redirect with all and computer locks

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved redirect with all and computer locks

Post by bigpun111 on Wed 07 Jul 2010, 11:38 am

Two weeks ago my IE8 started redirecting ad sights on google,msn & yahoo. I uninstalled IE8 and installed firefox and after 1st search, it started doing the same thing. The computer would start slowing in the responses, then would fail to open anyprograms even though the "hourglass" would show. The start window open but wouldnt shut down so I had to hard boot it. After re-start it would open prgrams for a little and the search would work on the 1st try then everything repeats its self. Malwarebytes nor my antivirus are showing anything now but when 1st started the a/v was stopping some trojan alot but now nothing shows. I included hijackthis,OTL and the extra files, thank you.

OTL logfile created on: 7/6/2010 5:51:52 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Donnie Thibodeaux\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 19.07 Gb Total Space | 3.77 Gb Free Space | 19.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 149.05 Gb Total Space | 121.79 Gb Free Space | 81.71% Space Free | Partition Type: NTFS
Drive K: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 483.56 Mb Total Space | 63.58 Mb Free Space | 13.15% Space Free | Partition Type: FAT

Computer Name: THIBODEAUX
Current User Name: Donnie Thibodeaux
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/04 21:41:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\OTL.exe
PRC - [2010/06/29 23:16:25 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/06/23 20:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 20:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 10:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 10:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 10:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\inetsrv\inetinfo.exe
PRC - [2003/07/08 03:44:40 | 000,581,632 | ---- | M] () -- C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
PRC - [2001/08/23 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/07/04 21:41:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\snmp.exe -- (SNMP)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/06/23 20:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 20:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 20:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 10:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 10:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 10:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 13:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/08/04 01:56:58 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/08/04 01:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2004/08/04 01:56:44 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)
SRV - [2001/08/23 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2001/08/23 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\Capt9080.sys -- (SQTECH9080) MegaCam(PID_9080_00)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINNT\System32\DRIVERS\parallel.sys -- (Parallel)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\atimtag.sys -- (atimtag)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDS300\cds300.dll -- (959b9316-5b8b-4312-9d5d-fe5682ba0673)
DRV - [2010/05/28 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/17 03:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100702.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/17 03:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100702.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2006/10/17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2006/05/03 11:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/20 16:47:43 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2005/09/05 09:39:22 | 000,040,576 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005/08/19 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/05/13 20:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 13:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 13:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 21:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 21:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/10/05 17:54:00 | 000,009,038 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\viausb.sys -- (viafilter)
DRV - [2004/08/04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/09/19 14:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/19 14:05:04 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/05/27 16:45:06 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\vsp.sys -- (Vsp)
DRV - [2003/01/09 21:32:30 | 000,069,472 | R--- | M] (VIA Technologies, INC.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2001/10/18 13:00:00 | 000,006,234 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\viaide.sys -- (viaide)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

FF - HKLM\software\mozilla\Firefox\Extensions\\{B61CC04C-26B0-4352-AD61-6158D7A71223}: C:\Documents and Settings\Donnie Thibodeaux\Local Settings\Application Data\{B61CC04C-26B0-4352-AD61-6158D7A71223} [2010/06/23 23:09:22 | 000,000,000 | ---D | M]

[2010/07/04 15:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\Mozilla\Extensions
[2009/07/08 16:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/07/04 15:24:26 | 000,000,734 | R--- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\WINNT\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VTTimer] File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([[You must be registered and logged in to see this link.] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Donnie Thibodeaux\My Documents\Unzipped\south park theme\Southpark\SouthPark wp.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/20 11:58:39 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/04 16:02:54 | 000,000,279 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{84536091-782f-11dc-9c61-0013d3984210}\Shell - "" = AutoRun
O33 - MountPoints2\{84536091-782f-11dc-9c61-0013d3984210}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84536091-782f-11dc-9c61-0013d3984210}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2006/09/19 20:00:25 | 001,114,112 | R--- | M] ()
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2006/09/19 20:00:25 | 001,114,112 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINNT\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "LightScribeService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: RaidTool - hkey= - key= - C:\Program Files\VIA\RAID\raid_tool.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NBF - Service
SafeBootNet: nbf.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sglfb.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tga.sys - File not found
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINNT\System32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{adefa1b9-1ff9-4bcf-b12a-1a25a0617db0} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.divxa32 - C:\WINNT\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINNT\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINNT\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\WINNT\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.HFYU - C:\WINNT\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.MP42 - C:\WINNT\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINNT\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 17:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\otl inst
[2010/07/06 17:45:42 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/07/06 17:45:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\OTL.exe
[2010/07/02 16:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Downloads
[2010/07/01 05:19:34 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\setup-spybotsd162.exe
[2010/07/01 05:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/07/01 05:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/07/01 05:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/07/01 05:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/06/30 16:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/30 02:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/29 23:33:44 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINNT\PCTBDCore.dll.old
[2010/06/29 23:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/29 23:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/29 21:27:19 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\ATF-Cleaner.exe
[2010/06/29 21:27:12 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\HJTInstall.exe
[2010/06/29 21:27:00 | 010,341,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\windows-kb890830-v3.8.exe
[2010/06/28 06:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/27 15:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\mozilla install
[2010/06/25 04:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/23 23:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/23 23:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/21 13:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/21 13:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/21 13:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/20 16:57:42 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
[2010/06/10 00:03:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\iedvtool.dll
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[5 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/06 17:46:11 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\NTUSER.DAT
[2010/07/06 17:41:05 | 000,000,908 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/06 14:41:00 | 000,000,904 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/06 04:48:23 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Logfile of Trend Micro HijackThis v1.doc
[2010/07/05 13:12:01 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/07/04 21:48:40 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/07/04 21:41:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\OTL.exe
[2010/07/04 15:52:49 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/07/04 15:52:26 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/07/04 15:50:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\ntuser.ini
[2010/07/04 15:24:26 | 000,000,734 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/07/04 15:02:46 | 000,610,926 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/07/04 15:02:46 | 000,506,430 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/07/04 15:02:46 | 000,093,244 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/07/04 15:02:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/04 13:19:12 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/07/01 15:53:34 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\Spybot - Search & Destroy.lnk
[2010/07/01 05:38:48 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 05:20:27 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\setup-spybotsd162.exe
[2010/06/30 02:25:03 | 000,004,819 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/06/30 02:18:15 | 000,000,000 | ---- | M] () -- C:\WINNT\nsreg.dat
[2010/06/29 23:36:32 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\Weapons Log as of 04.doc
[2010/06/29 23:18:27 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Logfile of Trend Micro HijackThis v2.doc
[2010/06/29 23:16:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\HijackThis.lnk
[2010/06/29 21:14:58 | 010,341,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\windows-kb890830-v3.8.exe
[2010/06/29 20:19:02 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\ATF-Cleaner.exe
[2010/06/29 20:18:06 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\HJTInstall.exe
[2010/06/25 04:07:09 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2010/06/24 06:24:54 | 000,000,000 | ---- | M] () -- C:\WINNT\Pdijetozunes.bin
[2010/06/23 23:17:29 | 000,002,531 | ---- | M] () -- C:\WINNT\uhoramiyaparo.dll
[2010/06/23 23:09:23 | 000,000,120 | ---- | M] () -- C:\WINNT\Dzazumofutoc.dat
[2010/06/21 14:01:12 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/20 16:57:42 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
[2010/06/20 16:57:41 | 000,226,728 | ---- | M] (Coupons, Inc.) -- C:\WINNT\System32\cpnprt2.cid
[2010/06/11 04:47:29 | 000,357,752 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[5 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 04:48:22 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Logfile of Trend Micro HijackThis v1.doc
[2010/07/04 15:02:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/01 15:53:34 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\Spybot - Search & Destroy.lnk
[2010/06/30 02:18:15 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2010/06/29 23:33:45 | 000,767,952 | ---- | C] () -- C:\WINNT\BDTSupport.dll.old
[2010/06/29 23:18:26 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Logfile of Trend Micro HijackThis v2.doc
[2010/06/29 23:16:27 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\HijackThis.lnk
[2010/06/25 04:07:09 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2010/06/23 23:17:28 | 000,002,531 | ---- | C] () -- C:\WINNT\uhoramiyaparo.dll
[2010/06/23 23:09:23 | 000,000,120 | ---- | C] () -- C:\WINNT\Dzazumofutoc.dat
[2010/06/23 23:09:23 | 000,000,000 | ---- | C] () -- C:\WINNT\Pdijetozunes.bin
[2010/06/21 14:01:12 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/19 20:41:45 | 000,040,576 | ---- | C] () -- C:\WINNT\System32\drivers\sdcplh.sys
[2008/06/25 22:07:31 | 000,003,351 | ---- | C] () -- C:\WINNT\System32\drivers\vsp.sys
[2008/06/18 19:00:26 | 000,077,824 | R--- | C] () -- C:\WINNT\System32\HPZIDS01.dll
[2008/06/18 18:59:57 | 000,000,161 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2008/06/18 18:58:40 | 000,000,737 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
[2008/06/11 16:07:52 | 000,003,654 | ---- | C] () -- C:\WINNT\System32\drivers\Sonyhcp.dll
[2007/11/26 14:13:19 | 000,000,031 | -H-- | C] () -- C:\WINNT\uccspecc.sys
[2006/12/08 23:31:59 | 000,021,840 | ---- | C] () -- C:\WINNT\System32\SIntfNT.dll
[2006/12/08 23:31:59 | 000,017,212 | ---- | C] () -- C:\WINNT\System32\SIntf32.dll
[2006/12/08 23:31:59 | 000,012,067 | ---- | C] () -- C:\WINNT\System32\SIntf16.dll
[2006/12/08 23:14:58 | 000,000,025 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2006/11/18 21:01:31 | 000,021,791 | ---- | C] () -- C:\WINNT\System32\smtpctrs.ini
[2006/11/18 21:01:30 | 000,001,037 | ---- | C] () -- C:\WINNT\System32\ntfsdrct.ini
[2006/11/18 21:00:53 | 000,038,576 | ---- | C] () -- C:\WINNT\System32\w3ctrs.ini
[2006/11/18 21:00:53 | 000,010,225 | ---- | C] () -- C:\WINNT\System32\axperf.ini
[2006/11/18 21:00:52 | 000,011,435 | ---- | C] () -- C:\WINNT\System32\infoctrs.ini
[2006/09/04 16:02:40 | 000,314,880 | ---- | C] () -- C:\WINNT\System32\Tx32.dll
[2006/08/20 05:16:34 | 000,196,608 | ---- | C] () -- C:\WINNT\System32\avisynth.dll
[2006/08/11 03:14:23 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2006/05/05 16:22:02 | 000,000,116 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2006/04/25 20:07:36 | 000,000,552 | ---- | C] () -- C:\WINNT\WM7.INI
[2006/03/15 18:26:45 | 000,000,000 | ---- | C] () -- C:\WINNT\vpc32.INI
[2006/03/15 07:15:59 | 000,028,672 | R--- | C] () -- C:\WINNT\System32\cmirmdrv.dll
[2006/03/15 02:21:53 | 000,032,768 | ---- | C] () -- C:\WINNT\System32\UnAudioNT.dll
[2006/03/11 13:31:06 | 000,000,020 | ---- | C] () -- C:\WINNT\Hposcv07.INI
[2006/01/20 13:47:35 | 000,382,159 | ---- | C] () -- C:\WINNT\System32\BOCOLE.DLL
[2006/01/20 13:47:35 | 000,319,696 | ---- | C] () -- C:\WINNT\System32\BOCOF.DLL
[2006/01/20 13:38:13 | 000,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI
[2004/09/17 18:37:42 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\vuins32.dll
[2001/08/17 17:36:28 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[1999/12/07 07:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 01:56:44 | 001,392,671 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\msvbvm60.dll
[5 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[5 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/14 21:03:05 | 000,524,288 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2006/03/15 02:53:29 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\config\security.sav
[2006/03/14 21:03:05 | 019,398,656 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2006/03/14 21:03:06 | 003,670,016 | ---- | M] () -- C:\WINNT\system32\config\system.sav

