TechSpot

Infected with Backdoor.tidserv.l!inf. Am I clean?

By Guanadon
Oct 27, 2010
  1. Symantec Endpoint said it removed Backdoor.tidserv.l!inf. After that this computer was still showing over 200 outbound connections while sitting idle on the Sonicwall active connections monitor. I have attached all the Preliminary Removal logs per the sticky. Computer has not been networked or used since the scan were run.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4954

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/26/2010 3:25:41 PM
    mbam-log-2010-10-26 (15-25-41).txt

    Scan type: Quick scan
    Objects scanned: 244773
    Time elapsed: 18 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 28

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\tvaughn\Application Data\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\tvaughn\Application Data\SysWin\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\mu1110122941v4 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\mu1110122941v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\mu1110122941v5 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\mu1110122941v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\mu1110122941v6 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\mu1110122941v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\mu1110122941v7 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\mu1110122941v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\wu1110122941v0 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\wu1110122941v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\wu1110122941v1 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\wu1110122941v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\wu1110122941v2 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\wu1110122941v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\wu1110122941v3 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\wu1110122941v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\_u1110122941v0 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\_u1110122941v1 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\_u1110122941v2 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\_u1110122941v3 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\_u1110122941v4 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\_u1110122941v5 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\_u1110122941v6 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoW32\_u1110122941v7 (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sl700496165 (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GnuHashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\WINDOWS\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-26 17:01:12
    Windows 5.1.2600 Service Pack 3
    Running: szubkk0t.exe; Driver: C:\DOCUME~1\ADMINI~1.PSI\LOCALS~1\Temp\fxloypod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 875D44A8 ZwAlertResumeThread
    SSDT 8755C848 ZwAlertThread
    SSDT 8708EAA0 ZwAllocateVirtualMemory
    SSDT 875BE5D8 ZwConnectPort
    SSDT 870E5AA0 ZwCreateMutant
    SSDT 875B5A10 ZwCreateThread
    SSDT 870B6BB0 ZwFreeVirtualMemory
    SSDT 8765E5F0 ZwImpersonateAnonymousToken
    SSDT 87622488 ZwImpersonateThread
    SSDT 87565090 ZwMapViewOfSection
    SSDT 87572478 ZwOpenEvent
    SSDT 8759F330 ZwOpenProcessToken
    SSDT 870E2B98 ZwOpenThreadToken
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF78346B0]
    SSDT 87592B78 ZwResumeThread
    SSDT 8759F4E0 ZwSetContextThread
    SSDT 87094BD8 ZwSetInformationProcess
    SSDT 870D0AE8 ZwSetInformationThread
    SSDT 8754FAA0 ZwSuspendProcess
    SSDT 875B2828 ZwSuspendThread
    SSDT 8762C0B0 ZwTerminateProcess
    SSDT 8759F518 ZwTerminateThread
    SSDT 8759F368 ZwUnmapViewOfSection
    SSDT 8708AAA0 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 90 804E26EC 4 Bytes JMP 97778708
    .text ntoskrnl.exe!_abnormal_termination + 214 804E2870 2 Bytes [78, 24] {JS 0x26}
    .text ntoskrnl.exe!_abnormal_termination + 217 804E2873 1 Byte [87]
    ? suicp.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3240] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10403687 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4040] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip Scap.sys (Check Point Software Technologies)

    Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp Scap.sys (Check Point Software Technologies)

    Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp Scap.sys (Check Point Software Technologies)

    Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\RawIp Scap.sys (Check Point Software Technologies)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Administrator at 17:05:21.25 on Tue 10/26/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.644 [GMT -4:00]

    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    ============== Running Processes ===============

    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ngvpnmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DesktopAuthority\RaMaint.exe
    C:\Program Files\DesktopAuthority\DesktopAuthority.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\PROGRA~1\INTERB~1\Bin\ibguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\slClient.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\WINDOWS\system32\expsrv32.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\Program Files\OpenRsm\Agent\OrsmAgentService.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\devmgr32.exe
    C:\PROGRA~1\INTERB~1\Bin\ibserver.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\DesktopAuthority\ragui.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Dell\Bluetooth Software\BTTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\administrator.psi\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    BHO: {0c518f64-a339-4980-96f6-7ac886e4b19f} - c:\windows\system32\atioglxx32.dll
    BHO: {0e7fecb0-6bd6-4b2d-9094-1907ccf67fca} - c:\windows\system32\atioglxx32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: e8022bb2: {5a96e11c-cd93-0d21-c1ab-8b0383b8ad01} - c:\windows\system32\jsproxy32.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    mRun: [CARPService] "carpserv.exe"
    mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [Desktop Authority GUI] "c:\program files\desktopauthority\ragui.exe"
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [ControlCenter2.0] "c:\program files\oce\controlcenter2\brctrcen.exe" /autorun
    mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [XA5RJ9EADJ] c:\windows\temp\Twr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
    Notify: ckpNotify - ckpNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1.psi\applic~1\mozilla\firefox\profiles\t1lpe0bo.default\
    FF - plugin: c:\documents and settings\tvaughn\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\tvaughn\application data\move networks\plugins\npqmp071505000011.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-9-18 91136]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-17 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-17 108392]
    R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\desktopauthority\rainfo.sys [2006-12-19 6400]
    R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\desktopauthority\ramaint.exe [2006-12-19 49152]
    R2 DesktopAuthority;Desktop Authority Service;c:\program files\desktopauthority\DesktopAuthority.exe [2006-12-19 1089536]
    R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [2006-8-3 190528]
    R2 OrsmAgentServiceCom;OrsmAgentServiceCom;c:\program files\openrsm\agent\OrsmAgentService.exe [2007-4-24 1041920]
    R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [2010-7-27 17456]
    R2 SLClient;ScriptLogic Service;c:\windows\system32\slClient.exe [2005-12-19 527360]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-8-17 1775344]
    R2 Symantec AntiVirus32;Symantec Endpoint Protection ;c:\windows\system32\expsrv32.exe [2010-10-20 1349120]
    R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2010-7-27 670128]
    R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2006-12-19 2944]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-18 102448]
    R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2010-7-27 2041904]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101026.002\NAVENG.SYS [2010-10-26 86064]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101026.002\NAVEX15.SYS [2010-10-26 1371184]
    R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [2006-8-3 18944]
    R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\NgVpn.sys [2006-8-3 70144]
    R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-9-18 23180]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-8-17 23888]
    S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [2006-8-3 15360]
    S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [2010-7-27 14924]

    =============== Created Last 30 ================

    2010-10-26 18:52:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-26 18:52:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-26 18:52:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-26 14:19:04 0 ---ha-w- c:\documents and settings\administrator.psi\ymmszlgrbn.tmp
    2010-10-26 14:14:51 -------- d-----w- c:\program files\Magical Jelly Bean
    2010-10-26 14:13:09 -------- d-----w- c:\docume~1\admini~1.psi\locals~1\applic~1\Mozilla
    2010-10-20 19:16:44 174592 ----a-w- c:\windows\system32\jscript32.exe
    2010-10-20 19:16:27 203776 --sh--w- c:\windows\system32\unrar.exe
    2010-10-20 19:16:27 -------- d-----w- c:\windows\system32\709041280
    2010-10-20 19:15:57 1349120 ----a-w- c:\windows\system32\devmgr32.exe
    2010-10-20 19:15:55 250368 ----a-w- c:\windows\system32\jsproxy32.dll
    2010-10-20 19:15:51 1349120 ----a-w- c:\windows\system32\expsrv32.exe
    2010-10-20 19:15:48 370176 ----a-w- c:\windows\system32\atioglxx32.dll

    ==================== Find3M ====================

    2010-08-18 16:49:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-08-17 20:22:18 107848 ----a-w- c:\windows\system32\SymVPN.dll
    2010-08-17 20:22:16 89088 ----a-w- c:\windows\system32\atl71.dll
    2010-08-17 20:22:16 625032 ----a-w- c:\windows\system32\SymNeti.dll
    2010-08-17 20:22:16 49480 ----a-w- c:\windows\system32\FwsVpn.dll
    2010-08-17 20:22:16 242056 ----a-w- c:\windows\system32\SymRedir.dll

    ============= FINISH: 17:05:41.65 ===============


    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/27/2007 4:21:20 PM
    System Uptime: 10/26/2010 3:27:16 PM (2 hours ago)

    Motherboard: Dell Computer Corporation | | 0D2125
    Processor: Intel(R) Pentium(R) M processor 1.80GHz | Microprocessor | 1798/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 56 GiB total, 30.415 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Dell Wireless WLAN 1450 Dual Band WLAN Mini-PCI Card
    Device ID: PCI\VEN_14E4&DEV_4324&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
    Manufacturer: Broadcom
    Name: Dell Wireless WLAN 1450 Dual Band WLAN Mini-PCI Card
    PNP Device ID: PCI\VEN_14E4&DEV_4324&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
    Service: BCM43XX

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VPN-1 SecureClient Adapter
    Device ID: ROOT\NET\0001
    Manufacturer: Check Point
    Name: VPN-1 SecureClient Adapter
    PNP Device ID: ROOT\NET\0001
    Service: OMVA

