLLs: (C:\WINDOWS\system32\mslbui32.dll) - C:\WINDOWS\system32\mslbui32.dll (AIDEX Team)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/30 11:35:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 17:00:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2011/05/05 15:01:55 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tom\Desktop\aswMBR.exe
[2011/05/05 10:08:06 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tom\Desktop\tdsskiller.exe
[2011/05/03 14:15:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/03 14:12:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/03 14:12:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/03 14:12:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/03 14:12:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/03 14:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/03 14:07:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/02 20:22:39 | 000,692,736 | ---- | C] (wpcubed GmbH) -- C:\WINDOWS\System32\odbcji3232.exe
[2011/05/02 20:22:39 | 000,155,648 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\mslbui32.dll
[2011/05/02 20:22:38 | 000,692,736 | ---- | C] (wpcubed GmbH) -- C:\WINDOWS\System32\txflog32.exe
[2011/05/02 20:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\New Folder
[2011/04/26 21:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\gmer
[2011/04/25 10:05:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tom\Recent
[2011/04/21 16:18:24 | 008,125,959 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Tom\Desktop\stinger10101529.exe
[2011/04/21 15:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/21 15:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/21 13:46:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/04/21 10:36:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/21 10:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/21 10:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/21 10:09:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/21 08:36:24 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Tom\Desktop\ccsetup305.exe
[2011/04/21 02:24:19 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom\Desktop\mbam-setup.exe
[2011/04/21 02:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/04/21 02:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/21 00:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2011/04/21 00:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Roxio
[2011/04/14 15:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T
[2011/04/14 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2011/04/14 15:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LG
[2011/04/14 15:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\AT&T
[2011/04/14 15:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2011/04/09 23:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/04/09 23:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/04/06 23:37:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/04/06 23:37:19 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/04/06 23:37:19 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Tom\Desktop\*.tmp files -> C:\Documents and Settings\Tom\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 17:00:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2011/05/05 16:54:41 | 000,445,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/05 16:54:41 | 000,072,824 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 16:50:53 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/05/05 16:50:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 16:50:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 15:02:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\MBR.dat
[2011/05/05 15:01:55 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tom\Desktop\aswMBR.exe
[2011/05/05 13:22:20 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\7877b3c2
[2011/05/05 10:08:07 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tom\Desktop\tdsskiller.exe
[2011/05/03 15:24:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/03 14:15:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/03 14:06:34 | 004,335,631 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2011/05/02 20:22:39 | 000,155,648 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\mslbui32.dll
[2011/05/02 20:22:39 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\1381606322
[2011/05/02 20:22:37 | 000,692,736 | ---- | M] (wpcubed GmbH) -- C:\WINDOWS\System32\txflog32.exe
[2011/05/02 20:22:37 | 000,692,736 | ---- | M] (wpcubed GmbH) -- C:\WINDOWS\System32\odbcji3232.exe
[2011/05/02 20:09:18 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\RKUnhookerLE.EXE
[2011/04/26 21:16:58 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2011/04/26 21:10:07 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2011/04/26 21:08:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom\defogger_reenable
[2011/04/26 21:08:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2011/04/26 20:59:09 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\stinger10101529.opt
[2011/04/21 16:12:38 | 008,125,959 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Tom\Desktop\stinger10101529.exe
[2011/04/21 15:06:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/21 14:43:12 | 000,504,657 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\unhide.exe
[2011/04/21 14:04:24 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2011/04/21 10:36:41 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/21 10:36:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 10:36:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tom\Desktop\mbam-setup.exe
[2011/04/21 10:22:54 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Tom\Desktop\ccsetup305.exe
[2011/04/21 00:34:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2011/04/16 09:50:38 | 000,323,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 15:04:16 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\at&t Communication Manager.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Tom\Desktop\*.tmp files -> C:\Documents and Settings\Tom\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 15:02:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\MBR.dat
[2011/05/03 14:32:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\7877b3c2
[2011/05/03 14:15:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/03 14:15:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/03 14:12:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/03 14:12:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/03 14:12:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/03 14:12:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/03 14:12:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/03 14:06:34 | 004,335,631 | R--- | C] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2011/05/02 20:22:38 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\1381606322
[2011/05/02 20:09:18 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\RKUnhookerLE.EXE
[2011/04/26 21:16:58 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\gmer.zip
[2011/04/26 21:10:07 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\dds.scr
[2011/04/26 21:08:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\defogger_reenable
[2011/04/26 21:08:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Defogger.exe
[2011/04/21 16:49:03 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\stinger10101529.opt
[2011/04/21 15:06:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/21 15:01:48 | 000,504,657 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\unhide.exe
[2011/04/21 14:10:54 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\rkill.com
[2011/04/21 10:36:41 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/21 10:36:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 00:34:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2011/04/14 15:05:06 | 000,040,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2011/04/14 15:04:16 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\at&t Communication Manager.lnk
[2011/04/02 11:34:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/30 15:06:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\pdfxp.dll
[2011/03/30 15:06:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\unpdf.exe
[2011/03/30 13:03:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/03/30 13:03:49 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/03/30 13:03:49 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/03/30 11:42:05 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011/03/30 11:38:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 11:33:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/30 06:27:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/30 06:26:53 | 000,323,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/18 17:52:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\unpdf.exe
[2008/04/13 19:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/13 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 19:00:00 | 000,445,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 19:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/13 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 19:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/13 19:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/13 19:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/13 19:00:00 | 000,072,824 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 19:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/04/03 17:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 17:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/06/01 12:23:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\pdfxp.dll
[2005/04/14 23:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 23:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2000/10/25 19:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[1999/09/22 02:00:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[1998/12/16 14:15:16 | 000,007,912 | ---- | C] () -- C:\WINDOWS\license.dat

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users