cont...

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved cont...

Post by bigpun111 on Wed 07 Jul 2010, 11:40 am

< %systemroot%\system32\*.sys >
[2001/08/23 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINNT\system32\ansi.sys
[2001/09/14 22:05:38 | 000,004,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINNT\system32\atiicdxx.sys
[2001/08/23 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINNT\system32\country.sys
[2001/08/23 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINNT\system32\himem.sys
[2001/08/23 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINNT\system32\key01.sys
[2004/08/03 23:46:56 | 000,042,537 | ---- | M] () -- C:\WINNT\system32\keyboard.sys
[2001/08/23 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINNT\system32\ntdos.sys
[2001/08/23 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINNT\system32\ntdos404.sys
[2001/08/23 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINNT\system32\ntdos411.sys
[2001/08/23 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINNT\system32\ntdos412.sys
[2001/08/23 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINNT\system32\ntdos804.sys
[2004/08/03 23:45:10 | 000,033,840 | ---- | M] () -- C:\WINNT\system32\ntio.sys
[2004/08/03 23:45:16 | 000,034,560 | ---- | M] () -- C:\WINNT\system32\ntio404.sys
[2004/08/03 23:45:12 | 000,035,648 | ---- | M] () -- C:\WINNT\system32\ntio411.sys
[2004/08/03 23:45:16 | 000,035,424 | ---- | M] () -- C:\WINNT\system32\ntio412.sys
[2004/08/03 23:45:14 | 000,034,560 | ---- | M] () -- C:\WINNT\system32\ntio804.sys
[2004/08/04 00:07:34 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\watchdog.sys
[2010/05/02 00:56:34 | 001,850,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\win32k.sys
[5 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2004/08/04 01:56:42 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\adv01nt5.dll
[2004/08/04 01:56:42 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\adv02nt5.dll
[2004/08/04 01:56:42 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\adv05nt5.dll
[2004/08/04 01:56:42 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\adv07nt5.dll
[2004/08/04 01:56:42 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\adv08nt5.dll
[2004/08/04 01:56:42 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\adv09nt5.dll
[2004/08/04 01:56:42 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\adv11nt5.dll
[2006/05/03 11:10:34 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINNT\system32\drivers\ati2erec.dll
[2004/08/04 01:56:42 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\atv01nt5.dll
[2004/08/04 01:56:42 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\atv02nt5.dll
[2004/08/04 01:56:42 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\atv04nt5.dll
[2004/08/04 01:56:42 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\atv06nt5.dll
[2004/08/04 01:56:42 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\atv10nt5.dll
[2004/08/04 01:56:42 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\ch7xxnt5.dll
[2004/08/04 01:56:46 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\siint5.dll
[2006/10/30 13:46:02 | 000,003,654 | ---- | M] () -- C:\WINNT\system32\drivers\Sonyhcp.dll
[2004/08/04 01:56:48 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINNT\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/01/20 11:58:39 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2006/11/19 01:48:52 | 000,001,225 | ---- | M] () -- C:\baseclasses.log
[2009/06/04 14:58:53 | 000,000,207 | RHS- | M] () -- C:\boot.ini
[2006/01/20 11:58:39 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/11/01 02:12:55 | 000,000,041 | ---- | M] () -- C:\DVDPATH.TXT
[2006/01/20 11:58:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/04 20:39:30 | 000,031,692 | ---- | M] () -- C:\LU4.log
[2008/02/28 18:56:47 | 000,000,100 | ---- | M] () -- C:\lxcr.log
[2008/02/28 18:56:46 | 000,001,351 | ---- | M] () -- C:\lxcrscan.log
[2010/05/24 09:11:01 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/06/26 04:56:27 | 000,008,055 | ---- | M] () -- C:\mombi.log
[2006/01/20 11:58:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 17:47:02 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/03/15 17:47:02 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/04 15:51:59 | 803,209,216 | -HS- | M] () -- C:\pagefile.sys
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %PROGRAMFILES%\*. >
[2007/10/11 14:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2010/02/17 19:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/12/16 03:26:53 | 000,000,000 | ---D | M] -- C:\Program Files\ahead
[2009/12/28 18:29:11 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/06/04 19:30:11 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/03/13 12:35:36 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2006/03/15 17:22:41 | 000,000,000 | ---D | M] -- C:\Program Files\Bhelpuri
[2010/06/21 13:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/01/20 13:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Borland
[2010/06/30 02:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/06/20 16:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2006/12/16 03:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2006/01/20 13:14:21 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2006/08/20 05:16:33 | 000,000,000 | ---D | M] -- C:\Program Files\DivXCodec
[2010/07/01 05:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/05/28 13:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/08/20 05:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\GordianKnot
[2008/06/18 19:02:43 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/06/19 23:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/04/30 11:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2006/11/19 15:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\inKline Global
[2010/06/04 19:30:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/11/19 15:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/06/10 14:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/21 13:59:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2007/02/08 23:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/06/21 14:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/04/14 13:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/04/30 12:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/02/28 18:29:52 | 000,000,000 | ---D | M] -- C:\Program Files\lx_cats
[2010/05/24 09:11:00 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/15 15:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/01/20 13:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/14 18:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/19 14:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/05/15 18:57:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/01 05:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/03/11 06:21:54 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/04 15:02:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/13 04:32:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/05/15 18:56:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/06/04 20:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSI
[2006/03/12 14:50:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Apps
[2006/11/19 14:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
[2008/06/19 23:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/13 04:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/02/28 16:52:21 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2010/02/28 16:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2006/03/15 17:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/16 19:53:54 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/11/01 01:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\PCPitstop
[2008/06/19 23:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\PhoTags Express
[2008/03/19 15:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/03/31 18:19:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/13 04:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/09/04 21:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\ResumeMaker
[2010/07/01 05:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/06/04 20:38:46 | 000,000,000 | ---D | M] -- C:\Program Files\Setup Files
[2008/06/11 16:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/07/01 15:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/30 02:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2006/03/15 18:24:14 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/07/04 15:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2010/07/01 05:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/02/22 17:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\ToGo Game
[2010/06/29 23:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/01/20 16:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2006/03/15 17:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2008/06/25 22:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\VIA Technologies, Inc
[2006/03/15 02:21:47 | 000,000,000 | ---D | M] -- C:\Program Files\VIAudioi
[2006/04/25 20:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\WillMaker 7
[2010/03/19 21:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2006/12/06 17:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/06/27 15:47:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/11/01 01:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2006/11/19 14:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/03/19 15:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Zone.Com Deluxe Games

< %appdata%\*.* >
[2009/10/28 13:16:23 | 000,102,088 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\GDIPFONTCACHEV1.DAT


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\dllcache\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 23:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINNT\ServicePackFiles\i386\disk.sys
[2004/08/03 23:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINNT\system32\drivers\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys
[2001/08/23 07:00:00 | 000,033,664 | ---- | M] (Microsoft Corporation) MD5=43A10CD19D648E57ED039A6CAA667A56 -- C:\WINNT\$NtServicePackUninstall$\disk.sys

< MD5 for: EVENTLOG.DLL >
[2003/06/19 14:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\eventlog.dll
[2001/08/23 07:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2003/06/19 14:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINNT\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp2qfe\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\netlogon.dll
[2001/08/23 07:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\scecli.dll
[2001/08/23 07:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2003/06/19 14:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2001/08/23 07:00:00 | 000,021,760 | ---- | M] (Microsoft Corporation) MD5=694F2B90124EB086C38C18DA97A13E48 -- C:\WINNT\$NtServicePackUninstall$\usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINNT\ServicePackFiles\i386\usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINNT\system32\drivers\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usbstor.sys