    ==== System Restore Points ===================

    RP1: 7/26/2010 7:34:50 AM - System Checkpoint
    RP2: 7/27/2010 2:27:25 PM - System Checkpoint
    RP3: 7/28/2010 3:16:30 PM - System Checkpoint
    RP4: 8/2/2010 1:03:40 PM - System Checkpoint
    RP5: 8/3/2010 10:02:24 AM - Removed Symantec AntiVirus
    RP6: 8/3/2010 10:28:28 AM - Revo Uninstaller's restore point - FaxPress
    RP7: 8/3/2010 10:29:27 AM - Removed FaxPress
    RP8: 8/4/2010 1:05:31 PM - System Checkpoint
    RP9: 8/6/2010 10:05:25 AM - System Checkpoint
    RP10: 8/9/2010 8:45:19 AM - System Checkpoint
    RP11: 8/10/2010 11:07:01 AM - System Checkpoint
    RP12: 8/11/2010 1:26:09 PM - System Checkpoint
    RP13: 8/12/2010 2:35:58 PM - System Checkpoint
    RP14: 8/16/2010 12:20:07 PM - System Checkpoint
    RP15: 8/17/2010 12:55:25 PM - System Checkpoint
    RP16: 8/18/2010 12:47:07 PM - Installed Symantec Endpoint Protection Client.
    RP17: 8/19/2010 3:33:01 PM - System Checkpoint
    RP18: 8/23/2010 8:32:24 AM - System Checkpoint
    RP19: 8/26/2010 11:58:16 AM - System Checkpoint
    RP20: 8/30/2010 12:19:07 PM - System Checkpoint
    RP21: 8/31/2010 12:32:43 PM - System Checkpoint
    RP22: 9/1/2010 12:43:54 PM - System Checkpoint
    RP23: 9/2/2010 1:35:40 PM - System Checkpoint
    RP24: 9/8/2010 10:14:46 AM - System Checkpoint
    RP25: 9/9/2010 1:00:19 PM - System Checkpoint
    RP26: 9/10/2010 1:39:43 PM - System Checkpoint
    RP27: 9/13/2010 1:05:57 PM - System Checkpoint
    RP28: 9/14/2010 1:38:42 PM - System Checkpoint
    RP29: 9/16/2010 12:36:11 PM - System Checkpoint
    RP30: 9/17/2010 1:06:07 PM - System Checkpoint
    RP31: 9/20/2010 1:05:44 PM - System Checkpoint
    RP32: 9/21/2010 1:55:54 PM - System Checkpoint
    RP33: 9/22/2010 3:33:03 PM - System Checkpoint
    RP34: 9/24/2010 9:41:39 AM - System Checkpoint
    RP35: 10/4/2010 1:38:56 PM - System Checkpoint
    RP36: 10/6/2010 8:32:29 AM - System Checkpoint
    RP37: 10/7/2010 12:09:42 PM - System Checkpoint
    RP38: 10/8/2010 2:53:27 PM - System Checkpoint
    RP39: 10/11/2010 11:33:28 AM - System Checkpoint
    RP40: 10/12/2010 12:32:52 PM - System Checkpoint
    RP41: 10/13/2010 1:50:03 PM - System Checkpoint
    RP42: 10/14/2010 2:46:13 PM - System Checkpoint
    RP43: 10/15/2010 3:10:40 PM - System Checkpoint
    RP44: 10/20/2010 4:11:53 PM - System Checkpoint
    RP45: 10/22/2010 10:11:33 AM - System Checkpoint
    RP46: 10/25/2010 12:26:40 PM - System Checkpoint
    RP47: 10/26/2010 4:11:37 PM - System Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    ALPS Touch Pad Driver
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Aventail Connect
    B57Inst
    Bonjour
    Broadcom Driver Installer
    CCleaner (remove only)
    Check Point VPN-1 SecureClient NG_AI_R56
    Citrix Program Neighborhood ( Citrix ICA Client )
    Compatibility Pack for the 2007 Office system
    Conexant D480 MDC V.9x Modem
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Bluetooth Software
    Dell ResourceCD
    Dell Wireless WLAN Utility
    Easy CD Creator 5 Basic
    eDrawings 2007
    G.Neil Attendance Controller 7.0
    G.Neil Confidential Employee Record 7.0
    G.Neil Friendly Forms Builder 2.5
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Format SDK (KB917821)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    IBM iSeries Access for Windows
    Instant Interview
    InterBase 6 Open Edition - 6.0.1.6
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) 6 Update 14
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LimeWire 5.5.16
    LiveUpdate 3.3 (Symantec Corporation)
    Made2Manage
    Made2Manage 5.50 SP1
    Made2Manage 5.50 SP1 550.435.435 SP1
    Made2Manage 550.413.413 GA
    Made2Manage Bar Code Collection
    Made2Manage Bar Code Collection 550.413.413 GA
    Made2Manage Bar Code Posting
    Made2Manage Bar Code Posting 550.413.413 GA
    Magical Jelly Bean KeyFinder
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server 2000
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Windows Journal Viewer
    MiniSoft
    MostFun.com Games - Winemaker Extraordinaire (remove only)
    Mozilla Firefox (3.6.11)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Multi-Function Suite
    Nancy Drew: Ransom of the Seven Ships
    OpenRSM-Agent
    PaperPort
    PowerDVD
    QuickTime
    Revo Uninstaller 1.89
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB973346)
    SigmaTel AC97 Audio Drivers
    SonicWALL Global VPN Client
    Spelling Dictionaries Support For Adobe Reader 9
    Symantec Endpoint Protection Client
    Update for Windows Media Player 10 (KB912452)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    WebFldrs XP
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Hotfix - KB895181
    Windows Media Player 10 Hotfix - KB888656
    Windows Media Player 11
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    Winemaker Extraordinaire
    WinZip
    XP TCP/IP Repair