< MD5 for: VIAMRAID.SYS >
[2004/07/06 09:45:42 | 000,060,672 | R--- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\WINNT\system32\ReinstallBackups\0009\DriverFiles\viamraid.sys
[2006/11/08 14:25:24 | 000,116,688 | ---- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Program Files\Setup Files\VIA Chipset Drivers v5.07A\drvdisk\i386\NT4\viamraid.sys
[2006/11/08 14:25:24 | 000,116,688 | ---- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Program Files\Setup Files\VIA Chipset Drivers v5.07A\VIARaid\DRIVER\Raid\winnt40\viamraid.sys
[2006/11/08 14:25:24 | 000,116,688 | ---- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Program Files\VIA\Setup\viaraid\DRIVER\Raid\winnt40\viamraid.sys
[2010/02/22 16:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\VIA Tech drivers\driver for sata control\viamraid.sys
[2010/02/22 16:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\WINNT\system32\drivers\viamraid.sys
[2006/11/08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Program Files\Setup Files\VIA Chipset Drivers v5.07A\drvdisk\i386\NT5\viamraid.sys
[2006/11/08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Program Files\Setup Files\VIA Chipset Drivers v5.07A\VIARaid\DRIVER\Raid\winxp\viamraid.sys
[2006/11/08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Program Files\VIA\Setup\viaraid\DRIVER\Raid\winxp\viamraid.sys
[2006/11/08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\WINNT\system32\DRVSTORE\viamraid_0B7BD2CE86023D524D8509B41571686ECF13C39F\viamraid.sys
[2006/11/08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\WINNT\system32\ReinstallBackups\0012\DriverFiles\viamraid.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 19:45:41

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:42 PM, on 7/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\System32\tcpsvcs.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINNT\System32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINNT\System32\mscoree.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9068 bytes

OTL Extras logfile created on: 7/6/2010 5:51:52 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Donnie Thibodeaux\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 19.07 Gb Total Space | 3.77 Gb Free Space | 19.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 149.05 Gb Total Space | 121.79 Gb Free Space | 81.71% Space Free | Partition Type: NTFS
Drive K: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 483.56 Mb Total Space | 63.58 Mb Free Space | 13.15% Space Free | Partition Type: FAT

Computer Name: THIBODEAUX
Current User Name: Donnie Thibodeaux
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Sierra\Empire Earth\Empire Earth.exe" = C:\Sierra\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth -- File not found
"C:\WINNT\system32\lxcrcoms.exe" = C:\WINNT\system32\lxcrcoms.exe:*:Enabled:Lexmark Communications System -- File not found
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\MSI\i-Speeder\i-Speeder.exe" = C:\Program Files\MSI\i-Speeder\i-Speeder.exe:*:Enabled:i-Speeder -- (Micro-Star International Co.,Ltd.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}" = Trixie
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}" = LS_HSI
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivXCodec" = DivX Codec 3.1alpha release
"DMI Browser" = DMI Browse
"FTE32" = FormTool Express
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfoView" = InfoView
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"i-Speeder" = i-Speeder
"LimeWire" = LimeWire 5.5.7
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ResumeMaker" = ResumeMaker
"Switch" = Switch Sound File Converter
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WillMaker 7" = WillMaker 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"WMIinfo" = WMIinfo
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2010 9:41:05 AM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 10:41:05 AM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 11:41:05 AM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 12:41:05 PM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 1:41:05 PM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 2:41:05 PM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 3:41:05 PM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 4:41:05 PM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 5:41:05 PM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

Error - 7/6/2010 6:41:05 PM | Computer Name = THIBODEAUX | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 7/4/2010 4:52:59 PM | Computer Name = THIBODEAUX | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/4/2010 4:54:17 PM | Computer Name = THIBODEAUX | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 7/4/2010 4:54:17 PM | Computer Name = THIBODEAUX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service
to connect.

Error - 7/6/2010 2:22:40 PM | Computer Name = THIBODEAUX | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/6/2010 6:44:31 PM | Computer Name = THIBODEAUX | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer
Micro USB Device.

Error - 7/6/2010 6:44:31 PM | Computer Name = THIBODEAUX | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer
Micro USB Device.

Error - 7/6/2010 6:44:33 PM | Computer Name = THIBODEAUX | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer
Micro USB Device.

Error - 7/6/2010 6:44:34 PM | Computer Name = THIBODEAUX | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer
Micro USB Device.

Error - 7/6/2010 6:52:07 PM | Computer Name = THIBODEAUX | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/6/2010 6:52:07 PM | Computer Name = THIBODEAUX | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >



bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by Belahzur on Wed 07 Jul 2010, 11:42 am

Hello.
Three things for you to do.

1.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.



2.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



3.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    [2010/06/24 06:24:54 | 000,000,000 | ---- | M] () -- C:\WINNT\Pdijetozunes.bin
    [2010/06/23 23:17:29 | 000,002,531 | ---- | M] () -- C:\WINNT\uhoramiyaparo.dll
    [2010/06/23 23:09:23 | 000,000,120 | ---- | M] () -- C:\WINNT\Dzazumofutoc.dat



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Thu 08 Jul 2010, 3:03 pm

I had already remove both proxy settings and removed firefox because i thought it was a problem with IE8, but I did double check and ran the Goored fix. Here is the otl log yoy requested requested. Thank you!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
C:\WINNT\Pdijetozunes.bin moved successfully.
C:\WINNT\uhoramiyaparo.dll moved successfully.
C:\WINNT\Dzazumofutoc.dat moved successfully.

OTL by OldTimer - Version 3.2.7.1 log created on 07072010_225510

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by Belahzur on Fri 09 Jul 2010, 1:49 am

Please post the Gooredfix log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved sorry, here it is

Post by bigpun111 on Fri 09 Jul 2010, 11:00 am

I dont know that it matters but i have been running all these with my internet unplugged (didnt want the virus doing more damage or take over) actually about a week.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:56 on 07/07/2010 (Donnie Thibodeaux)
Firefox version [Unable to determine]

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{B61CC04C-26B0-4352-AD61-6158D7A71223} -> Success!
Deleting C:\Documents and Settings\Donnie Thibodeaux\Local Settings\Application Data\{B61CC04C-26B0-4352-AD61-6158D7A71223} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [09:34 13/08/2009]

-=E.O.F=-

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Tue 13 Jul 2010, 2:11 pm

"bump"

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by Belahzur on Wed 14 Jul 2010, 9:06 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Thu 15 Jul 2010, 1:42 pm

Hi... here is the combofix log-
ComboFix 10-07-13.02 - Donnie Thibodeaux 07/14/2010 20:39:52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1111 [GMT -5:00]
Running from: c:\documents and settings\Donnie Thibodeaux\Desktop\Tools\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\Cache
c:\winnt\Web\default.htt
c:\winnt\xpsp1hfm.log

Infected copy of c:\winnt\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_IAS
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-08 03:55 . 2010-07-08 03:55 -------- d-----w- C:\_OTL
2010-07-01 10:19 . 2010-07-01 10:19 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-07-01 10:19 . 2010-07-01 10:19 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-07-01 10:19 . 2010-07-01 10:19 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-01 10:19 . 2010-07-01 10:19 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-06-30 07:18 . 2010-06-30 07:18 0 ----a-w- c:\winnt\nsreg.dat
2010-06-30 07:18 . 2010-06-30 07:18 -------- d-----w- c:\documents and settings\Donnie Thibodeaux\Local Settings\Application Data\Mozilla
2010-06-30 04:54 . 2010-06-30 04:54 -------- d-sh--w- c:\winnt\system32\config\systemprofile\IETldCache
2010-06-30 04:53 . 2010-06-30 04:53 -------- d-----w- c:\documents and settings\Donnie Thibodeaux\Local Settings\Application Data\Threat Expert
2010-06-30 04:29 . 2010-06-30 07:02 -------- d-----w- c:\program files\Spyware Doctor
2010-06-30 04:16 . 2010-06-30 04:16 -------- d-----w- c:\program files\Trend Micro
2010-06-28 11:19 . 2010-06-28 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-25 09:07 . 2010-06-25 09:07 664 ----a-w- c:\winnt\system32\d3d9caps.dat
2010-06-25 09:07 . 2010-06-25 09:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-06-24 04:07 . 2010-06-24 11:18 -------- d-----w- c:\documents and settings\Donnie Thibodeaux\Local Settings\Application Data\mounetcjh
2010-06-24 04:07 . 2010-06-24 04:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-21 18:59 . 2010-06-21 18:59 -------- d-----w- c:\program files\iPod
2010-06-21 18:59 . 2010-06-21 19:01 -------- d-----w- c:\program files\iTunes
2010-06-21 18:54 . 2010-06-21 18:54 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 01:55 . 2006-03-15 23:23 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-02 19:56 . 2006-01-20 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-01 20:58 . 2006-01-20 22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-30 06:59 . 2010-03-13 03:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-21 18:59 . 2009-12-28 23:27 -------- d-----w- c:\program files\Common Files\Apple
2010-06-21 18:49 . 2010-06-21 18:49 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-20 21:57 . 2007-11-26 19:13 -------- d-----w- c:\program files\Coupons
2010-06-05 01:38 . 2006-03-22 00:47 -------- d-----w- c:\program files\Setup Files
2010-06-05 01:15 . 2006-03-22 00:45 -------- d-----w- c:\program files\MSI
2010-06-05 00:30 . 2010-06-05 00:30 -------- d-----w- c:\program files\ATI Technologies
2010-06-05 00:30 . 2006-01-20 18:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 18:32 . 2006-04-23 21:31 -------- d-----w- c:\program files\Google
2010-05-24 14:11 . 2010-03-13 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\winnt\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\winnt\system32\dns-sd.exe
2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-05-02 05:56 . 2001-08-23 12:00 1850880 ----a-w- c:\winnt\system32\win32k.sys
2010-04-29 20:39 . 2010-03-13 21:15 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-03-13 21:15 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-04-20 05:51 . 2001-08-23 12:00 285696 ----a-w- c:\winnt\system32\atmfd.dll
2010-04-20 01:47 . 2009-12-28 23:28 3062048 ----a-w- c:\winnt\system32\usbaaplrc.dll
2010-04-20 01:47 . 2009-12-28 23:28 41984 ----a-w- c:\winnt\system32\drivers\usbaapl.sys
2006-01-20 16:57 . 2006-01-20 16:57 21952 -c-h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"Synchronization Manager"="mobsync.exe" [2004-08-04 143360]
"NeroCheck"="c:\winnt\System32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-6-25 581632]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AudioDeck.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk
backup=c:\winnt\pss\AudioDeck.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\winnt\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2006-12-28 21:09 4579328 -c--a-w- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 09:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINNT\\system32\\mqsvc.exe"=
"c:\\WINNT\\system32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [7/2/2010 8:01 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 1:31 PM 136176]
S3 959b9316-5b8b-4312-9d5d-fe5682ba0673;959b9316-5b8b-4312-9d5d-fe5682ba0673;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [6/4/2010 8:23 PM 9216]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [12/7/1999 7:00 AM 24784]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [3/15/2006 5:27 PM 69472]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [3/15/2006 2:11 AM 9038]
S3 Vsp;Vsp;c:\winnt\system32\drivers\vsp.sys [6/25/2008 10:07 PM 3351]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-15 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 18:30]

2010-07-14 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 18:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\winnt\System32\mscoree.DLL
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\[You must be registered and logged in to see this link.]
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Nero\data\Xtras\mssysmgr.exe
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
HKLM-Run-VTTimer - VTTimer.exe
HKLM-Run-Share-to-Web Namespace Daemon - c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HKLM-Run-InCD - c:\program files\ahead\InCD\InCD.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
AddRemove-HijackThis - L:\HijackThis.exe
AddRemove-VIA Audio Driver Setup Program - c:\program files\VIA Technologies



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-14 20:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\winnt\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1904)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\winnt\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\winnt\system32\inetsrv\inetinfo.exe
c:\winnt\System32\msdtc.exe
c:\winnt\system32\HPZipm12.exe
c:\winnt\System32\tcpsvcs.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\winnt\system32\mqsvc.exe
c:\winnt\system32\mqtgsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\winnt\System32\logon.scr
.
**************************************************************************
.
Completion time: 2010-07-14 21:01:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-15 02:01

Pre-Run: 3,929,718,784 bytes free
Post-Run: 3,977,240,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F7544B81805D898202572A37469CDE60

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by Belahzur on Fri 16 Jul 2010, 4:51 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Fri 16 Jul 2010, 12:19 pm

Hello there, here is the log-
ComboFix 10-07-15.01 - Donnie Thibodeaux 07/15/2010 19:57:37.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.910 [GMT -5:00]
Running from: c:\documents and settings\Donnie Thibodeaux\Desktop\Tools\Combofix\Combo-Fix.exe
Command switches used :: c:\documents and settings\Donnie Thibodeaux\Desktop\CFscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-16 00:32 . 2010-07-16 00:32 -------- d-----w- c:\program files\DIFX
2010-07-16 00:32 . 2010-07-16 00:33 -------- d-----w- c:\winnt\LastGood
2010-07-16 00:32 . 2009-11-11 21:59 197952 ----a-w- c:\winnt\system32\FTLang.dll
2010-07-16 00:32 . 2009-11-11 21:59 57800 ----a-w- c:\winnt\system32\drivers\ftdibus.sys
2010-07-16 00:32 . 2009-11-11 21:59 206144 ----a-w- c:\winnt\system32\ftd2xx.dll
2010-07-16 00:32 . 2009-11-11 21:59 120136 ----a-w- c:\winnt\system32\ftbusui.dll
2010-07-16 00:32 . 2010-07-16 00:37 -------- d-----w- c:\program files\Superchips Easy Update
2010-07-16 00:31 . 2010-07-16 00:31 -------- d-----w- c:\documents and settings\Donnie Thibodeaux\Local Settings\Application Data\Downloaded Installations
2010-07-08 03:55 . 2010-07-08 03:55 -------- d-----w- C:\_OTL
2010-07-01 10:19 . 2010-07-01 10:19 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-07-01 10:19 . 2010-07-01 10:19 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-07-01 10:19 . 2010-07-01 10:19 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-01 10:19 . 2010-07-01 10:19 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-06-30 07:18 . 2010-06-30 07:18 0 ----a-w- c:\winnt\nsreg.dat
2010-06-30 07:18 . 2010-06-30 07:18 -------- d-----w- c:\documents and settings\Donnie Thibodeaux\Local Settings\Application Data\Mozilla
2010-06-30 04:54 . 2010-06-30 04:54 -------- d-sh--w- c:\winnt\system32\config\systemprofile\IETldCache
2010-06-30 04:53 . 2010-06-30 04:53 -------- d-----w- c:\documents and settings\Donnie Thibodeaux\Local Settings\Application Data\Threat Expert
2010-06-30 04:29 . 2010-06-30 07:02 -------- d-----w- c:\program files\Spyware Doctor
2010-06-30 04:16 . 2010-06-30 04:16 -------- d-----w- c:\program files\Trend Micro
2010-06-28 11:19 . 2010-06-28 11:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-25 09:07 . 2010-06-25 09:07 664 ----a-w- c:\winnt\system32\d3d9caps.dat
2010-06-25 09:07 . 2010-06-25 09:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-06-24 04:07 . 2010-06-24 11:18 -------- d-----w- c:\documents and settings\Donnie Thibodeaux\Local Settings\Application Data\mounetcjh
2010-06-24 04:07 . 2010-06-24 04:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-21 18:59 . 2010-06-21 18:59 -------- d-----w- c:\program files\iPod
2010-06-21 18:59 . 2010-06-21 19:01 -------- d-----w- c:\program files\iTunes
2010-06-21 18:54 . 2010-06-21 18:54 -------- d-----w- c:\program files\Bonjour
2010-06-21 18:49 . 2010-06-21 18:49 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 00:52 . 2006-03-15 23:23 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-02 19:56 . 2006-01-20 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-01 20:58 . 2006-01-20 22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-30 06:59 . 2010-03-13 03:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-21 18:59 . 2009-12-28 23:27 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 21:57 . 2007-11-26 19:13 -------- d-----w- c:\program files\Coupons
2010-06-05 01:38 . 2006-03-22 00:47 -------- d-----w- c:\program files\Setup Files
2010-06-05 01:15 . 2006-03-22 00:45 -------- d-----w- c:\program files\MSI
2010-06-05 00:30 . 2010-06-05 00:30 -------- d-----w- c:\program files\ATI Technologies
2010-06-05 00:30 . 2006-01-20 18:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 18:32 . 2006-04-23 21:31 -------- d-----w- c:\program files\Google
2010-05-24 14:11 . 2010-03-13 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\winnt\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\winnt\system32\dns-sd.exe
2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-05-02 05:56 . 2001-08-23 12:00 1850880 ----a-w- c:\winnt\system32\win32k.sys
2010-04-29 20:39 . 2010-03-13 21:15 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-03-13 21:15 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-04-20 05:51 . 2001-08-23 12:00 285696 ----a-w- c:\winnt\system32\atmfd.dll
2010-04-20 01:47 . 2009-12-28 23:28 3062048 ----a-w- c:\winnt\system32\usbaaplrc.dll
2010-04-20 01:47 . 2009-12-28 23:28 41984 ----a-w- c:\winnt\system32\drivers\usbaapl.sys
2006-01-20 16:57 . 2006-01-20 16:57 21952 -c-h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"Synchronization Manager"="mobsync.exe" [2004-08-04 143360]
"NeroCheck"="c:\winnt\System32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-6-25 581632]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AudioDeck.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk
backup=c:\winnt\pss\AudioDeck.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\winnt\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2006-12-28 21:09 4579328 -c--a-w- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 09:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINNT\\system32\\mqsvc.exe"=
"c:\\WINNT\\system32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [7/15/2010 7:22 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 1:31 PM 136176]
S3 959b9316-5b8b-4312-9d5d-fe5682ba0673;959b9316-5b8b-4312-9d5d-fe5682ba0673;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [6/4/2010 8:23 PM 9216]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [12/7/1999 7:00 AM 24784]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [3/15/2006 5:27 PM 69472]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [3/15/2006 2:11 AM 9038]
S3 Vsp;Vsp;c:\winnt\system32\drivers\vsp.sys [6/25/2008 10:07 PM 3351]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-15 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 18:30]

2010-07-16 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 18:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\winnt\System32\mscoree.DLL
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\[You must be registered and logged in to see this link.]
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-15 20:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\winnt\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2436)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-15 20:06:35
ComboFix-quarantined-files.txt 2010-07-16 01:06
ComboFix2.txt 2010-07-15 02:01

Pre-Run: 3,862,712,320 bytes free
Post-Run: 3,845,373,952 bytes free

- - End Of File - - 091393A01737E03B94430407C8918CDB

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by DragonMaster Jay on Mon 19 Jul 2010, 6:05 am

Sorry for delay. Belahzur is on vacation. Let me look at a couple things here.

Download MBRCheck to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Mon 19 Jul 2010, 12:16 pm

No prblem at all, thanks for your time. Here is the log:

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\J: --> \\.\PhysicalDrive1



Size Device Name MBR Status

--------------------------------------------

19 GB \\.\PhysicalDrive0 Windows XP MBR code detected

149 GB \\.\PhysicalDrive1 Unknown MBR code





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...


bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by DragonMaster Jay on Mon 19 Jul 2010, 5:00 pm

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Tue 20 Jul 2010, 3:38 am

Hello, here is the log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 62 !

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by DragonMaster Jay on Tue 20 Jul 2010, 2:04 pm

Please open Command Prompt (Start > Run and type CMD and press OK)
Enter the following in to the black box, pressing enter after each line:

Code:
mbr -f

exit

Post a log (MBR.log).


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Wed 21 Jul 2010, 6:14 am

Hello, I did the last request but I couldnt find a log anywhere and it wouldnt let me copy it. The results were basically the same as yesterdays MBR log though.