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  3. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    Edited, Thanks for pointing that out
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  5. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    Here they are.
    2010/10/29 07:08:58.0334 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/10/29 07:08:58.0334 ================================================================================
    2010/10/29 07:08:58.0334 SystemInfo:
    2010/10/29 07:08:58.0334
    2010/10/29 07:08:58.0334 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/29 07:08:58.0334 Product type: Workstation
    2010/10/29 07:08:58.0334 ComputerName: MWNLT006
    2010/10/29 07:08:58.0334 UserName: tvaughn
    2010/10/29 07:08:58.0344 Windows directory: C:\WINDOWS
    2010/10/29 07:08:58.0344 System windows directory: C:\WINDOWS
    2010/10/29 07:08:58.0344 Processor architecture: Intel x86
    2010/10/29 07:08:58.0344 Number of processors: 1
    2010/10/29 07:08:58.0344 Page size: 0x1000
    2010/10/29 07:08:58.0344 Boot type: Normal boot
    2010/10/29 07:08:58.0344 ================================================================================
    2010/10/29 07:08:58.0624 Initialize success
    2010/10/29 07:09:07.0947 ================================================================================
    2010/10/29 07:09:07.0947 Scan started
    2010/10/29 07:09:07.0947 Mode: Manual;
    2010/10/29 07:09:07.0947 ================================================================================
    2010/10/29 07:09:08.0779 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\Drivers\acpi.sys
    2010/10/29 07:09:08.0879 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/10/29 07:09:09.0099 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/29 07:09:09.0299 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/29 07:09:09.0379 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/10/29 07:09:10.0000 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2010/10/29 07:09:10.0401 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/29 07:09:10.0551 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\Drivers\atapi.sys
    2010/10/29 07:09:10.0902 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2010/10/29 07:09:11.0022 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/29 07:09:11.0212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/29 07:09:11.0352 b57w2k (f26e6eaedea6eb87ae4c5d2f678a1bc2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2010/10/29 07:09:11.0603 BCM43XX (52d67c5465c01913b03b7daca0cc4077) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2010/10/29 07:09:11.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/29 07:09:11.0843 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
    2010/10/29 07:09:11.0933 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
    2010/10/29 07:09:12.0033 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
    2010/10/29 07:09:12.0113 BtAudio (d25cba29109a4678b63480f7ba197b2f) C:\WINDOWS\system32\DRIVERS\btaudio.sys
    2010/10/29 07:09:12.0334 BTDriver (dc41db69f1b455ffa6b33f63060de922) C:\WINDOWS\system32\DRIVERS\btport.sys
    2010/10/29 07:09:12.0534 BTKRNL (942532f52d7de1f53b76fd089036dd7e) C:\WINDOWS\system32\drivers\btkrnl.sys
    2010/10/29 07:09:12.0654 BTSERIAL (71df789aab47ad3852d43d901537910a) C:\WINDOWS\System32\drivers\btserial.sys
    2010/10/29 07:09:12.0754 BTSLBCSP (0ab09c429b1bc150fbaaa09f7be27014) C:\WINDOWS\System32\drivers\btslbcsp.sys
    2010/10/29 07:09:12.0854 BTWDNDIS (425d5eaddbd9aa6ca60355bd7a2b28c3) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    2010/10/29 07:09:13.0075 BTWUSB (3e31dce9e13aab5594d9acefae939815) C:\WINDOWS\system32\Drivers\btwusb.sys
    2010/10/29 07:09:13.0325 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/29 07:09:13.0475 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/10/29 07:09:13.0666 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/29 07:09:13.0836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/29 07:09:13.0996 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    2010/10/29 07:09:14.0126 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    2010/10/29 07:09:14.0256 CdRom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/29 07:09:14.0377 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
    2010/10/29 07:09:14.0707 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/10/29 07:09:14.0927 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\WINDOWS\system32\Drivers\COH_Mon.sys
    2010/10/29 07:09:15.0028 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/10/29 07:09:15.0548 DAInfo (e917426a7fdd6f3c4d2ee52a01d04a35) C:\Program Files\DesktopAuthority\RaInfo.sys
    2010/10/29 07:09:15.0719 DAmirr (1211dd45f604749a1cde6bc7c8681a1b) C:\WINDOWS\system32\DRIVERS\DAmirr.sys
    2010/10/29 07:09:15.0849 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/29 07:09:16.0019 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/29 07:09:16.0259 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/29 07:09:16.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/29 07:09:16.0560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/29 07:09:16.0680 DNE (ded00b959d94612c22f53538a9f0fc89) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    2010/10/29 07:09:16.0810 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
    2010/10/29 07:09:17.0010 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    2010/10/29 07:09:17.0211 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/29 07:09:17.0361 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
    2010/10/29 07:09:17.0792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/10/29 07:09:17.0852 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/10/29 07:09:18.0032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/29 07:09:18.0192 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/10/29 07:09:18.0302 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/29 07:09:18.0392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/10/29 07:09:18.0563 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/10/29 07:09:18.0693 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/29 07:09:18.0773 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/29 07:09:19.0083 FW1 (7441f96680ac1fad27ae34ff8076d594) C:\WINDOWS\system32\DRIVERS\fw.sys
    2010/10/29 07:09:19.0264 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/10/29 07:09:19.0384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/29 07:09:19.0544 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
    2010/10/29 07:09:19.0724 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\Drivers\hidusb.sys
    2010/10/29 07:09:19.0885 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
    2010/10/29 07:09:20.0055 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2010/10/29 07:09:20.0225 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/29 07:09:20.0596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\Drivers\i8042prt.sys
    2010/10/29 07:09:20.0686 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/29 07:09:20.0886 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/29 07:09:20.0986 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/29 07:09:21.0196 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/10/29 07:09:21.0317 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/29 07:09:21.0467 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/29 07:09:21.0587 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/29 07:09:21.0737 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/29 07:09:21.0917 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/29 07:09:22.0038 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\Drivers\isapnp.sys
    2010/10/29 07:09:22.0138 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/29 07:09:22.0208 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\Drivers\kbdhid.sys
    2010/10/29 07:09:22.0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/29 07:09:22.0428 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/29 07:09:22.0699 MDC8021X (bee76ac58bb524523a84000ba8efe55a) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
    2010/10/29 07:09:22.0809 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2010/10/29 07:09:22.0909 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
    2010/10/29 07:09:22.0999 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/29 07:09:23.0139 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/29 07:09:23.0340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/29 07:09:23.0470 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/29 07:09:23.0560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/29 07:09:23.0710 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/29 07:09:23.0850 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/29 07:09:24.0051 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/29 07:09:24.0161 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/29 07:09:24.0291 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/29 07:09:24.0411 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/29 07:09:24.0521 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/29 07:09:24.0621 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/10/29 07:09:24.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/29 07:09:24.0912 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/10/29 07:09:25.0182 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101026.002\NAVENG.SYS
    2010/10/29 07:09:25.0312 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101026.002\NAVEX15.SYS
    2010/10/29 07:09:25.0523 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/29 07:09:25.0713 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/10/29 07:09:25.0813 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/29 07:09:25.0893 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/29 07:09:25.0983 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/29 07:09:26.0073 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/29 07:09:26.0284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/29 07:09:26.0454 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/29 07:09:26.0634 NgFilter (38846eaad056068b691a6ee164c71b9e) C:\WINDOWS\system32\DRIVERS\ngfilter.sys
    2010/10/29 07:09:26.0744 NgLog (683f480aca03141360ae848cb57cda04) C:\WINDOWS\system32\DRIVERS\nglog.sys
    2010/10/29 07:09:26.0835 NgVpn (d0c0658c693d491c23adaf3d86e5b0f3) C:\WINDOWS\system32\DRIVERS\ngvpn.sys
    2010/10/29 07:09:26.0965 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/29 07:09:27.0135 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/29 07:09:27.0355 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/29 07:09:27.0445 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/29 07:09:27.0576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/29 07:09:27.0706 O2SCBUS (dd3764730845a74a7fc1021148803fdd) C:\WINDOWS\system32\DRIVERS\ozscr.sys
    2010/10/29 07:09:27.0846 OMCI (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
    2010/10/29 07:09:27.0996 OMVA (73c74eb8b231974b7a961fddd878ae01) C:\WINDOWS\system32\DRIVERS\OMVA.sys
    2010/10/29 07:09:28.0227 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/10/29 07:09:28.0317 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/29 07:09:28.0447 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/29 07:09:28.0597 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\Drivers\pci.sys
    2010/10/29 07:09:28.0807 pciide (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\Drivers\pciide.sys
    2010/10/29 07:09:28.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\Drivers\pcmcia.sys
    2010/10/29 07:09:29.0639 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/29 07:09:29.0769 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/10/29 07:09:29.0869 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/29 07:09:29.0989 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/29 07:09:30.0079 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
    2010/10/29 07:09:30.0700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/29 07:09:30.0840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/29 07:09:30.0981 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/29 07:09:31.0181 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/29 07:09:31.0311 RCFOX (5c72bbc9ca332847e0913168d917d2ee) C:\WINDOWS\system32\Drivers\RCFOX.sys
    2010/10/29 07:09:31.0421 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
    2010/10/29 07:09:31.0641 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/29 07:09:31.0772 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/29 07:09:31.0982 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/10/29 07:09:32.0092 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/29 07:09:32.0172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/29 07:09:32.0272 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2010/10/29 07:09:32.0443 Scap (8c3d61bb8f35264e14fb76856fefad62) C:\WINDOWS\system32\DRIVERS\Scap.sys
    2010/10/29 07:09:32.0653 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/29 07:09:32.0853 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/10/29 07:09:32.0973 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/10/29 07:09:33.0114 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    2010/10/29 07:09:33.0344 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/10/29 07:09:33.0755 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2010/10/29 07:09:33.0925 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/29 07:09:34.0065 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/29 07:09:34.0185 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\WINDOWS\system32\Drivers\SRTSP.SYS
    2010/10/29 07:09:34.0325 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
    2010/10/29 07:09:34.0456 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
    2010/10/29 07:09:34.0666 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/29 07:09:34.0876 STAC97 (f2ca38990f140025b91ee7bbd315f44c) C:\WINDOWS\system32\drivers\STAC97.sys
    2010/10/29 07:09:35.0016 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2010/10/29 07:09:35.0147 StreamDispatcher (81adff4dce596d5f1f4153c064a441fd) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
    2010/10/29 07:09:35.0277 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/10/29 07:09:35.0407 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/29 07:09:35.0717 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/29 07:09:36.0008 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    2010/10/29 07:09:36.0148 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    2010/10/29 07:09:36.0388 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    2010/10/29 07:09:36.0759 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/29 07:09:36.0919 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/29 07:09:37.0039 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/29 07:09:37.0169 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/29 07:09:37.0330 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\WINDOWS\system32\DRIVERS\teefer2.sys
    2010/10/29 07:09:37.0420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/29 07:09:37.0680 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
    2010/10/29 07:09:37.0790 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/29 07:09:38.0091 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/29 07:09:38.0231 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/10/29 07:09:38.0351 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\Drivers\usbehci.sys
    2010/10/29 07:09:38.0431 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\Drivers\usbhub.sys
    2010/10/29 07:09:38.0581 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/10/29 07:09:38.0732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/29 07:09:38.0922 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/29 07:09:39.0022 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\Drivers\usbuhci.sys
    2010/10/29 07:09:39.0152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/29 07:09:39.0363 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/29 07:09:39.0593 VPN-1 (793b9aed2fc908fdfc93f0afa07f59cf) C:\WINDOWS\System32\drivers\vpn.sys
    2010/10/29 07:09:39.0833 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/29 07:09:39.0983 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/29 07:09:40.0164 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2010/10/29 07:09:40.0454 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/10/29 07:09:40.0654 WPS (c24cfb097547dd4dd9040ec9757f0dca) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    2010/10/29 07:09:40.0735 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
    2010/10/29 07:09:40.0845 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/10/29 07:09:41.0005 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/10/29 07:09:41.0155 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/10/29 07:09:41.0426 ================================================================================
    2010/10/29 07:09:41.0426 Scan finished
    2010/10/29 07:09:41.0426 ================================================================================
    2010/10/29 07:11:06.0888 Deinitialize success