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by DragonMaster Jay on Wed 21 Jul 2010, 2:24 pm

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Thu 22 Jul 2010, 1:51 pm

Hello, here is the log:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058BBA7-->880FD690 [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8A0C3830 [4] System
0x87E26020 [324] C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation, Symantec AntiVirus)
0x87D52780 [392] C:\WINNT\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x88C32170 [440] C:\WINNT\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x87E06DA0 [468] C:\WINNT\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x87D11368 [512] C:\WINNT\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x87F1EB98 [524] C:\WINNT\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x87F93DA0 [696] C:\WINNT\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x87FE3DA0 [724] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88015728 [796] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x880FC2D8 [840] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88038DA0 [876] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87F63020 [932] C:\WINNT\system32\mqsvc.exe (Microsoft Corporation, Message Queuing Service)
0x88046500 [968] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x880EE950 [1020] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87D00B78 [1044] C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation, Symantec Settings Manager Service)
0x87DA3500 [1112] C:\WINNT\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x87DD17D8 [1180] C:\WINNT\explorer.exe (Microsoft Corporation, Windows Explorer)
0x87E519E8 [1224] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation, Symantec Event Manager Service)
0x87771B78 [1400] C:\WINNT\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x87EF7020 [1468] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87D3DDA0 [1512] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x87E9D748 [1528] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation, Symantec User Session)
0x87EF5950 [1572] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x87DC8740 [1624] C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation, Virus Definition Daemon)
0x87775268 [1656] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation, Symantec AntiVirus)
0x87D8EDA0 [1784] C:\WINNT\system32\inetsrv\inetinfo.exe (Microsoft Corporation, Internet Information Services)
0x87E147D0 [1908] C:\WINNT\system32\msdtc.exe (Microsoft Corporation, MS DTC console program)
0x88017B78 [2020] C:\WINNT\system32\tcpsvcs.exe (Microsoft Corporation, TCP/IP Services Application)
0x87EDEDA0 [2040] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87662DA0 [2080] C:\WINNT\system32\mqtgsvc.exe (Microsoft Corporation, Windows NT MSMQ Trigger Service)
0x87D06DA0 [2160] C:\Program Files\QuickTime\QTTask.exe (Apple Inc., QuickTime Task)
0x875E0DA0 [2184] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x86D0F3C8 [2424] C:\Documents and Settings\Donnie Thibodeaux\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\q4oegemAnAm0.exe (UG North, RKULE, SR2 Normandy)
0x87768CA0 [2736] C:\WINNT\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x875F3BB0 [3004] C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P., HP Photosmart Premier)
0x87600370 [3036] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x88D803C8 [3952] C:\WINNT\system32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company, PortResolver Module)
0x884BB6A8 [3984] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x86D33528 [4044] C:\WINNT\system32\ntvdm.exe (Microsoft Corporation, NTVDM.EXE)
0x88993020 [4068] C:\WINNT\system32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company, HP Status Server Module)
==============================================
>Drivers
==============================================
0xBF0D0000 C:\WINNT\System32\ati3duag.dll 2695168 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINNT\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINNT\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBA589000 C:\WINNT\System32\DRIVERS\ati2mtag.sys 1601536 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF362000 C:\WINNT\System32\ativvaxx.dll 1409024 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB20BA000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100719.002\navex15.sys 1359872 bytes (Symantec Corporation, AV Engine)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5DC1000 C:\WINNT\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB5D63000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB5FA6000 C:\WINNT\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB334F000 C:\WINNT\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB61F4000 C:\Program Files\Symantec AntiVirus\savrt.sys 348160 bytes (Symantec Corporation, AutoProtect)
0xBFFA0000 C:\WINNT\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF055000 C:\WINNT\System32\ati2cqag.dll 282624 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINNT\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB2E54000 C:\WINNT\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB5F66000 C:\WINNT\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xBF09A000 C:\WINNT\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBA381000 C:\WINNT\System32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xB331D000 C:\WINNT\system32\drivers\RMCast.sys 204800 bytes (Microsoft Corporation, Reliable Multicast Transport)
0xBA4FD000 C:\WINNT\system32\drivers\vinyl97.sys 204800 bytes (VIA Technologies, Inc., Vinyl AC'97 Codec Combo WDM Driver)
0xBA3B5000 C:\WINNT\System32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF786A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3757000 C:\WINNT\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB1EBD000 C:\WINNT\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB5E30000 C:\WINNT\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB5F1D000 C:\WINNT\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xBA4D9000 C:\WINNT\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB370C000 C:\WINNT\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xBA552000 C:\WINNT\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xBA52F000 C:\WINNT\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB5EFB000 C:\WINNT\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB5F45000 C:\WINNT\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7479000 viamraid.sys 135168 bytes (VIA Technologies inc,.ltd, VIA AHCI RAID DRIVER FOR WIN XP/SRV2003)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINNT\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7441000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB2206000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB61D7000 C:\Program Files\Symantec\SYMEVENT.SYS 118784 bytes (Symantec Corporation, Symantec Event Library)
0xF784F000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB5D23000 C:\WINNT\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7461000 C:\WINNT\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7418000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB349E000 C:\WINNT\system32\drivers\mqac.sys 94208 bytes (Microsoft Corporation, Windows NT MQ Access Control Device Driver)
0xBA3E6000 C:\WINNT\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB36F7000 C:\WINNT\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB20A6000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100719.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xBA49D000 C:\WINNT\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB61C3000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xBA575000 C:\WINNT\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB5FFE000 C:\WINNT\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7405000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINNT\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF742F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xBA758000 C:\WINNT\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7587000 C:\WINNT\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76A7000 C:\WINNT\System32\Drivers\Cdr4_2K.SYS 61440 bytes (Roxio, CDR4_2k CDR Helper)
0xF76E7000 C:\WINNT\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C7000 C:\WINNT\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB389B000 C:\WINNT\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7517000 C:\WINNT\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76B7000 C:\WINNT\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7637000 C:\WINNT\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7577000 C:\WINNT\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7567000 C:\WINNT\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76F7000 C:\WINNT\system32\DRIVERS\fetnd5bv.sys 49152 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF7547000 C:\WINNT\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76D7000 C:\WINNT\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7557000 C:\WINNT\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7657000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF7697000 C:\WINNT\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF7527000 C:\WINNT\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA7A8000 C:\WINNT\System32\drivers\sdcplh.sys 40960 bytes (-, SDCPLH)
0xF7537000 C:\WINNT\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA798000 C:\WINNT\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF75F7000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA3FD000 C:\WINNT\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA7C8000 C:\WINNT\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB2C0A000 C:\WINNT\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF74F7000 C:\WINNT\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF779F000 C:\WINNT\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF770F000 videX32.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0xF7797000 C:\WINNT\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7707000 C:\WINNT\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF777F000 C:\WINNT\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7757000 C:\WINNT\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF776F000 C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77AF000 C:\WINNT\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA299000 C:\DOCUME~1\DONNIE~1\LOCALS~1\Temp\mbr.sys 24576 bytes
0xF77A7000 C:\WINNT\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7787000 C:\WINNT\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7807000 C:\WINNT\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF778F000 C:\WINNT\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7717000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77DF000 C:\WINNT\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77EF000 C:\WINNT\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77CF000 C:\WINNT\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7777000 C:\WINNT\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA2A1000 C:\WINNT\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA7D8000 C:\WINNT\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7947000 C:\WINNT\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7917000 C:\WINNT\system32\DRIVERS\tunmp.sys 16384 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF7897000 C:\WINNT\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB624D000 C:\WINNT\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7F8000 C:\WINNT\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7923000 C:\WINNT\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xBA4BD000 C:\WINNT\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB2FF1000 C:\WINNT\System32\Drivers\SYMREDRV.SYS 12288 bytes (Symantec Corporation, Redirector Filter Driver)
0xF79B3000 C:\WINNT\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79D9000 C:\WINNT\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B1000 C:\WINNT\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINNT\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79B5000 C:\WINNT\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79EB000 C:\WINNT\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79BB000 C:\WINNT\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7997000 C:\WINNT\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF799D000 C:\WINNT\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79A3000 C:\WINNT\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (VIA Technologies, Inc., VIA PCI IDE Bus Driver)
0xF7989000 C:\WINNT\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A52000 C:\WINNT\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A58000 C:\WINNT\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A5E000 C:\WINNT\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x24270324 LDT (IN GDT of Core 1) Modification, Base+0x1E8, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
0x03696DF8 LDT (IN GDT of Core 1) Modification, Base+0x238, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
0x01C701D7 LDT (IN GDT of Core 1) Modification, Base+0x2F0, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [1]
0xF1F00102 LDT (IN GDT of Core 1) Modification, Base+0x2F8, DPL_USER, Rpl : 2, Type: CallGate32, Core [1]
0x2E0D0E0A LDT (IN GDT of Core 1) Modification, Base+0x4B0, DPL_SYSTEM, Rpl : 2, Type: CallGate32, Core [1]
0x880C88DB LDT (IN GDT of Core 1) Modification, Base+0x9C8, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
0x888C88DB LDT (IN GDT of Core 1) Modification, Base+0x9D0, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
0x76412D70 LDT (IN GDT of Core 1) Modification, Base+0x960, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
0x65616644 LDT (IN GDT of Core 1) Modification, Base+0xBB0, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
0x6362756F LDT (IN GDT of Core 1) Modification, Base+0xCB0, DPL_USER, Rpl : 3, Type: CallGate32, Core [1]
0xF099AF1A LDT (IN GDT of Core 1) Modification, Base+0xD30, DPL_USER, Rpl : 2, Type: CallGate32, Core [1]
0x87388055 LDT (IN GDT of Core 1) Modification, Base+0xF88, DPL_INVALID, Rpl : 1, Type: CallGate32, Core [1]
0xB5B888DC LDT (IN GDT of Core 1) Modification, Base+0x0C0, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
0xA0189FA7 LDT (IN GDT of Core 1) Modification, Base+0xC20, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
0x00090000 LDT (IN GDT of Core 1) Modification, Base+0xCB8, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
0x02000000 LDT (IN GDT of Core 1) Modification, Base+0x610, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
0x88E80000 LDT (IN GDT of Core 1) Modification, Base+0x870, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sonypvs1.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [streams.sys]
WARNING: Virus alike driver modification [ndisip.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [slip.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [symdns.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [bdasup.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [SYMEVENT.SYS]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [class2.sys]
WARNING: Virus alike driver modification [Dot4Prt.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [vtmini.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [mpe.sys]
WARNING: Virus alike driver modification [streamip.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ccdecode.sys]
WARNING: Virus alike driver modification [symfw.sys]
WARNING: Virus alike driver modification [lvsound.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [wstcodec.sys]
WARNING: Virus alike driver modification [Dot4.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [msircomm.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [Dot4usb.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [openhci.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [sonyhcs.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [uhcd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [symids.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [sonyhcc.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [irbus.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [fetnd5b.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [symndis.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [msdv.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [mstee.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sonyhcb.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [usbhub20.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [lvcodek.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [cmuda.sys]
WARNING: Virus alike driver modification [nabtsfec.sys]
WARNING: Virus alike driver modification [Dot4scan.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [lvcam.sys]
WARNING: Virus alike driver modification [viausb.sys]
WARNING: Virus alike driver modification [slnthal.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\07212010.Log
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100719.002\vscanmsx.dat
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by DragonMaster Jay on Thu 22 Jul 2010, 6:14 pm

It appears you may have security software enabled.

Please disable all active security software, and re-run RootkitUnhooker and post a log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Fri 23 Jul 2010, 12:55 pm

Sorry about that, here it is:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058BBA7-->880FD690 [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8A0C3830 [4] System
0x87E26020 [324] C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation, Symantec AntiVirus)
0x87D52780 [392] C:\WINNT\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x88C32170 [440] C:\WINNT\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x87E06DA0 [468] C:\WINNT\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x87D11368 [512] C:\WINNT\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x87F1EB98 [524] C:\WINNT\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x87F93DA0 [696] C:\WINNT\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x87FE3DA0 [724] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88015728 [796] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x880FC2D8 [840] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88038DA0 [876] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87F63020 [932] C:\WINNT\system32\mqsvc.exe (Microsoft Corporation, Message Queuing Service)
0x88046500 [968] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x880EE950 [1020] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87D00B78 [1044] C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation, Symantec Settings Manager Service)
0x87DA3500 [1112] C:\WINNT\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x87DD17D8 [1180] C:\WINNT\explorer.exe (Microsoft Corporation, Windows Explorer)
0x87E519E8 [1224] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation, Symantec Event Manager Service)
0x87771B78 [1400] C:\WINNT\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x87EF7020 [1468] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87D3DDA0 [1512] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x87E9D748 [1528] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation, Symantec User Session)
0x87EF5950 [1572] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x87DC8740 [1624] C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation, Virus Definition Daemon)
0x87775268 [1656] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation, Symantec AntiVirus)
0x87D8EDA0 [1784] C:\WINNT\system32\inetsrv\inetinfo.exe (Microsoft Corporation, Internet Information Services)
0x87E147D0 [1908] C:\WINNT\system32\msdtc.exe (Microsoft Corporation, MS DTC console program)
0x88017B78 [2020] C:\WINNT\system32\tcpsvcs.exe (Microsoft Corporation, TCP/IP Services Application)
0x87EDEDA0 [2040] C:\WINNT\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87662DA0 [2080] C:\WINNT\system32\mqtgsvc.exe (Microsoft Corporation, Windows NT MSMQ Trigger Service)
0x87D06DA0 [2160] C:\Program Files\QuickTime\QTTask.exe (Apple Inc., QuickTime Task)
0x875E0DA0 [2184] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x87768CA0 [2736] C:\WINNT\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x875F3BB0 [3004] C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P., HP Photosmart Premier)
0x87600370 [3036] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x8849C020 [3456] C:\Documents and Settings\Donnie Thibodeaux\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\q4oegemAnAm0.exe (UG North, RKULE, SR2 Normandy)
0x890807C8 [3772] C:\WINNT\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x88D803C8 [3952] C:\WINNT\system32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company, PortResolver Module)
0x884BB6A8 [3984] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x86D33528 [4044] C:\WINNT\system32\ntvdm.exe (Microsoft Corporation, NTVDM.EXE)
0x88993020 [4068] C:\WINNT\system32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company, HP Status Server Module)
==============================================
>Drivers
==============================================
0xBF0D0000 C:\WINNT\System32\ati3duag.dll 2695168 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINNT\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINNT\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBA589000 C:\WINNT\System32\DRIVERS\ati2mtag.sys 1601536 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF362000 C:\WINNT\System32\ativvaxx.dll 1409024 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB20BA000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100719.002\navex15.sys 1359872 bytes (Symantec Corporation, AV Engine)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5DC1000 C:\WINNT\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB5D63000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB5FA6000 C:\WINNT\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB334F000 C:\WINNT\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB61F4000 C:\Program Files\Symantec AntiVirus\savrt.sys 348160 bytes (Symantec Corporation, AutoProtect)
0xBFFA0000 C:\WINNT\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF055000 C:\WINNT\System32\ati2cqag.dll 282624 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINNT\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB2E54000 C:\WINNT\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB5F66000 C:\WINNT\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xBF09A000 C:\WINNT\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBA381000 C:\WINNT\System32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xB331D000 C:\WINNT\system32\drivers\RMCast.sys 204800 bytes (Microsoft Corporation, Reliable Multicast Transport)
0xBA4FD000 C:\WINNT\system32\drivers\vinyl97.sys 204800 bytes (VIA Technologies, Inc., Vinyl AC'97 Codec Combo WDM Driver)
0xBA3B5000 C:\WINNT\System32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF786A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3757000 C:\WINNT\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB1517000 C:\WINNT\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB5E30000 C:\WINNT\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB5F1D000 C:\WINNT\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xBA4D9000 C:\WINNT\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB370C000 C:\WINNT\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xBA552000 C:\WINNT\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xBA52F000 C:\WINNT\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB5EFB000 C:\WINNT\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB5F45000 C:\WINNT\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7479000 viamraid.sys 135168 bytes (VIA Technologies inc,.ltd, VIA AHCI RAID DRIVER FOR WIN XP/SRV2003)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINNT\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7441000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB2206000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB61D7000 C:\Program Files\Symantec\SYMEVENT.SYS 118784 bytes (Symantec Corporation, Symantec Event Library)
0xF784F000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB5D23000 C:\WINNT\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7461000 C:\WINNT\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7418000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB349E000 C:\WINNT\system32\drivers\mqac.sys 94208 bytes (Microsoft Corporation, Windows NT MQ Access Control Device Driver)
0xBA3E6000 C:\WINNT\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB36F7000 C:\WINNT\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB20A6000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100719.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xBA49D000 C:\WINNT\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB61C3000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xBA575000 C:\WINNT\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB5FFE000 C:\WINNT\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7405000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINNT\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF742F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xBA758000 C:\WINNT\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7587000 C:\WINNT\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76A7000 C:\WINNT\System32\Drivers\Cdr4_2K.SYS 61440 bytes (Roxio, CDR4_2k CDR Helper)
0xF76E7000 C:\WINNT\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C7000 C:\WINNT\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB389B000 C:\WINNT\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7517000 C:\WINNT\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76B7000 C:\WINNT\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7637000 C:\WINNT\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7577000 C:\WINNT\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7567000 C:\WINNT\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76F7000 C:\WINNT\system32\DRIVERS\fetnd5bv.sys 49152 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF7547000 C:\WINNT\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76D7000 C:\WINNT\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7557000 C:\WINNT\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7657000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF7697000 C:\WINNT\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF7527000 C:\WINNT\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA7A8000 C:\WINNT\System32\drivers\sdcplh.sys 40960 bytes (-, SDCPLH)
0xF7537000 C:\WINNT\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA798000 C:\WINNT\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF75F7000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA3FD000 C:\WINNT\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA7C8000 C:\WINNT\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB259D000 C:\WINNT\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF74F7000 C:\WINNT\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF779F000 C:\WINNT\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF770F000 videX32.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0xF7797000 C:\WINNT\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7707000 C:\WINNT\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF777F000 C:\WINNT\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7757000 C:\WINNT\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF776F000 C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77AF000 C:\WINNT\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA299000 C:\DOCUME~1\DONNIE~1\LOCALS~1\Temp\mbr.sys 24576 bytes
0xF77A7000 C:\WINNT\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7787000 C:\WINNT\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7807000 C:\WINNT\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF778F000 C:\WINNT\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7717000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77DF000 C:\WINNT\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77EF000 C:\WINNT\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77CF000 C:\WINNT\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7777000 C:\WINNT\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA2A1000 C:\WINNT\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA7D8000 C:\WINNT\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7947000 C:\WINNT\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7917000 C:\WINNT\system32\DRIVERS\tunmp.sys 16384 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF7897000 C:\WINNT\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB624D000 C:\WINNT\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7F8000 C:\WINNT\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7923000 C:\WINNT\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xBA4BD000 C:\WINNT\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB2FF1000 C:\WINNT\System32\Drivers\SYMREDRV.SYS 12288 bytes (Symantec Corporation, Redirector Filter Driver)
0xF79B3000 C:\WINNT\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79D9000 C:\WINNT\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B1000 C:\WINNT\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINNT\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79B5000 C:\WINNT\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79EB000 C:\WINNT\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79BB000 C:\WINNT\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7997000 C:\WINNT\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF799D000 C:\WINNT\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79A3000 C:\WINNT\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (VIA Technologies, Inc., VIA PCI IDE Bus Driver)
0xF7989000 C:\WINNT\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A52000 C:\WINNT\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A58000 C:\WINNT\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A5E000 C:\WINNT\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x24270324 LDT (IN GDT of Core 1) Modification, Base+0x1E8, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
0x03696DF8 LDT (IN GDT of Core 1) Modification, Base+0x238, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
0x01C701D7 LDT (IN GDT of Core 1) Modification, Base+0x2F0, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [1]
0xF1F00102 LDT (IN GDT of Core 1) Modification, Base+0x2F8, DPL_USER, Rpl : 2, Type: CallGate32, Core [1]
0x2E0D0E0A LDT (IN GDT of Core 1) Modification, Base+0x4B0, DPL_SYSTEM, Rpl : 2, Type: CallGate32, Core [1]
0x880C88DB LDT (IN GDT of Core 1) Modification, Base+0x9C8, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
0x888C88DB LDT (IN GDT of Core 1) Modification, Base+0x9D0, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
0x9FD6FF73 LDT (IN GDT of Core 1) Modification, Base+0x788, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [1]
0x36FD2910 LDT (IN GDT of Core 1) Modification, Base+0x790, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
0x0C4621FA LDT (IN GDT of Core 1) Modification, Base+0x988, DPL_INVALID, Rpl : 2, Type: CallGate32, Core [1]
0x09C30F72 LDT (IN GDT of Core 1) Modification, Base+0x9D0, DPL_INVALID, Rpl : 2, Type: CallGate32, Core [1]
0x8830B21D LDT (IN GDT of Core 1) Modification, Base+0xB18, DPL_SYSTEM, Rpl : 1, Type: CallGate32, Core [1]
0x88C0B21D LDT (IN GDT of Core 1) Modification, Base+0xC80, DPL_SYSTEM, Rpl : 1, Type: CallGate32, Core [1]
0x33CEA07A LDT (IN GDT of Core 1) Modification, Base+0xC98, DPL_INVALID, Rpl : 2, Type: CallGate32, Core [1]
0x887888DC LDT (IN GDT of Core 1) Modification, Base+0xCD0, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
0x88C0B21D LDT (IN GDT of Core 1) Modification, Base+0xD10, DPL_SYSTEM, Rpl : 1, Type: CallGate32, Core [1]
0x8830B21D LDT (IN GDT of Core 1) Modification, Base+0xD58, DPL_SYSTEM, Rpl : 1, Type: CallGate32, Core [1]
0x88C088DC LDT (IN GDT of Core 1) Modification, Base+0xD60, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
0xB5B888DC LDT (IN GDT of Core 1) Modification, Base+0x0C0, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
0x415332DB LDT (IN GDT of Core 1) Modification, Base+0x038, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
0x5CDBA512 LDT (IN GDT of Core 1) Modification, Base+0x740, DPL_INVALID, Rpl : 2, Type: CallGate32, Core [1]
0xA0189FA7 LDT (IN GDT of Core 1) Modification, Base+0xC20, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
0x00090000 LDT (IN GDT of Core 1) Modification, Base+0xCB8, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
0x02000000 LDT (IN GDT of Core 1) Modification, Base+0x610, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
0x88E80000 LDT (IN GDT of Core 1) Modification, Base+0x870, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sonypvs1.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [streams.sys]
WARNING: Virus alike driver modification [ndisip.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [slip.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [symdns.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [bdasup.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [SYMEVENT.SYS]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [class2.sys]
WARNING: Virus alike driver modification [Dot4Prt.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [vtmini.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [mpe.sys]
WARNING: Virus alike driver modification [streamip.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ccdecode.sys]
WARNING: Virus alike driver modification [symfw.sys]
WARNING: Virus alike driver modification [lvsound.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [wstcodec.sys]
WARNING: Virus alike driver modification [Dot4.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [msircomm.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [Dot4usb.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [openhci.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [sonyhcs.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [uhcd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [symids.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [sonyhcc.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [irbus.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [fetnd5b.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [symndis.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [msdv.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [mstee.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sonyhcb.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [usbhub20.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [lvcodek.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [cmuda.sys]
WARNING: Virus alike driver modification [nabtsfec.sys]
WARNING: Virus alike driver modification [Dot4scan.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [lvcam.sys]
WARNING: Virus alike driver modification [viausb.sys]
WARNING: Virus alike driver modification [slnthal.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by DragonMaster Jay on Fri 23 Jul 2010, 5:06 pm