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000011c

    Kernel Drivers (total 169):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7C6F000 \WINDOWS\system32\KDCOM.DLL
    0xF7B7F000 \WINDOWS\system32\BOOTVID.dll
    0xF7720000 acpi.sys
    0xF7C71000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF770F000 pci.sys
    0xF776F000 isapnp.sys
    0xF7B83000 compbatt.sys
    0xF7B87000 \WINDOWS\System32\DRIVERS\BATTC.SYS
    0xF7D37000 pciide.sys
    0xF79EF000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
    0xF7C73000 intelide.sys
    0xF76F1000 pcmcia.sys
    0xF777F000 MountMgr.sys
    0xF76D2000 ftdisk.sys
    0xF79F7000 PartMgr.sys
    0xF778F000 VolSnap.sys
    0xF76BA000 atapi.sys
    0xF769A000 fltmgr.sys
    0xF7688000 sr.sys
    0xF7671000 KSecDD.sys
    0xF765E000 WudfPf.sys
    0xF779F000 i8042prt.sys
    0xF75D1000 Ntfs.sys
    0xF75A4000 NDIS.sys
    0xF79FF000 usbuhci.sys
    0xF7580000 \WINDOWS\System32\Drivers\USBPORT.SYS
    0xF7A07000 usbehci.sys
    0xF7566000 Mup.sys
    0xF77AF000 disk.sys
    0xF77BF000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF744F000 btkrnl.sys
    0xF77CF000 agp440.sys
    0xF78EF000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF7C33000 \SystemRoot\System32\DRIVERS\CmBatt.sys
    0xF6D15000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
    0xF6D01000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF78FF000 \SystemRoot\System32\Drivers\usbhub.sys
    0xF7C9B000 \SystemRoot\System32\Drivers\USBD.SYS
    0xF6CD8000 \SystemRoot\System32\DRIVERS\b57xp32.sys
    0xF6CC1000 \SystemRoot\System32\DRIVERS\ozscr.sys
    0xF7C37000 \SystemRoot\System32\DRIVERS\SMCLIB.SYS
    0xF6CA7000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
    0xF7A77000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF7A7F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF790F000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF7C3F000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF6C93000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF791F000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF792F000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xF793F000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF794F000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF6C70000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF6C51000 \SystemRoot\System32\Drivers\pwd_2k.SYS
    0xF7A87000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xF7A8F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF6C21000 \SystemRoot\system32\drivers\STAC97.sys
    0xF6BFD000 \SystemRoot\system32\drivers\portcls.sys
    0xF795F000 \SystemRoot\system32\drivers\drmk.sys
    0xF6BCC000 \SystemRoot\System32\DRIVERS\HSFHWICH.sys
    0xF6ACD000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
    0xF6A25000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
    0xF7A97000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF6A13000 \SystemRoot\system32\DRIVERS\ngvpn.sys
    0xF7A9F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6820000 \SystemRoot\system32\DRIVERS\fw.sys
    0xF7DEB000 \SystemRoot\system32\DRIVERS\DAmirr.sys
    0xF6804000 \SystemRoot\system32\DRIVERS\dne2000.sys
    0xF7C9D000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF7AA7000 \SystemRoot\System32\DRIVERS\btaudio.sys
    0xF796F000 \SystemRoot\System32\DRIVERS\STREAM.SYS
    0xF7DEC000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF7C9F000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF797F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF7C53000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF67ED000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF798F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF799F000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7AAF000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF7AB7000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF67D0000 \SystemRoot\System32\DRIVERS\btwdndis.sys
    0xF7ABF000 \SystemRoot\System32\DRIVERS\btport.sys
    0xF7C57000 \SystemRoot\system32\DRIVERS\rcvpn.sys
    0xF67A0000 \SystemRoot\System32\DRIVERS\rdpdr.sys
    0xF79AF000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF66E2000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0xF7CA1000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF665C000 \SystemRoot\System32\DRIVERS\update.sys
    0xF7AC7000 \SystemRoot\System32\DRIVERS\omci.sys
    0xF7412000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF7ACF000 \SystemRoot\System32\Drivers\mmc_2K.SYS
    0xF785F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xEC5AA000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0xEC45C000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101026.002\NAVEX15.SYS
    0xEC437000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xEC423000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101026.002\NAVENG.SYS
    0xF6700000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0xF7D33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7E74000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7D35000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7B4F000 \SystemRoot\System32\drivers\vga.sys
    0xF7C75000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7C77000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xEC3C8000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
    0xF7B57000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7B5F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xEC383000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
    0xF7C1F000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xEC336000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xF783F000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xEC31B000 \??\C:\WINDOWS\system32\Drivers\RCFOX.sys
    0xEC2C2000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xF784F000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    0xEC295000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xEC26D000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xEC24B000 \SystemRoot\System32\drivers\afd.sys
    0xF781F000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xEC1E1000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xEC1BB000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF6790000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xEC0F0000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xEC080000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF6770000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEC022000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xEC005000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xEBFC5000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7C7B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xEC614000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7A1F000 \SystemRoot\System32\watchdog.sys
    0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
    0xF7DAF000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF9D5000 \SystemRoot\System32\ati2dvag.dll
    0xBFA0B000 \SystemRoot\System32\ati2cqag.dll
    0xBFA43000 \SystemRoot\System32\ati3duag.dll
    0xBFC11000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEBE79000 \SystemRoot\System32\DRIVERS\mdc8021x.sys
    0xEBE65000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xF7AE7000 \SystemRoot\system32\DRIVERS\nglog.sys
    0xEBB8D000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
    0xEB9D0000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xF7CC7000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xEB904000 \SystemRoot\System32\drivers\vpn.sys
    0xF7B1F000 \??\C:\WINDOWS\System32\drivers\btserial.sys
    0xEB8D2000 \??\C:\WINDOWS\System32\drivers\btslbcsp.sys
    0xF7CC9000 \??\C:\Program Files\DesktopAuthority\RaInfo.sys
    0xEB869000 \SystemRoot\System32\Drivers\HTTP.sys
    0xEB79F000 \SystemRoot\System32\DRIVERS\srv.sys
    0xEB83D000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
    0xF7A37000 \SystemRoot\System32\DRIVERS\Scap.sys
    0xF7A3F000 \SystemRoot\System32\DRIVERS\strmdisp.sys
    0xF78DF000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEB14A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEBA0D000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7B37000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xEB0B1000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xF7B27000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xBFC90000 \SystemRoot\System32\spool\DRIVERS\W32X86\2\acpdf205.dll
    0xBAE21000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF7B07000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
    0xF7A47000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xEBD09000 \SystemRoot\System32\Drivers\hidusb.sys
    0xF7231000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
    0xEB233000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xBABF1000 \SystemRoot\System32\DRIVERS\bcmwl5.sys
    0xBA9E6000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 53):
    0 System Idle Process
    4 System
    1580 C:\WINDOWS\system32\smss.exe
    1780 csrss.exe
    1812 C:\WINDOWS\system32\winlogon.exe
    1856 C:\WINDOWS\system32\services.exe
    1868 C:\WINDOWS\system32\lsass.exe
    2032 C:\WINDOWS\system32\ati2evxx.exe
    164 C:\WINDOWS\system32\svchost.exe
    344 svchost.exe
    540 C:\WINDOWS\system32\svchost.exe
    584 C:\WINDOWS\system32\svchost.exe
    640 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    872 svchost.exe
    1052 svchost.exe
    1064 C:\WINDOWS\system32\ngvpnmgr.exe
    1432 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    184 C:\WINDOWS\system32\spoolsv.exe
    528 scardsvr.exe
    776 svchost.exe
    820 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    944 C:\Program Files\Bonjour\mDNSResponder.exe
    1124 C:\Program Files\DesktopAuthority\ramaint.exe
    1408 C:\Program Files\DesktopAuthority\DesktopAuthority.exe
    408 C:\WINDOWS\system32\svchost.exe
    256 C:\PROGRA~1\INTERB~1\Bin\ibguard.exe
    468 C:\Program Files\Java\jre6\bin\jqs.exe
    508 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1360 C:\WINDOWS\system32\slClient.exe
    1644 C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    1768 C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    384 C:\WINDOWS\system32\svchost.exe
    924 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    1112 C:\WINDOWS\system32\expsrv32.exe
    1092 C:\WINDOWS\system32\WLTRYSVC.EXE
    1044 C:\WINDOWS\system32\devmgr32.exe
    1380 C:\Program Files\OpenRsm\Agent\OrsmAgentService.exe
    2608 wmpnetwk.exe
    3212 C:\Program Files\InterBase\Bin\ibserver.exe
    3400 alg.exe
    1440 C:\WINDOWS\system32\BCMWLTRY.EXE
    3284 C:\WINDOWS\explorer.exe
    2144 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    3916 C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
    3980 C:\WINDOWS\system32\carpserv.exe
    1236 C:\Program Files\Apoint\Apoint.exe
    964 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    3892 C:\Program Files\DesktopAuthority\ragui.exe
    3232 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    3512 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    3336 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3352 C:\Program Files\Apoint\ApntEx.exe
    2748 C:\Documents and Settings\administrator.psi\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK6026GAX, Rev: PA202D

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Both logs look good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    ComboFix 10-10-29.03 - Administrator 10/30/2010 6:18.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.556 [GMT -4:00]
    Running from: c:\documents and settings\administrator.psi\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}
    c:\documents and settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}\chrome.manifest
    c:\documents and settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}\chrome\xulcache.jar
    c:\documents and settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}\defaults\preferences\xulcache.js
    c:\documents and settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}\install.rdf
    c:\documents and settings\LocalService\Application Data\02000000dfe8943d1053C.manifest
    c:\documents and settings\LocalService\Application Data\02000000dfe8943d1053O.manifest
    c:\documents and settings\LocalService\Application Data\02000000dfe8943d1053P.manifest
    c:\documents and settings\LocalService\Application Data\02000000dfe8943d1053S.manifest
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{5a747f7c-762a-40bb-99cc-0e35da203ce9}
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{5a747f7c-762a-40bb-99cc-0e35da203ce9}\chrome.manifest
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{5a747f7c-762a-40bb-99cc-0e35da203ce9}\chrome\xulcache.jar
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{5a747f7c-762a-40bb-99cc-0e35da203ce9}\defaults\preferences\xulcache.js
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{5a747f7c-762a-40bb-99cc-0e35da203ce9}\install.rdf
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}\chrome.manifest
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}\chrome\xulcache.jar
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}\defaults\preferences\xulcache.js
    c:\documents and settings\tvaughn\Application Data\Mozilla\Firefox\Profiles\liarbe98.default\extensions\{fd5e915e-c6db-4a7d-896b-7668ad16f5b5}\install.rdf
    c:\windows\system32\709041280
    c:\windows\system32\atioglxx32.dll
    c:\windows\system32\unrar.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-29 11:03 . 2010-10-29 11:03 0 ----a-w- c:\windows\system32\5.tmp
    2010-10-26 18:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-26 18:52 . 2010-10-26 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-26 18:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-26 14:19 . 2010-10-26 14:19 0 ---ha-w- c:\documents and settings\administrator.psi\ymmszlgrbn.tmp
    2010-10-26 14:14 . 2010-10-26 14:14 -------- d-----w- c:\program files\Magical Jelly Bean
    2010-10-26 14:13 . 2010-10-26 14:13 -------- d-----w- c:\documents and settings\administrator.psi\Local Settings\Application Data\Mozilla
    2010-10-21 15:32 . 2010-10-21 15:32 0 ---ha-w- c:\documents and settings\tvaughn\ymmszlgrbn.tmp
    2010-10-20 19:16 . 2010-10-20 19:16 174592 ----a-w- c:\windows\system32\jscript32.exe
    2010-10-20 19:15 . 2010-10-20 19:15 1349120 ----a-w- c:\windows\system32\devmgr32.exe
    2010-10-20 19:15 . 2010-10-20 19:15 250368 ----a-w- c:\windows\system32\jsproxy32.dll
    2010-10-20 19:15 . 2010-10-20 19:15 1349120 ----a-w- c:\windows\system32\expsrv32.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-05 12:11 . 2010-08-17 20:22 167936 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
    2010-08-18 16:49 . 2010-08-18 16:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-08-18 16:49 . 2010-08-18 16:49 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-08-17 20:22 . 2010-08-17 20:22 107848 ----a-w- c:\windows\system32\SymVPN.dll
    2010-08-17 20:22 . 2010-08-17 20:22 89088 ----a-w- c:\windows\system32\atl71.dll
    2010-08-17 20:22 . 2010-08-17 20:22 625032 ----a-w- c:\windows\system32\SymNeti.dll
    2010-08-17 20:22 . 2010-08-17 20:22 49480 ----a-w- c:\windows\system32\FwsVpn.dll
    2010-08-17 20:22 . 2010-08-17 20:22 42312 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
    2010-08-17 20:22 . 2010-08-17 20:22 242056 ----a-w- c:\windows\system32\SymRedir.dll
    2010-08-17 20:22 . 2010-08-17 20:22 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
    2010-08-17 20:22 . 2010-08-17 20:22 320560 ----a-w- c:\windows\system32\drivers\srtspl.sys
    2010-08-17 20:22 . 2010-08-17 20:22 281648 ----a-w- c:\windows\system32\drivers\srtsp.sys
    2010-08-17 20:21 . 2010-08-17 20:21 50064 ----a-w- c:\windows\system32\drivers\Teefer2.sys
    2010-08-17 20:21 . 2010-08-17 20:21 39856 ----a-w- c:\windows\system32\drivers\symids.sys
    2010-08-17 20:21 . 2010-08-17 20:21 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
    2010-08-17 20:21 . 2010-08-17 20:21 35120 ----a-w- c:\windows\system32\drivers\symndis.sys
    2010-08-17 20:21 . 2010-08-17 20:21 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
    2010-08-17 20:21 . 2010-08-17 20:21 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
    2010-08-17 20:21 . 2010-08-17 20:21 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
    2010-08-17 20:21 . 2010-08-17 20:21 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
    2010-08-17 20:21 . 2010-08-17 20:21 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A96E11C-CD93-0D21-C1AB-8B0383B8AD01}]
    2010-10-20 19:15 250368 ----a-w- c:\windows\system32\jsproxy32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CARPService"="carpserv.exe" [2002-10-17 4608]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]
    "Desktop Authority GUI"="c:\program files\DesktopAuthority\ragui.exe" [2006-03-06 442368]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "ControlCenter2.0"="c:\program files\Oce\ControlCenter2\brctrcen.exe" [2006-06-22 1007616]
    "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-08-17 115560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
    2005-03-01 23:49 24672 ----a-w- c:\windows\system32\ckpNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-02-04 19:18 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
    "c:\\WINDOWS\\system32\\expsrv32.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [9/18/2008 3:39 PM 91136]
    R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\DesktopAuthority\rainfo.sys [12/19/2006 3:16 PM 6400]
    R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\DesktopAuthority\ramaint.exe [12/19/2006 3:16 PM 49152]
    R2 DesktopAuthority;Desktop Authority Service;c:\program files\DesktopAuthority\DesktopAuthority.exe [12/19/2006 3:16 PM 1089536]
    R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [8/3/2006 2:50 PM 190528]
    R2 OrsmAgentServiceCom;OrsmAgentServiceCom;c:\program files\OpenRsm\Agent\OrsmAgentService.exe [4/24/2007 8:57 AM 1041920]
    R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [7/27/2010 9:01 AM 17456]
    R2 SLClient;ScriptLogic Service;c:\windows\system32\slClient.exe [12/19/2005 2:49 PM 527360]
    R2 Symantec AntiVirus32;Symantec Endpoint Protection ;c:\windows\system32\expsrv32.exe [10/20/2010 3:15 PM 1349120]
    R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [7/27/2010 9:01 AM 670128]
    R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [12/19/2006 3:16 PM 2944]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/18/2010 1:13 PM 102448]
    R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [7/27/2010 9:04 AM 2041904]
    R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [8/3/2006 2:48 PM 18944]
    R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\NgVpn.sys [8/3/2006 2:49 PM 70144]
    R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [9/18/2008 3:38 PM 23180]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [8/17/2010 4:21 PM 23888]
    S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [8/3/2006 2:49 PM 15360]
    S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [7/27/2010 9:04 AM 14924]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2008-05-05 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2004-01-23 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    FF - ProfilePath - c:\documents and settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\
    FF - plugin: c:\documents and settings\tvaughn\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\tvaughn\Application Data\Move Networks\plugins\npqmp071505000011.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{0628C7B2-A339-4980-96F6-7AC886E4B19f} - c:\windows\system32\atioglxx32.dll
    BHO-{073FF658-6BD6-4B2D-9094-1907CCF67FCa} - c:\windows\system32\atioglxx32.dll
    BHO-{0C518F64-A339-4980-96F6-7AC886E4B19f} - c:\windows\system32\atioglxx32.dll
    BHO-{0E7FECB0-6BD6-4B2D-9094-1907CCF67FCa} - c:\windows\system32\atioglxx32.dll
    SafeBoot-Symantec Antvirus



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 06:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-966400107-4207243982-2677830620-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    .
    Completion time: 2010-10-30 06:30:19
    ComboFix-quarantined-files.txt 2010-10-30 10:30
    ComboFix2.txt 2010-08-03 18:39

    Pre-Run: 32,705,716,224 bytes free
    Post-Run: 32,683,872,256 bytes free

    - - End Of File - - EDFF15F65CA7CBA3FDE360ACAC234015

    HERE IS THE LOG AND THANKS FOR THE HELP
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\5.tmp
    c:\documents and settings\administrator.psi\ymmszlgrbn.tmp
    c:\documents and settings\tvaughn\ymmszlgrbn.tmp
    c:\windows\system32\jscript32.exe
    c:\windows\system32\devmgr32.exe
    c:\windows\system32\jsproxy32.dll
    c:\windows\system32\expsrv32.exe
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A96E11C-CD93-0D21-C1AB-8B0383B8AD01}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=dword:00000001
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  9. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    Well dragging the script into ComboFix did not cause it to start. So after trying several times I clicked ComboFix myself. log to follow
     
  10. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    here is the log

    Edit:log was not useful and just wasted space
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Well, you have to run my script.
    If dragging doesn't work, try this:

    Run script from command line:

    Click Start > Run and copy/paste the following line in the runbox and press enter:

    combofix "%userprofile%\desktop\cfscript.txt"

    Note. CFScript.txt MUST be located on the desktop for this to work.
     
  12. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    Running from the Command Line failed and noted it was a rich text. Happily Combofix closed itself after that. I saved the script as unicode and was able to drag to start.
    I had to change the Encoding from ANSI to unicode. Log to follow.
     
  13. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    Here is the log. Combofix even sent malware files back home for analysis, first time I have seen that.


    ComboFix 10-10-29.03 - Administrator 10/30/2010 15:03:37.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.472 [GMT -4:00]
    Running from: c:\documents and settings\administrator.psi\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\administrator.psi\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    FILE ::
    "c:\documents and settings\administrator.psi\ymmszlgrbn.tmp"
    "c:\documents and settings\tvaughn\ymmszlgrbn.tmp"
    "c:\windows\system32\5.tmp"
    "c:\windows\system32\devmgr32.exe"
    "c:\windows\system32\expsrv32.exe"
    "c:\windows\system32\jscript32.exe"
    "c:\windows\system32\jsproxy32.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\administrator.psi\ymmszlgrbn.tmp
    c:\documents and settings\tvaughn\ymmszlgrbn.tmp
    c:\windows\system32\5.tmp
    c:\windows\system32\devmgr32.exe
    c:\windows\system32\expsrv32.exe
    c:\windows\system32\jscript32.exe
    c:\windows\system32\jsproxy32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_Symantec_AntiVirus32
    -------\Service_Symantec AntiVirus32


    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-30 19:09 . 2010-10-20 19:15 1349120 ----a-w- c:\windows\system32\atioglxx32.exe
    2010-10-30 17:33 . 2010-10-30 17:33 0 ----a-w- c:\windows\system32\3.tmp
    2010-10-26 18:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-26 18:52 . 2010-10-26 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-26 18:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-26 14:14 . 2010-10-26 14:14 -------- d-----w- c:\program files\Magical Jelly Bean
    2010-10-26 14:13 . 2010-10-26 14:13 -------- d-----w- c:\documents and settings\administrator.psi\Local Settings\Application Data\Mozilla

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-05 12:11 . 2010-08-17 20:22 167936 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
    2010-08-18 16:49 . 2010-08-18 16:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-08-18 16:49 . 2010-08-18 16:49 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-08-17 20:22 . 2010-08-17 20:22 107848 ----a-w- c:\windows\system32\SymVPN.dll
    2010-08-17 20:22 . 2010-08-17 20:22 89088 ----a-w- c:\windows\system32\atl71.dll
    2010-08-17 20:22 . 2010-08-17 20:22 625032 ----a-w- c:\windows\system32\SymNeti.dll
    2010-08-17 20:22 . 2010-08-17 20:22 49480 ----a-w- c:\windows\system32\FwsVpn.dll
    2010-08-17 20:22 . 2010-08-17 20:22 42312 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
    2010-08-17 20:22 . 2010-08-17 20:22 242056 ----a-w- c:\windows\system32\SymRedir.dll
    2010-08-17 20:22 . 2010-08-17 20:22 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
    2010-08-17 20:22 . 2010-08-17 20:22 320560 ----a-w- c:\windows\system32\drivers\srtspl.sys
    2010-08-17 20:22 . 2010-08-17 20:22 281648 ----a-w- c:\windows\system32\drivers\srtsp.sys
    2010-08-17 20:21 . 2010-08-17 20:21 50064 ----a-w- c:\windows\system32\drivers\Teefer2.sys
    2010-08-17 20:21 . 2010-08-17 20:21 39856 ----a-w- c:\windows\system32\drivers\symids.sys
    2010-08-17 20:21 . 2010-08-17 20:21 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
    2010-08-17 20:21 . 2010-08-17 20:21 35120 ----a-w- c:\windows\system32\drivers\symndis.sys
    2010-08-17 20:21 . 2010-08-17 20:21 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
    2010-08-17 20:21 . 2010-08-17 20:21 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
    2010-08-17 20:21 . 2010-08-17 20:21 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
    2010-08-17 20:21 . 2010-08-17 20:21 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
    2010-08-17 20:21 . 2010-08-17 20:21 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-30_10.27.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-30 19:13 . 2010-10-30 19:13 16384 c:\windows\Temp\Perflib_Perfdata_500.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CARPService"="carpserv.exe" [2002-10-17 4608]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]
    "Desktop Authority GUI"="c:\program files\DesktopAuthority\ragui.exe" [2006-03-06 442368]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "ControlCenter2.0"="c:\program files\Oce\ControlCenter2\brctrcen.exe" [2006-06-22 1007616]
    "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-08-17 115560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
    2005-03-01 23:49 24672 ----a-w- c:\windows\system32\ckpNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-02-04 19:18 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [9/18/2008 3:39 PM 91136]
    R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\DesktopAuthority\rainfo.sys [12/19/2006 3:16 PM 6400]
    R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\DesktopAuthority\ramaint.exe [12/19/2006 3:16 PM 49152]
    R2 DesktopAuthority;Desktop Authority Service;c:\program files\DesktopAuthority\DesktopAuthority.exe [12/19/2006 3:16 PM 1089536]
    R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [8/3/2006 2:50 PM 190528]
    R2 OrsmAgentServiceCom;OrsmAgentServiceCom;c:\program files\OpenRsm\Agent\OrsmAgentService.exe [4/24/2007 8:57 AM 1041920]
    R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [7/27/2010 9:01 AM 17456]
    R2 SLClient;ScriptLogic Service;c:\windows\system32\slClient.exe [12/19/2005 2:49 PM 527360]
    R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [7/27/2010 9:01 AM 670128]
    R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [12/19/2006 3:16 PM 2944]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/18/2010 1:13 PM 102448]
    R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [7/27/2010 9:04 AM 2041904]
    R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [8/3/2006 2:48 PM 18944]
    R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\NgVpn.sys [8/3/2006 2:49 PM 70144]
    R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [9/18/2008 3:38 PM 23180]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [8/17/2010 4:21 PM 23888]
    S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [8/3/2006 2:49 PM 15360]
    S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [7/27/2010 9:04 AM 14924]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2008-05-05 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2004-01-23 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    FF - ProfilePath - c:\documents and settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\
    FF - plugin: c:\documents and settings\tvaughn\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\tvaughn\Application Data\Move Networks\plugins\npqmp071505000011.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 15:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-966400107-4207243982-2677830620-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1196)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\System32\BTNCopy.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\Ati2evxx.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\progra~1\INTERB~1\Bin\ibguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
    c:\program files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\System32\wltrysvc.exe
    c:\windows\System32\bcmwltry.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\progra~1\INTERB~1\Bin\ibserver.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    c:\windows\system32\carpserv.exe
    c:\program files\Apoint\Apntex.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-30 15:43:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-30 19:43
    ComboFix2.txt 2010-10-30 18:45
    ComboFix3.txt 2010-10-30 10:30
    ComboFix4.txt 2010-08-03 18:39

    Pre-Run: 32,650,100,736 bytes free
    Post-Run: 32,529,973,248 bytes free

    - - End Of File - - 020737F5E9AEFA82C539F2D69D6A8073
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    We still have some more work to do...

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\atioglxx32.exe
    c:\windows\system32\3.tmp
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  15. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    LOG

    ComboFix 10-10-29.03 - Administrator 10/30/2010 16:21:08.5.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.559 [GMT -4:00]
    Running from: c:\documents and settings\administrator.psi\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\administrator.psi\Desktop\cfscript.txt
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    FILE ::
    "c:\windows\system32\3.tmp"
    "c:\windows\system32\atioglxx32.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\3.tmp
    c:\windows\system32\atioglxx32.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-26 18:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-26 18:52 . 2010-10-26 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-26 18:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-26 14:14 . 2010-10-26 14:14 -------- d-----w- c:\program files\Magical Jelly Bean
    2010-10-26 14:13 . 2010-10-26 14:13 -------- d-----w- c:\documents and settings\administrator.psi\Local Settings\Application Data\Mozilla

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-05 12:11 . 2010-08-17 20:22 167936 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
    2010-08-18 16:49 . 2010-08-18 16:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-08-18 16:49 . 2010-08-18 16:49 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-08-17 20:22 . 2010-08-17 20:22 107848 ----a-w- c:\windows\system32\SymVPN.dll
    2010-08-17 20:22 . 2010-08-17 20:22 89088 ----a-w- c:\windows\system32\atl71.dll
    2010-08-17 20:22 . 2010-08-17 20:22 625032 ----a-w- c:\windows\system32\SymNeti.dll
    2010-08-17 20:22 . 2010-08-17 20:22 49480 ----a-w- c:\windows\system32\FwsVpn.dll
    2010-08-17 20:22 . 2010-08-17 20:22 42312 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
    2010-08-17 20:22 . 2010-08-17 20:22 242056 ----a-w- c:\windows\system32\SymRedir.dll
    2010-08-17 20:22 . 2010-08-17 20:22 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
    2010-08-17 20:22 . 2010-08-17 20:22 320560 ----a-w- c:\windows\system32\drivers\srtspl.sys
    2010-08-17 20:22 . 2010-08-17 20:22 281648 ----a-w- c:\windows\system32\drivers\srtsp.sys
    2010-08-17 20:21 . 2010-08-17 20:21 50064 ----a-w- c:\windows\system32\drivers\Teefer2.sys
    2010-08-17 20:21 . 2010-08-17 20:21 39856 ----a-w- c:\windows\system32\drivers\symids.sys
    2010-08-17 20:21 . 2010-08-17 20:21 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
    2010-08-17 20:21 . 2010-08-17 20:21 35120 ----a-w- c:\windows\system32\drivers\symndis.sys
    2010-08-17 20:21 . 2010-08-17 20:21 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
    2010-08-17 20:21 . 2010-08-17 20:21 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
    2010-08-17 20:21 . 2010-08-17 20:21 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
    2010-08-17 20:21 . 2010-08-17 20:21 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
    2010-08-17 20:21 . 2010-08-17 20:21 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-30_10.27.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-30 19:13 . 2010-10-30 19:13 16384 c:\windows\Temp\Perflib_Perfdata_500.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CARPService"="carpserv.exe" [2002-10-17 4608]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]
    "Desktop Authority GUI"="c:\program files\DesktopAuthority\ragui.exe" [2006-03-06 442368]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "ControlCenter2.0"="c:\program files\Oce\ControlCenter2\brctrcen.exe" [2006-06-22 1007616]
    "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-08-17 115560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
    2005-03-01 23:49 24672 ----a-w- c:\windows\system32\ckpNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-02-04 19:18 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
    "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [9/18/2008 3:39 PM 91136]
    R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\DesktopAuthority\rainfo.sys [12/19/2006 3:16 PM 6400]
    R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\DesktopAuthority\ramaint.exe [12/19/2006 3:16 PM 49152]
    R2 DesktopAuthority;Desktop Authority Service;c:\program files\DesktopAuthority\DesktopAuthority.exe [12/19/2006 3:16 PM 1089536]
    R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [8/3/2006 2:50 PM 190528]
    R2 OrsmAgentServiceCom;OrsmAgentServiceCom;c:\program files\OpenRsm\Agent\OrsmAgentService.exe [4/24/2007 8:57 AM 1041920]
    R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [7/27/2010 9:01 AM 17456]
    R2 SLClient;ScriptLogic Service;c:\windows\system32\slClient.exe [12/19/2005 2:49 PM 527360]
    R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [7/27/2010 9:01 AM 670128]
    R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [12/19/2006 3:16 PM 2944]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/18/2010 1:13 PM 102448]
    R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [7/27/2010 9:04 AM 2041904]
    R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [8/3/2006 2:48 PM 18944]
    R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\NgVpn.sys [8/3/2006 2:49 PM 70144]
    R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [9/18/2008 3:38 PM 23180]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [8/17/2010 4:21 PM 23888]
    S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [8/3/2006 2:49 PM 15360]
    S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [7/27/2010 9:04 AM 14924]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2008-05-05 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2004-01-23 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    FF - ProfilePath - c:\documents and settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\
    FF - plugin: c:\documents and settings\tvaughn\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\tvaughn\Application Data\Move Networks\plugins\npqmp071505000011.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 16:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-966400107-4207243982-2677830620-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,ce,b8,6a,4d,55,46,44,a5,97,78,\
    .
    Completion time: 2010-10-30 16:32:59
    ComboFix-quarantined-files.txt 2010-10-30 20:32
    ComboFix2.txt 2010-10-30 19:43
    ComboFix3.txt 2010-10-30 18:45
    ComboFix4.txt 2010-10-30 10:30
    ComboFix5.txt 2010-10-30 20:19

    Pre-Run: 32,543,719,424 bytes free
    Post-Run: 32,520,568,832 bytes free

    - - End Of File - - EBF39210577C0ED9968AD97869E1596F
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    ran the full scan accidentally. should I rerun it in as quick scan or post the full scan reports
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    If you ran full scan with my script, it'll do.
     
  19. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    I found no log labeled Extras

    OTL logfile created on: 10/30/2010 4:46:31 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\administrator.psi\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 532.00 Mb Available Physical Memory | 52.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.88 Gb Total Space | 30.32 Gb Free Space | 54.25% Space Free | Partition Type: NTFS
    Drive E: | 3.74 Gb Total Space | 1.38 Gb Free Space | 36.88% Space Free | Partition Type: FAT32

    Computer Name: MWNLT006 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/30 16:42:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.psi\Desktop\OTL.exe
    PRC - [2010/08/17 16:22:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/08/17 16:21:58 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/08/17 16:21:52 | 001,831,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/08/17 16:21:52 | 001,447,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/08/17 16:21:46 | 001,775,344 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/24 08:57:02 | 001,041,920 | ---- | M] () -- C:\Program Files\OpenRsm\Agent\OrsmAgentService.exe
    PRC - [2006/08/03 14:50:28 | 000,190,528 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
    PRC - [2006/03/06 02:55:08 | 000,527,360 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\slClient.exe
    PRC - [2006/03/06 02:54:44 | 000,442,368 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\ragui.exe
    PRC - [2006/03/06 02:54:44 | 000,049,152 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\ramaint.exe
    PRC - [2006/03/06 02:23:30 | 001,089,536 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\DesktopAuthority.exe
    PRC - [2005/03/17 14:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    PRC - [2005/03/01 19:49:30 | 001,691,741 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
    PRC - [2005/03/01 19:49:18 | 000,036,962 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    PRC - [2005/03/01 19:49:14 | 000,110,689 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    PRC - [2004/09/13 12:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2002/10/17 12:54:04 | 000,004,608 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\carpserv.exe
    PRC - [2001/04/24 21:50:12 | 000,022,016 | ---- | M] (Inprise Corporation) -- C:\Program Files\InterBase\Bin\ibguard.exe
    PRC - [2001/04/24 21:48:26 | 001,703,936 | ---- | M] (Inprise Corporation) -- C:\Program Files\InterBase\Bin\ibserver.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/30 16:42:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.psi\Desktop\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/08/17 16:22:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/08/17 16:22:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/08/17 16:21:52 | 001,831,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/08/17 16:21:52 | 000,345,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/08/17 16:21:46 | 001,775,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2007/04/24 08:57:02 | 001,041,920 | ---- | M] () [Auto | Running] -- C:\Program Files\OpenRsm\Agent\OrsmAgentService.exe -- (OrsmAgentServiceCom)
    SRV - [2006/08/03 14:50:28 | 000,190,528 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
    SRV - [2006/03/06 02:55:08 | 000,527,360 | ---- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\WINDOWS\system32\slClient.exe -- (SLClient)
    SRV - [2006/03/06 02:54:44 | 000,049,152 | ---- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\Program Files\DesktopAuthority\ramaint.exe -- (DAMaint)
    SRV - [2006/03/06 02:23:30 | 001,089,536 | ---- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\Program Files\DesktopAuthority\DesktopAuthority.exe -- (DesktopAuthority)
    SRV - [2005/06/08 05:40:00 | 000,065,585 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)
    SRV - [2005/03/01 19:49:18 | 000,036,962 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe -- (SR_WatchDog)
    SRV - [2005/03/01 19:49:14 | 000,110,689 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
    SRV - [2004/10/15 10:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
    SRV - [2001/04/24 21:50:12 | 000,022,016 | ---- | M] (Inprise Corporation) [Auto | Running] -- C:\Program Files\InterBase\Bin\ibguard.exe -- (InterBaseGuardian)
    SRV - [2001/04/24 21:48:26 | 001,703,936 | ---- | M] (Inprise Corporation) [On_Demand | Running] -- C:\Program Files\InterBase\Bin\ibserver.exe -- (InterBaseServer)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/10/25 08:47:21 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101026.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/10/25 08:47:21 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101026.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/10/05 08:11:31 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
    DRV - [2010/08/18 12:49:46 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/08/17 16:22:16 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2010/08/17 16:22:04 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/08/17 16:22:04 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/08/17 16:22:04 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/08/17 16:21:56 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2010/08/17 16:21:28 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/08/17 16:21:28 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2010/08/17 16:21:24 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2010/08/17 16:21:20 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2010/07/15 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/07/15 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2006/08/03 14:49:52 | 000,015,360 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
    DRV - [2006/08/03 14:49:48 | 000,070,144 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NgVpn.sys -- (NgVpn)
    DRV - [2006/08/03 14:48:56 | 000,018,944 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
    DRV - [2006/03/06 02:54:44 | 000,006,400 | ---- | M] (ScriptLogic Corporation) [Kernel | Auto | Running] -- C:\Program Files\DesktopAuthority\rainfo.sys -- (DAInfo)
    DRV - [2006/03/06 02:54:42 | 000,002,944 | ---- | M] (ScriptLogic Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DAmirr.sys -- (DAmirr)
    DRV - [2006/01/19 03:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2006/01/18 22:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
    DRV - [2005/03/01 19:49:36 | 002,041,904 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
    DRV - [2005/03/01 19:49:30 | 000,017,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\scap.sys -- (Scap)
    DRV - [2005/03/01 19:49:28 | 000,014,924 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OMVA.sys -- (OMVA)
    DRV - [2005/03/01 19:49:24 | 000,670,128 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
    DRV - [2004/12/16 11:35:46 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
    DRV - [2004/12/16 11:35:46 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2004/12/16 11:35:46 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2004/12/16 11:35:46 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2004/12/15 17:35:36 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
    DRV - [2004/11/16 11:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2004/10/25 15:19:18 | 000,092,561 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
    DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
    DRV - [2004/10/15 10:46:12 | 000,091,136 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RCFOX.SYS -- (RCFOX)
    DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/06/25 19:15:50 | 000,315,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/06/17 16:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/05/14 17:15:22 | 000,147,236 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2003/08/20 14:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn)
    DRV - [2003/01/07 18:41:12 | 000,166,016 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2002/12/17 13:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2002/12/17 13:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2002/12/17 13:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
    DRV - [2002/12/10 12:03:14 | 001,155,914 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2002/12/09 10:43:58 | 000,144,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2002/12/09 10:42:18 | 000,022,119 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
    DRV - [2002/12/09 10:41:56 | 000,222,164 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
    DRV - [2002/12/09 10:37:08 | 000,030,043 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2002/12/09 10:35:54 | 000,065,076 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2002/12/09 10:06:28 | 000,021,701 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (BtAudio)
    DRV - [2002/11/18 18:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
    DRV - [2002/11/11 18:57:16 | 000,193,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2002/10/17 12:54:18 | 000,036,348 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
    DRV - [2002/10/09 10:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B2 C7 28 06 39 A3 80 49 96 F6 7A C8 86 E4 B1 9F [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {fd5e915e-c6db-4a7d-896b-7668ad16f5b5}:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BA7129B6-B8EF-4793-9B55-877BDFD8796F}: C:\Documents and Settings\tvaughn\Local Settings\Application Data\{BA7129B6-B8EF-4793-9B55-877BDFD8796F}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDA7428-901E-4E4C-8F04-33B513899B22}: C:\Documents and Settings\tvaughn\Local Settings\Application Data\{ABDA7428-901E-4E4C-8F04-33B513899B22}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1B8E3070-1825-4D22-B7B9-38324334412B}: C:\Documents and Settings\administrator.psi\Local Settings\Application Data\{1B8E3070-1825-4D22-B7B9-38324334412B}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{694C55D1-CF37-4BBE-BD7B-85282EC657EF}: C:\Documents and Settings\administrator.psi\Local Settings\Application Data\{694C55D1-CF37-4BBE-BD7B-85282EC657EF}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{65300691-F88E-4443-A635-379D741A5A5B}: C:\Documents and Settings\administrator.psi\Local Settings\Application Data\{65300691-F88E-4443-A635-379D741A5A5B}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{EF23141B-C3AB-4D24-B9C5-C74A7E586558}: C:\Documents and Settings\administrator.psi\Local Settings\Application Data\{EF23141B-C3AB-4D24-B9C5-C74A7E586558}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{319B0AED-DAD2-4A26-970F-CF3E4F1F3747}: C:\Documents and Settings\administrator.psi\Local Settings\Application Data\{319B0AED-DAD2-4A26-970F-CF3E4F1F3747}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1DDAB3E0-87FA-4E5E-8CCB-FD4E2EE259BF}: C:\Documents and Settings\administrator.psi\Local Settings\Application Data\{1DDAB3E0-87FA-4E5E-8CCB-FD4E2EE259BF}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{C9A41CBE-B1D4-4538-9F7C-5AD95C9E92E4}: C:\Documents and Settings\administrator.psi\Local Settings\Application Data\{C9A41CBE-B1D4-4538-9F7C-5AD95C9E92E4}\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3C55ADF8-A461-4BBE-9575-5A857429D087}: C:\Documents and Settings\administrator.psi\Local Settings\Application Data\{3C55ADF8-A461-4BBE-9575-5A857429D087}\
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 10:13:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 08:34:33 | 000,000,000 | ---D | M]

    [2010/10/26 10:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.psi\Application Data\Mozilla\Extensions
    [2010/10/30 06:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.psi\Application Data\Mozilla\Firefox\Profiles\t1lpe0bo.default\extensions
    [2010/07/27 13:50:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/10/30 16:30:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
    O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Oce\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Desktop Authority GUI] C:\Program Files\DesktopAuthority\ragui.exe (ScriptLogic Corporation)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Key error. (QuickTime Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PSI.local
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/12/15 09:57:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.g723 - g723.acm File not found
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/30 16:42:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.psi\Desktop\OTL.exe
    [2010/10/30 16:19:38 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/10/30 06:15:17 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/27 09:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.psi\Desktop\fix logs
    [2010/10/26 14:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/26 14:52:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/26 14:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/26 10:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
    [2010/10/26 10:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.psi\My Documents\Downloads
    [2010/10/26 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.psi\Local Settings\Application Data\Mozilla
    [2010/10/26 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.psi\Application Data\Mozilla
    [2010/10/20 15:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
    [2010/10/15 08:51:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2005/08/31 21:33:54 | 000,092,672 | ---- | C] ( ) -- C:\WINDOWS\System32\DVDRead.dll
    [2004/12/16 15:06:12 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/10/30 16:42:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.psi\Desktop\OTL.exe
    [2010/10/30 16:30:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/30 15:38:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/30 15:13:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/30 15:12:59 | 1073,000,448 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/30 15:09:42 | 000,000,101 | ---- | M] () -- C:\WINDOWS\System32\1658809488
    [2010/10/30 06:10:17 | 003,895,619 | R--- | M] () -- C:\Documents and Settings\administrator.psi\Desktop\ComboFix.exe
    [2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/28 08:22:05 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2003.lnk
    [2010/10/27 16:40:24 | 000,001,438 | ---- | M] () -- C:\WINDOWS\M2MWin.ini
    [2010/10/26 14:52:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/26 10:15:08 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\1745551515
    [2010/10/26 08:13:13 | 000,000,348 | -HS- | M] () -- C:\WINDOWS\System32\1210133431
    [2010/10/25 13:24:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/15 08:53:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/10/05 11:42:13 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Access 2003.lnk
    [2010/10/05 08:11:31 | 000,167,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys

    ========== Files Created - No Company Name ==========

    [2010/10/30 06:14:12 | 003,895,619 | R--- | C] () -- C:\Documents and Settings\administrator.psi\Desktop\ComboFix.exe
    [2010/10/26 14:52:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/20 15:17:32 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\1745551515
    [2010/10/20 15:17:32 | 000,000,348 | -HS- | C] () -- C:\WINDOWS\System32\1210133431
    [2010/10/20 15:15:51 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\1658809488
    [2010/10/15 08:53:58 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/07/27 09:04:53 | 000,106,591 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
    [2010/07/27 09:04:41 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
    [2009/11/25 14:04:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
    [2009/08/10 11:10:48 | 000,010,844 | ---- | C] () -- C:\WINDOWS\convert.ini
    [2009/06/17 09:06:53 | 000,000,537 | ---- | C] () -- C:\WINDOWS\GNEILEMP.INI
    [2009/06/17 09:04:43 | 000,000,215 | ---- | C] () -- C:\WINDOWS\HRWARE.INI
    [2009/04/10 13:34:48 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
    [2007/10/12 16:18:46 | 000,000,079 | ---- | C] () -- C:\WINDOWS\showcalc.ini
    [2007/09/24 08:40:51 | 000,020,529 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
    [2007/09/24 08:40:51 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
    [2007/09/24 08:40:50 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
    [2007/09/24 08:40:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
    [2007/09/24 08:40:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
    [2007/09/24 08:40:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
    [2007/09/24 08:40:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
    [2007/09/24 08:40:50 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
    [2007/09/11 17:57:18 | 000,001,438 | ---- | C] () -- C:\WINDOWS\M2MWin.ini
    [2007/08/27 18:09:19 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2007/08/27 18:08:50 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2007/08/27 18:08:50 | 000,000,089 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2007/08/27 18:08:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
    [2007/08/27 18:08:36 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
    [2007/08/27 18:08:27 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\BrfxD05a.dll
    [2007/08/27 18:08:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2007/08/27 18:05:08 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2006/12/19 16:21:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
    [2006/08/03 14:51:58 | 000,089,666 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
    [2005/12/19 14:49:45 | 000,000,248 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2005/03/11 10:42:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/12/16 15:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2004/12/16 15:06:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2004/12/16 12:06:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/12/16 11:23:29 | 000,000,013 | ---- | C] () -- C:\WINDOWS\cpicnv.INI
    [2004/12/16 11:23:29 | 000,000,009 | ---- | C] () -- C:\WINDOWS\ImgFax.INI
    [2004/12/16 11:21:30 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
    [2004/12/16 11:11:41 | 000,000,013 | ---- | C] () -- C:\WINDOWS\OemOut.ini
    [2004/12/16 10:59:34 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/12/15 04:50:43 | 000,004,361 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/11/25 17:51:38 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\Mcw32.dll
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/12/10 12:03:14 | 001,155,914 | ---- | C] () -- C:\WINDOWS\System32\drivers\btkrnl.sys
    [2002/12/09 14:07:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\btins.dll
    [2002/12/09 14:05:48 | 000,720,896 | ---- | C] () -- C:\WINDOWS\System32\BtWizard.dll
    [2002/12/09 11:23:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\BtXpShell.dll
    [2002/12/09 11:18:50 | 000,757,837 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll
    [2002/12/09 11:13:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll
    [2002/12/09 10:43:58 | 000,144,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\btwdndis.sys
    [2002/12/09 10:42:18 | 000,022,119 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
    [2002/12/09 10:41:56 | 000,222,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\btslbcsp.sys
    [2002/12/09 10:37:08 | 000,030,043 | ---- | C] () -- C:\WINDOWS\System32\drivers\btport.sys
    [2002/12/09 10:36:26 | 000,017,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\frmupgr.sys
    [2002/12/09 10:35:54 | 000,065,076 | ---- | C] () -- C:\WINDOWS\System32\drivers\btwusb.sys
    [2002/12/09 10:25:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\btsec.dll
    [2002/12/09 10:24:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
    [2002/12/09 10:24:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\btsendto_office.dll
    [2002/12/09 10:22:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\btsendto_notes.dll
    [2002/12/09 10:21:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\btosif_olx.dll
    [2002/12/09 10:20:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2002/12/09 10:20:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\bthcrpui.dll
    [2002/12/09 10:19:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\bthcrp.dll
    [2002/12/09 10:19:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\btsendto.dll
    [2002/12/09 10:18:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\btwpimif.dll
    [2002/12/09 10:18:24 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\btosif_ol.dll
    [2002/12/09 10:17:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\btosif_notes.dll
    [2002/12/09 10:17:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\btosif.dll
    [2002/12/09 10:16:40 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\WidcommSdk.dll
    [2002/12/09 10:14:58 | 000,368,701 | ---- | C] () -- C:\WINDOWS\System32\wbtapi.dll
    [2002/12/09 10:13:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\BtAudioHelper.dll
    [2002/12/09 10:12:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\BTXPPanel.dll
    [2002/12/09 10:12:34 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\btbigbmp.dll
    [2002/12/09 10:08:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\btdev.dll
    [2002/12/09 10:08:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bt2k_ins.dll
    [2002/12/09 10:08:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\BTNCopy.dll
    [2002/12/09 10:07:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\btrezxp.dll
    [2002/12/09 10:07:50 | 002,166,784 | ---- | C] () -- C:\WINDOWS\System32\btrez.dll
    [2002/12/09 10:06:28 | 000,021,701 | ---- | C] () -- C:\WINDOWS\System32\drivers\btaudio.sys
    [2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
    [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/12/19 15:16:52 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2004/12/15 09:57:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/03 08:02:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/03 14:26:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/07/21 21:39:30 | 000,360,894 | ---- | M] () -- C:\bootex.log
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/10/30 16:32:59 | 000,013,848 | ---- | M] () -- C:\ComboFix.txt
    [2004/12/15 09:57:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2001/08/23 08:00:00 | 001,556,020 | ---- | M] () -- C:\DEPLOY.CAB
    [2008/12/23 15:39:24 | 000,001,338 | ---- | M] () -- C:\devicetable.log
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2006/09/14 15:16:12 | 005,292,544 | ---- | M] () -- C:\fx3000Win2k_xp_printdriver.exe
    [2006/09/14 15:16:12 | 000,936,960 | ---- | M] () -- C:\fx3000winntprintdriver.exe
    [2006/09/14 15:16:14 | 003,769,856 | ---- | M] () -- C:\fx3000winxp64bitprintdriver.exe
    [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/10/30 15:12:59 | 1073,000,448 | -HS- | M] () -- C:\hiberfil.sys
    [2009/05/28 12:29:29 | 000,004,388 | ---- | M] () -- C:\hpCDE.log
    [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2004/12/15 09:57:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/07/21 10:47:11 | 000,000,512 | ---- | M] () -- C:\Mbr_Back_0.bin
    [2010/07/21 10:45:48 | 000,000,512 | ---- | M] () -- C:\mike.mbr
    [2004/12/15 09:57:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/12/16 10:35:29 | 002,213,906 | ---- | M] () -- C:\NAV9_Installation.log
    [2005/03/11 11:04:24 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/08/10 11:18:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/30 15:12:56 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2004/12/16 11:21:58 | 000,000,088 | ---- | M] () -- C:\pciv7bug.log
    [2009/07/24 16:20:00 | 000,049,192 | ---- | M] () -- C:\playground.log
    [2007/09/04 16:07:24 | 000,001,024 | ---- | M] () -- C:\rpOut.FPT
    [2007/09/04 15:43:56 | 008,157,049 | ---- | M] () -- C:\Rpshgo01.DBF
    [2007/09/04 15:43:56 | 003,704,896 | ---- | M] () -- C:\Rpshgo01.FPT
    [2005/03/11 10:37:46 | 004,153,196 | ---- | M] () -- C:\SCS2_Installation.log
    [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2004/08/05 16:52:25 | 278,927,592 | ---- | M] (Microsoft Corporation) -- C:\xpSP2_f8e85320da933bb0ec76a2ba3a2f7a8.exe

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/12/15 09:57:25 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/03/06 02:54:42 | 000,020,480 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DAproc.dll
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2004/03/22 18:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >
    [2004/12/16 12:43:03 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Crane Pumps & Systems HELPDESK.url
    [2004/12/16 12:43:41 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Crane Pumps & Systems INTERNET.url
    [2004/12/16 12:42:49 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Crane Pumps & Systems INTRANET.url
    [2004/12/16 12:43:25 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Microsoft Outlook Web Access - Logon.url
    [2004/12/16 10:43:15 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\MSN.com.url
    [2004/12/16 10:43:15 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Radio Station Guide.url

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/12/15 04:49:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/12/15 04:49:18 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/12/15 04:49:18 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/08/10 11:30:07 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/09/24 08:37:17 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\administrator.psi\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/12/16 10:43:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\administrator.psi\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/30 06:10:17 | 003,895,619 | R--- | M] () -- C:\Documents and Settings\administrator.psi\Desktop\ComboFix.exe
    [2010/07/23 19:22:35 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\administrator.psi\Desktop\mbam-setup-1.46.exe
    [2010/10/30 16:42:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.psi\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/09/24 08:37:17 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\administrator.psi\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2007/09/24 08:11:02 | 000,004,360 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/07/30 16:04:45 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\administrator.psi\Cookies\desktop.ini
    [2010/10/30 16:33:13 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\administrator.psi\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/20 13:32:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2003/03/31 08:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2003/03/31 08:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2003/03/31 08:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 12:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoUpdate" = 0
    "AUOptions" = 3
    "ScheduledInstallDay" = 0
    "ScheduledInstallTime" = 3
    "UseWUServer" = 1
    "RescheduleWaitTimeEnabled" = 1
    "RescheduleWaitTime" = 5
    "NoAutoRebootWithLoggedOnUsers" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056

    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You didn't say:
     
  21. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    I don't know how to answer that as I have not been doing anything but following your instructions and keeping it offline. But If you are saying it is clean it must be doing great!! My original complaint was that this computer was being used by our payroll and accounting person and I had over 200 active connections sending data to the web. NOT good. So are you saying this Unit is clean?
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    We're not done yet.
    I just wanted to know, if you're experiencing any current issues.

    I still need to go through your OTL log.
    Hold on there...
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Key error. (QuickTime Object)
      @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. Guanadon

    Guanadon TS Rookie Topic Starter Posts: 18

    Now that I have run TFC I cannot connect to the internet. can not run ESET

    LOGS:

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:687D1056 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: administrator.psi
    ->Temp folder emptied: 10098966 bytes
    ->Temporary Internet Files folder emptied: 440288 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 32002407 bytes
    ->Flash cache emptied: 722 bytes

    User: ADMINI~1~PSI

    User: adm_crismiller
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: cps-osinstall
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: cps-warrenadmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: dcsomos
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: emcarter
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: osinstall
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: scriptlogicuser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: tmvaughn1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: tvaughn
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 4919971 bytes
    ->Flash cache emptied: 722 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1010063 bytes

    Total Files Cleaned = 46.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: administrator.psi
    ->Flash cache emptied: 0 bytes

    User: ADMINI~1~PSI

    User: adm_crismiller

    User: All Users

    User: cps-osinstall

    User: cps-warrenadmin

    User: dcsomos

    User: Default User

    User: emcarter

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: osinstall

    User: scriptlogicuser

    User: tmvaughn1
    ->Flash cache emptied: 0 bytes

    User: tvaughn
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.1 log created on 10302010_175255

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    Symantec Endpoint Protection Client
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner (remove only)
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.0
    Mozilla Firefox (3.6.11) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    TFC couldn't break your internet connection.

    Try to restart computer and let me know.
    Are you posting from some other computer?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...