It's fine.

Please download TDSSKiller and save it to your Desktop.
  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive.
  • Please post the contents of that log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Sat 24 Jul 2010, 5:26 am

Hello, here is the log:
2010/07/23 13:23:06.0720 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/23 13:23:06.0720 ================================================================================
2010/07/23 13:23:06.0720 SystemInfo:
2010/07/23 13:23:06.0720
2010/07/23 13:23:06.0720 OS Version: 5.1.2600 ServicePack: 2.0
2010/07/23 13:23:06.0720 Product type: Workstation
2010/07/23 13:23:06.0720 ComputerName: THIBODEAUX
2010/07/23 13:23:06.0720 UserName: Donnie Thibodeaux
2010/07/23 13:23:06.0720 Windows directory: C:\WINNT
2010/07/23 13:23:06.0720 System windows directory: C:\WINNT
2010/07/23 13:23:06.0720 Processor architecture: Intel x86
2010/07/23 13:23:06.0720 Number of processors: 1
2010/07/23 13:23:06.0720 Page size: 0x1000
2010/07/23 13:23:06.0720 Boot type: Normal boot
2010/07/23 13:23:06.0720 ================================================================================
2010/07/23 13:23:06.0907 Initialize success
2010/07/23 13:23:09.0032 ================================================================================
2010/07/23 13:23:09.0032 Scan started
2010/07/23 13:23:09.0032 Mode: Manual;
2010/07/23 13:23:09.0032 ================================================================================
2010/07/23 13:23:10.0564 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINNT\system32\DRIVERS\ACPI.sys
2010/07/23 13:23:10.0657 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys
2010/07/23 13:23:10.0861 aec (1ee7b434ba961ef845de136224c30fec) C:\WINNT\system32\drivers\aec.sys
2010/07/23 13:23:10.0954 AFD (55e6e1c51b6d30e54335750955453702) C:\WINNT\System32\drivers\afd.sys
2010/07/23 13:23:11.0345 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINNT\system32\DRIVERS\amdk7.sys
2010/07/23 13:23:11.0782 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINNT\system32\DRIVERS\asyncmac.sys
2010/07/23 13:23:11.0986 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINNT\system32\DRIVERS\atapi.sys
2010/07/23 13:23:12.0579 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINNT\system32\DRIVERS\ati2mtag.sys
2010/07/23 13:23:12.0798 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINNT\system32\DRIVERS\atmarpc.sys
2010/07/23 13:23:12.0923 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys
2010/07/23 13:23:13.0017 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys
2010/07/23 13:23:13.0329 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys
2010/07/23 13:23:13.0423 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINNT\system32\DRIVERS\CCDECODE.sys
2010/07/23 13:23:13.0626 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys
2010/07/23 13:23:13.0704 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINNT\system32\drivers\Cdfs.sys
2010/07/23 13:23:13.0829 Cdr4_2K (9880f86f4261699273f818ae50216b8c) C:\WINNT\system32\drivers\Cdr4_2K.sys
2010/07/23 13:23:13.0923 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINNT\system32\drivers\Cdralw2k.sys
2010/07/23 13:23:14.0017 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINNT\system32\DRIVERS\cdrom.sys
2010/07/23 13:23:14.0657 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINNT\system32\DRIVERS\disk.sys
2010/07/23 13:23:14.0751 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINNT\system32\drivers\dmboot.sys
2010/07/23 13:23:14.0861 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINNT\system32\DRIVERS\dmio.sys
2010/07/23 13:23:14.0954 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys
2010/07/23 13:23:15.0032 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINNT\system32\drivers\DMusic.sys
2010/07/23 13:23:15.0173 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINNT\system32\drivers\drmkaud.sys
2010/07/23 13:23:15.0329 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/07/23 13:23:15.0439 EraserUtilDrv11010 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys
2010/07/23 13:23:15.0548 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINNT\system32\drivers\Fastfat.sys
2010/07/23 13:23:15.0689 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINNT\system32\DRIVERS\fdc.sys
2010/07/23 13:23:15.0798 FET5X86V (92cbce0913661ff966f9fb696a1775a5) C:\WINNT\system32\DRIVERS\fetnd5bv.sys
2010/07/23 13:23:15.0814 FETND5BV (92cbce0913661ff966f9fb696a1775a5) C:\WINNT\system32\DRIVERS\fetnd5bv.sys
2010/07/23 13:23:15.0907 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINNT\system32\DRIVERS\fetnd5b.sys
2010/07/23 13:23:16.0017 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINNT\system32\drivers\Fips.sys
2010/07/23 13:23:16.0251 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
2010/07/23 13:23:16.0329 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINNT\system32\DRIVERS\flpydisk.sys
2010/07/23 13:23:16.0439 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINNT\system32\drivers\fltmgr.sys
2010/07/23 13:23:16.0548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys
2010/07/23 13:23:16.0657 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINNT\system32\drivers\ftdibus.sys
2010/07/23 13:23:16.0751 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys
2010/07/23 13:23:16.0861 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys
2010/07/23 13:23:16.0986 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINNT\system32\DRIVERS\msgpc.sys
2010/07/23 13:23:17.0079 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINNT\system32\DRIVERS\hidusb.sys
2010/07/23 13:23:17.0314 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINNT\system32\Drivers\HTTP.sys
2010/07/23 13:23:17.0517 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINNT\system32\DRIVERS\i8042prt.sys
2010/07/23 13:23:17.0595 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINNT\system32\DRIVERS\imapi.sys
2010/07/23 13:23:17.0861 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINNT\system32\drivers\ip6fw.sys
2010/07/23 13:23:17.0970 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys
2010/07/23 13:23:18.0064 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINNT\system32\DRIVERS\ipinip.sys
2010/07/23 13:23:18.0157 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINNT\system32\DRIVERS\ipnat.sys
2010/07/23 13:23:18.0251 IPSEC (64537aa5c003a6afeee1df819062d0d1) C:\WINNT\system32\DRIVERS\ipsec.sys
2010/07/23 13:23:18.0407 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINNT\system32\DRIVERS\irenum.sys
2010/07/23 13:23:18.0486 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINNT\system32\DRIVERS\isapnp.sys
2010/07/23 13:23:18.0548 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINNT\system32\DRIVERS\kbdclass.sys
2010/07/23 13:23:18.0657 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINNT\system32\drivers\klmd.sys
2010/07/23 13:23:18.0751 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINNT\system32\drivers\kmixer.sys
2010/07/23 13:23:18.0861 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINNT\system32\drivers\KSecDD.sys
2010/07/23 13:23:19.0111 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys
2010/07/23 13:23:19.0204 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINNT\system32\drivers\Modem.sys
2010/07/23 13:23:19.0314 Mouclass (34e1f0031153e491910e12551400192c) C:\WINNT\system32\DRIVERS\mouclass.sys
2010/07/23 13:23:19.0407 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINNT\system32\drivers\MountMgr.sys
2010/07/23 13:23:19.0486 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINNT\system32\DRIVERS\MPE.sys
2010/07/23 13:23:19.0595 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINNT\system32\drivers\mqac.sys
2010/07/23 13:23:19.0907 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINNT\system32\DRIVERS\mrxdav.sys
2010/07/23 13:23:20.0032 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINNT\system32\DRIVERS\mrxsmb.sys
2010/07/23 13:23:20.0111 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINNT\system32\drivers\Msfs.sys
2010/07/23 13:23:20.0173 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINNT\system32\drivers\MSKSSRV.sys
2010/07/23 13:23:20.0267 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINNT\system32\drivers\MSPCLOCK.sys
2010/07/23 13:23:20.0329 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINNT\system32\drivers\MSPQM.sys
2010/07/23 13:23:20.0407 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINNT\system32\DRIVERS\mssmbios.sys
2010/07/23 13:23:20.0501 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINNT\system32\drivers\MSTEE.sys
2010/07/23 13:23:20.0579 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINNT\system32\drivers\Mup.sys
2010/07/23 13:23:20.0689 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINNT\system32\DRIVERS\NABTSFEC.sys
2010/07/23 13:23:20.0861 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100719.002\naveng.sys
2010/07/23 13:23:20.0986 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100719.002\navex15.sys
2010/07/23 13:23:21.0189 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINNT\system32\drivers\NDIS.sys
2010/07/23 13:23:21.0267 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINNT\system32\DRIVERS\NdisIP.sys
2010/07/23 13:23:21.0376 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINNT\system32\DRIVERS\ndistapi.sys
2010/07/23 13:23:21.0470 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINNT\system32\DRIVERS\ndisuio.sys
2010/07/23 13:23:21.0564 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINNT\system32\DRIVERS\ndiswan.sys
2010/07/23 13:23:21.0673 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINNT\system32\drivers\NDProxy.sys
2010/07/23 13:23:21.0798 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINNT\system32\DRIVERS\netbios.sys
2010/07/23 13:23:21.0861 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINNT\system32\DRIVERS\netbt.sys
2010/07/23 13:23:21.0970 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINNT\system32\drivers\Npfs.sys
2010/07/23 13:23:22.0095 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINNT\system32\drivers\Ntfs.sys
2010/07/23 13:23:22.0204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys
2010/07/23 13:23:22.0298 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys
2010/07/23 13:23:22.0392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
2010/07/23 13:23:22.0486 openhci (3eb4141801e4c71eb766faf73e870dc3) C:\WINNT\system32\DRIVERS\openhci.sys
2010/07/23 13:23:22.0673 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINNT\system32\DRIVERS\parport.sys
2010/07/23 13:23:22.0798 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINNT\system32\drivers\PartMgr.sys
2010/07/23 13:23:22.0892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys
2010/07/23 13:23:23.0001 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINNT\system32\DRIVERS\pci.sys
2010/07/23 13:23:23.0142 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys
2010/07/23 13:23:23.0251 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINNT\system32\drivers\Pcmcia.sys
2010/07/23 13:23:23.0736 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINNT\system32\drivers\pfc.sys
2010/07/23 13:23:23.0861 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINNT\system32\DRIVERS\raspptp.sys
2010/07/23 13:23:23.0939 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINNT\system32\DRIVERS\processr.sys
2010/07/23 13:23:24.0048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys
2010/07/23 13:23:24.0142 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINNT\system32\Drivers\PxHelp20.sys
2010/07/23 13:23:24.0579 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys
2010/07/23 13:23:24.0689 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINNT\system32\DRIVERS\rasl2tp.sys
2010/07/23 13:23:24.0751 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINNT\system32\DRIVERS\raspppoe.sys
2010/07/23 13:23:24.0876 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys
2010/07/23 13:23:24.0970 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINNT\system32\DRIVERS\rdbss.sys
2010/07/23 13:23:25.0048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys
2010/07/23 13:23:25.0142 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINNT\system32\DRIVERS\rdpdr.sys
2010/07/23 13:23:25.0251 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINNT\system32\drivers\RDPWD.sys
2010/07/23 13:23:25.0345 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINNT\system32\DRIVERS\redbook.sys
2010/07/23 13:23:25.0454 RMCAST (d18208ed6c768663b08c972eaa7a8b60) C:\WINNT\system32\drivers\RMCast.sys
2010/07/23 13:23:25.0579 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/07/23 13:23:25.0611 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/07/23 13:23:25.0704 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINNT\system32\drivers\sdcplh.sys
2010/07/23 13:23:25.0829 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys
2010/07/23 13:23:25.0939 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINNT\system32\DRIVERS\serenum.sys
2010/07/23 13:23:26.0032 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINNT\system32\DRIVERS\serial.sys
2010/07/23 13:23:26.0142 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINNT\system32\drivers\Sfloppy.sys
2010/07/23 13:23:26.0282 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINNT\system32\DRIVERS\SLIP.sys
2010/07/23 13:23:26.0532 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/07/23 13:23:26.0626 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINNT\system32\drivers\splitter.sys
2010/07/23 13:23:26.0798 sr (e41b6d037d6cd08461470af04500dc24) C:\WINNT\system32\DRIVERS\sr.sys
2010/07/23 13:23:26.0907 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINNT\system32\DRIVERS\srv.sys
2010/07/23 13:23:26.0986 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINNT\system32\DRIVERS\serscan.sys
2010/07/23 13:23:27.0095 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINNT\system32\DRIVERS\StreamIP.sys
2010/07/23 13:23:27.0173 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINNT\system32\DRIVERS\swenum.sys
2010/07/23 13:23:27.0267 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINNT\system32\drivers\swmidi.sys
2010/07/23 13:23:27.0486 SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS
2010/07/23 13:23:27.0579 SYMREDRV (8d668fe83a439e2166b7defff995cddc) C:\WINNT\System32\Drivers\SYMREDRV.SYS
2010/07/23 13:23:27.0720 SYMTDI (b825e10cd61046672fef234820842c42) C:\WINNT\System32\Drivers\SYMTDI.SYS
2010/07/23 13:23:28.0032 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINNT\system32\drivers\sysaudio.sys
2010/07/23 13:23:28.0173 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINNT\system32\DRIVERS\tcpip.sys
2010/07/23 13:23:28.0314 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINNT\system32\drivers\TDPIPE.sys
2010/07/23 13:23:28.0407 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINNT\system32\drivers\TDTCP.sys
2010/07/23 13:23:28.0548 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINNT\system32\DRIVERS\termdd.sys
2010/07/23 13:23:28.0798 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINNT\system32\DRIVERS\tunmp.sys
2010/07/23 13:23:28.0923 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINNT\system32\DRIVERS\uagp35.sys
2010/07/23 13:23:29.0017 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINNT\system32\drivers\Udfs.sys
2010/07/23 13:23:29.0236 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINNT\system32\DRIVERS\update.sys
2010/07/23 13:23:29.0345 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINNT\system32\Drivers\usbaapl.sys
2010/07/23 13:23:29.0423 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINNT\system32\DRIVERS\usbccgp.sys
2010/07/23 13:23:29.0517 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINNT\system32\DRIVERS\usbehci.sys
2010/07/23 13:23:29.0611 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINNT\system32\DRIVERS\usbhub.sys
2010/07/23 13:23:29.0704 usbhub20 (a0b7990bc80c007f08039b08b1f01485) C:\WINNT\system32\DRIVERS\usbhub20.sys
2010/07/23 13:23:29.0829 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINNT\system32\DRIVERS\usbprint.sys
2010/07/23 13:23:29.0923 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINNT\system32\DRIVERS\usbscan.sys
2010/07/23 13:23:30.0017 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINNT\system32\DRIVERS\USBSTOR.SYS
2010/07/23 13:23:30.0095 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINNT\system32\DRIVERS\usbuhci.sys
2010/07/23 13:23:30.0189 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINNT\System32\drivers\vga.sys
2010/07/23 13:23:30.0282 viafilter (646eb13fd35ab93d380a6f5e31b34a4c) C:\WINNT\System32\Drivers\viausb.sys
2010/07/23 13:23:30.0392 viagfx (0cc705db634a3bc355887e3d478dd386) C:\WINNT\system32\DRIVERS\vtmini.sys
2010/07/23 13:23:30.0486 viaide (b2b04630fe75ef32684e854828b1f764) C:\WINNT\system32\DRIVERS\viaide.sys
2010/07/23 13:23:30.0564 viamraid (79d0dcf683856593309601f4089f758a) C:\WINNT\system32\DRIVERS\viamraid.sys
2010/07/23 13:23:30.0673 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINNT\system32\drivers\vinyl97.sys
2010/07/23 13:23:30.0767 videX32 (f95c0fcfbcbda6d8f202d2df4052f88d) C:\WINNT\system32\DRIVERS\videX32.sys
2010/07/23 13:23:30.0876 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINNT\system32\drivers\VolSnap.sys
2010/07/23 13:23:30.0954 Vsp (aaf94bc88ecdf0ae0586805dad1e59c4) C:\WINNT\system32\drivers\Vsp.sys
2010/07/23 13:23:31.0064 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINNT\system32\DRIVERS\wanarp.sys
2010/07/23 13:23:31.0220 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINNT\system32\drivers\wdmaud.sys
2010/07/23 13:23:31.0329 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINNT\system32\DRIVERS\wpdusb.sys
2010/07/23 13:23:31.0439 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINNT\System32\drivers\ws2ifsl.sys
2010/07/23 13:23:31.0532 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
2010/07/23 13:23:31.0626 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINNT\system32\DRIVERS\WudfPf.sys
2010/07/23 13:23:31.0861 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINNT\system32\DRIVERS\wudfrd.sys
2010/07/23 13:23:31.0907 ================================================================================
2010/07/23 13:23:31.0907 Scan finished
2010/07/23 13:23:31.0907 ================================================================================

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by DragonMaster Jay on Sat 24 Jul 2010, 5:42 am

Still got redirects?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: redirect with all and computer locks

Post by bigpun111 on Sun 29 Aug 2010, 3:47 am

Actually I dont have redirects anymore, thank you so much. I do have Symatech and spybot, also check my computer regularley with Malaware bytes and pc pitstop. Do you recommend any anti virus/ anti malware programs? Sorry It took so long, I have been out of state and couldnt chech my pc. Donnie

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by Sponsored content Today at 9:23 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum