Disk defragmenter spyware removal logs - Please check

  1. 25-05-2011  #1
    zephyr.vinay
    zephyr.vinay is offline Newbie

    Disk defragmenter spyware removal logs - Please check

    I am posting the logs as suggested from http://www.d-a-l.com/help/spyware-ad...s-updated.html

    Please let me know if the computer is clean or if I should perform any additional steps or if there is any other information required from my side

    Thanks
    Attached Files
  2. 25-05-2011  #2
    broni
    broni is offline Senior Member
    Welcome aboard

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    ================================================== ===============

    All logs have to be pasted into your reply, not attached.
  3. 26-05-2011  #3
    zephyr.vinay
    zephyr.vinay is offline Newbie
    Hi please could you check the logs and reply this time since I am traveling and the logs are on my computer
  4. 26-05-2011  #4
    broni
    broni is offline Senior Member
    Since you're able to access this topic, I'd assume, you can open your logs and paste them?
  5. 27-05-2011  #5
    zephyr.vinay
    zephyr.vinay is offline Newbie
    Well I am using my phone I would really have done it if it was possible...I am traveling
  6. 27-05-2011  #6
    broni
    broni is offline Senior Member
    In that case, you won't be able to perform any next steps anyway....

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6669

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    05/24/11 11:28:15 PM
    mbam-log-2011-05-24 (23-28-15).txt

    Scan type: Quick scan
    Objects scanned: 168584
    Time elapsed: 4 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

    GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-05-25 00:13:52
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST320082 rev.3.03
    Running: 5b7d1v8j.exe; Driver: C:\DOCUME~1\alex\LOCALS~1\Temp\afgyyfog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 85C6F7D0 ZwAlertResumeThread
    SSDT 85C6F890 ZwAlertThread
    SSDT 85C78808 ZwAllocateVirtualMemory
    SSDT 8604D730 ZwConnectPort
    SSDT 85C6D918 ZwCreateMutant
    SSDT 85C797D0 ZwCreateThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF3BE4350]
    SSDT 85C73848 ZwFreeVirtualMemory
    SSDT 85C6E818 ZwImpersonateAnonymousToken
    SSDT 85C6E8D8 ZwImpersonateThread
    SSDT 86066658 ZwMapViewOfSection
    SSDT 85C6D858 ZwOpenEvent
    SSDT 85C788D8 ZwOpenProcessToken
    SSDT 85C71918 ZwOpenThreadToken
    SSDT 85C6D788 ZwQueryValueKey
    SSDT 86016628 ZwResumeThread
    SSDT 85C71858 ZwSetContextThread
    SSDT 85C72818 ZwSetInformationProcess
    SSDT 85C71798 ZwSetInformationThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3BE4580]
    SSDT 85C6C890 ZwSuspendProcess
    SSDT 85C707D0 ZwSuspendThread
    SSDT 85C798A0 ZwTerminateProcess
    SSDT 85C70890 ZwTerminateThread
    SSDT 85C728D8 ZwUnmapViewOfSection
    SSDT 85C73908 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D20 4 Bytes [18, E8, C6, 85]
    .text ntkrnlpa.exe!ZwCallbackReturn + 24F1 80501D29 3 Bytes [E8, C6, 85]
    ? bpsdidbv.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6AD9360, 0x372FAD, 0xE8000020]

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Paramet ers\Keys\00158343566b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Paramet ers\Keys\00158343566b (not active ControlSet)
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\00158343566b

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61

    ---- EOF - GMER 1.0.15 ----


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000001fc

    Kernel Drivers (total 149):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D1000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF7487000 bpsdidbv.sys
    0xF7358000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7347000 pci.sys
    0xF7497000 isapnp.sys
    0xF74A7000 ohci1394.sys
    0xF74B7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF74C7000 MountMgr.sys
    0xF7328000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF74D7000 VolSnap.sys
    0xF7310000 atapi.sys
    0xF72EC000 nvgts.sys
    0xF72D4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF74E7000 disk.sys
    0xF74F7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF72B4000 fltmgr.sys
    0xF72A2000 sr.sys
    0xF728D000 drvmcdb.sys
    0xF7507000 PxHelp20.sys
    0xF7276000 KSecDD.sys
    0xF71E9000 Ntfs.sys
    0xF71BC000 NDIS.sys
    0xF71A2000 Mup.sys
    0xF7537000 \SystemRoot\system32\DRIVERS\processr.sys
    0xF77F7000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0xF6AD9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF6AC5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF77BF000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF6AA1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7547000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF798F000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xF7557000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7567000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF6A7E000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF784F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF7577000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF6A0C000 \SystemRoot\system32\DRIVERS\BLKWGD.sys
    0xF68F3000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xF7995000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF776F000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF68CB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF7943000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xF6881000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xF684A000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    0xF7587000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7867000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7877000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7B21000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0xF7B24000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF799D000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF7597000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF794F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6833000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF75A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF75B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7767000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6822000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF75C7000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7797000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF77A7000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF77B7000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF75D7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79A3000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6724000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7967000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF66E7000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
    0xF75E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF75F7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7607000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
    0xF3C96000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xF3C72000 \SystemRoot\system32\drivers\portcls.sys
    0xF7657000 \SystemRoot\system32\drivers\drmk.sys
    0xF3BF2000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
    0xF3BD0000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xF3BBC000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    0xF40D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7677000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF779F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF77C7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF79A1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7AF0000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79AF000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7837000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF77AF000 \SystemRoot\System32\drivers\vga.sys
    0xF79BB000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF77FF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF787F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF3969000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF3936000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF38DD000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF38A4000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xF387E000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF6782000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF3856000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF67C2000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF3834000 \SystemRoot\System32\drivers\afd.sys
    0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF37CF000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xF37AD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF785F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xF3782000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF3712000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF76C7000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF36B4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xF3696000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xF364A000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF367A000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0xF35FC000 \SystemRoot\System32\Drivers\dump_nvgts.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF7957000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF774F000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7B7A000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xF76B7000 \SystemRoot\system32\drivers\drvnddm.sys
    0xF7B15000 \SystemRoot\system32\dla\tfsndres.sys
    0xBA360000 \SystemRoot\system32\dla\tfsnifs.sys
    0xF3686000 \SystemRoot\system32\dla\tfsnopio.sys
    0xF79AB000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF7787000 \SystemRoot\system32\dla\tfsnboio.sys
    0xF76E7000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF7A88000 \SystemRoot\system32\dla\tfsndrct.sys
    0xBA347000 \SystemRoot\system32\dla\tfsnudf.sys
    0xBA32E000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xF66BF000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xBA31A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBF5E6000 \SystemRoot\System32\ATMFD.DLL
    0xB9E7B000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB9FF8000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB9CE6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB98B4000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB9984000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    0xB936E000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB9045000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB8A44000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\2011052 0.002\navex15.sys
    0xB8A30000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\2011052 0.002\naveng.sys
    0xB8DEA000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xB7E1D000 \??\C:\DOCUME~1\alex\LOCALS~1\Temp\afgyyfog.sys
    0xB7DF2000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 49):
    0 System Idle Process
    4 System
    704 C:\WINDOWS\system32\smss.exe
    772 csrss.exe
    800 C:\WINDOWS\system32\winlogon.exe
    848 C:\WINDOWS\system32\services.exe
    860 C:\WINDOWS\system32\lsass.exe
    1060 C:\WINDOWS\system32\svchost.exe
    1156 svchost.exe
    1300 C:\WINDOWS\system32\svchost.exe
    1420 svchost.exe
    1560 svchost.exe
    412 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    424 C:\WINDOWS\explorer.exe
    460 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    620 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    768 C:\WINDOWS\system32\spoolsv.exe
    1848 svchost.exe
    1880 C:\WINDOWS\system32\acs.exe
    1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    244 C:\Program Files\Bonjour\mDNSResponder.exe
    284 svchost.exe
    1276 C:\Program Files\Symantec AntiVirus\DefWatch.exe
    1856 C:\Program Files\Java\jre6\bin\jqs.exe
    2008 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1696 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1720 C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
    1760 C:\WINDOWS\system32\nvsvc32.exe
    432 C:\WINDOWS\system32\svchost.exe
    1196 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    1292 wdfmgr.exe
    1380 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    1616 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    2460 alg.exe
    3476 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    3520 C:\PROGRA~1\SYMANT~1\VPTray.exe
    3676 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3688 C:\WINDOWS\system32\rundll32.exe
    3904 C:\WINDOWS\system32\ctfmon.exe
    4012 C:\Program Files\iTunes\iTunesHelper.exe
    132 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    1248 C:\Program Files\Messenger\msmsgs.exe
    1508 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    2160 C:\Documents and Settings\alex\Application Data\Dropbox\bin\Dropbox.exe
    3292 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    2916 C:\Program Files\iPod\bin\iPodService.exe
    1924 C:\WINDOWS\system32\wuauclt.exe
    188 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    2856 I:\remov\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3200826AS, Rev: 3.03

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  7. 27-05-2011  #7
    broni
    broni is offline Senior Member
    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 7.0.5730.13
    Run by alex at 0:15:54 on 2011-05-25
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.264 [GMT -4:00]
    .
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Documents and Settings\alex\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    I:\remov\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://eroes-ss.east.verizonwireless.com/
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*Yahoo! UK
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*Yahoo! SearchBar Home Page
    uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173YYUS&fl=0&ptb=WfxBJh9BaA ovmnOQWKHsAg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
    StartupFolder: c:\docume~1\alex\startm~1\programs\startup\dropbox .lnk - c:\documents and settings\alex\application data\dropbox\bin\Dropbox.exe
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: payupcenter.com\www
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
    DPF: {3B3CC57A-6F3D-4596-A8D6-19E4A216AD0C} - hxxps://dsi2.datascape2.com:8443/AgentProfile/dspcval.ocx
    DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - hxxp://www.myposcenter.com/setup.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {AF0E2552-6B3E-427E-8CA2-96DECE3B5143} - hxxp://www.myposcenter.com/license.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: LMIinit - LMIinit.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2008-7-2 47640]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectServi ce.exe [2011-1-4 91456]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-21 24652]
    R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [2008-6-24 463872]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-20 105592]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd ~1\20110520.002\naveng.sys [2011-5-20 86008]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\viru sd~1\20110520.002\navex15.sys [2011-5-20 1542392]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
    S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
    S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sy s [2010-7-8 176384]
    S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sy s [2010-7-8 176384]
    S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.s ys [2010-7-8 176384]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
    S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384]
    S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\zteusbgps.sys --> c:\windows\system32\drivers\ZTEusbgps.sys [?]
    S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\zteusbnmeaext.sys --> c:\windows\system32\drivers\ZTEusbnmeaext.sys [?]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-05-25 02:32:49 -------- d-----w- c:\program files\txt
    2011-05-25 01:31:19 -------- d-----w- c:\program files\temp
    2011-05-25 00:51:01 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-05-25 00:50:54 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-25 00:24:41 -------- d-----w- c:\documents and settings\alex\application data\Malwarebytes
    2011-05-25 00:24:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-25 00:24:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-05-25 00:24:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-25 00:24:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-18 21:23:39 -------- d-----w- c:\documents and settings\alex\application data\Dropbox
    2011-05-07 21:43:19 16640 ----a-r- c:\windows\system32\drivers\PalmUSBD.sys
    2011-05-07 19:16:03 -------- d-----w- c:\program files\Palm
    2011-04-26 15:27:31 53248 ----a-r- c:\documents and settings\alex\application data\microsoft\installer\{b0a92733-c870-415c-a494-df72c2c58402}\ARPPRODUCTICON.exe
    .
    ==================== Find3M ====================
    .
    2011-05-10 05:08:38 27648 ----a-w- c:\windows\system32\win32com.dll
    2011-05-10 05:08:29 73728 ----a-w- c:\windows\system32\SigUsb.dll
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 1311 1857920 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 0:16:07.71 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 06/23/08 543 PM
    System Uptime: 05/24/11 11:29:37 PM (1 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NAGAMI
    Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket 939 | 2404/199mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 182 GiB total, 167.977 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP649: 05/24/11 8:10:37 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Media Player
    Adobe Reader 8.1.5
    Adobe Shockwave Player
    Agere Systems PCI-SV92PP Soft Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Belkin Wireless Utility
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Software Updater
    Bonjour
    Compatibility Pack for the 2007 Office system
    DivX Codec
    DivX Converter
    DivX Player
    Dropbox
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 6
    KB408682
    LG_MobileSync
    LightScribe 1.4.84.1
    LiveUpdate 3.2 (Symantec Corporation)
    MagTek ActiveX Control for KB Wedge Device
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Meeting 2007
    Microsoft Office Professional Edition 2003
    Microsoft Visual Basic PowerPacks 1.2
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    MicroTelecom PRO
    MicroTelecom Pro 2010
    MMF Cash Drawer UPOS 1.9
    MotoConnect
    Move Networks Media Player for Internet Explorer
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    NVIDIA Drivers
    Octoshape add-in for Adobe Flash Player
    Palm Desktop by ACCESS
    PowerDVD
    QuickTime
    Realtek High Definition Audio Driver
    Retail Pro (v.845r)
    RSA SecurID Software Token 1.0.1 for Web SDK
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sonic DLA
    Sonic RecordNow! Plus
    Sonic Update Manager
    SUPERAntiSpyware
    Symantec AntiVirus
    Topaz SigPlus Basic 3.95
    Turbo Lister 2
    UME-36 Upgrade Program 1.0.0.5
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Mobile Broadband Drivers
    Verizon Wireless MiFi-2200 Firmware Updates
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    VZAccess Manager
    WebFldrs XP
    Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! BrowserPlus 2.8.1
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    05/24/11 9:30:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips Processor SASDIFSV SASKUTIL SAVRT SAVRTPEL SPBBCDrv SYMTDI
    05/24/11 8:51:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips ohci1394 Processor SAVRT SAVRTPEL SPBBCDrv SYMTDI
    05/24/11 8:50:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    05/24/11 8:50:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    05/24/11 8:09:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'display.hlp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    05/24/11 7:39:33 PM, error: Service Control Manager [7024] - The Symantec SPBBCSvc service terminated with service-specific error 4294967295 (0xFFFFFFFF).
    05/24/11 7:32:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    05/24/11 5:42:49 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    05/24/11 11:35:16 PM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts1.
    05/24/11 11:15:02 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    05/24/11 11:15:01 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    05/24/11 11:15:00 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    05/24/11 11:15:00 PM, error: Service Control Manager [7031] - The MotoConnect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    05/24/11 11:14:59 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    05/24/11 11:14:59 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    05/24/11 11:14:59 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    05/24/11 11:14:59 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    05/24/11 11:14:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
  8. 27-05-2011  #8
    broni
    broni is offline Senior Member
    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:


    On completion of the scan click "Save log", save it to your desktop and post in your next reply:


    ================================================== ============

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.

    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.

    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  9. 28-05-2011  #9
    zephyr.vinay
    zephyr.vinay is offline Newbie
    Hi I am back in town and I did all the steps you asked to perform, Thanks a ton

    Log of STEP 1 aswMBR
    aswMBR version 0.9.5.310 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-28 16:28:31
    -----------------------------
    16:28:31.187 OS Version: Windows 5.1.2600 Service Pack 3
    16:28:31.187 Number of processors: 1 586 0x2F02
    16:28:31.187 ComputerName: ALEX-8905C97712 UserName: alex
    16:28:31.750 Initialize success
    16:28:33.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
    16:28:33.500 Disk 0 Vendor: ST320082 3.03 Size: 190782MB BusType: 1
    16:28:33.515 Disk 0 MBR read successfully
    16:28:33.515 Disk 0 MBR scan
    16:28:33.515 Disk 0 Windows XP default MBR code
    16:28:33.531 Disk 0 malicious Win32:MBRoot code @ sector 61 !
    16:28:33.546 Disk 0 scanning C:\WINDOWS\system32\drivers
    16:28:43.609 Service scanning
    16:28:45.625 Disk 0 trace - called modules:
    16:28:45.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
    16:28:45.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86565030]
    16:28:45.656 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000074[0x86561920]
    16:28:45.656 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x86561a38]
    16:28:45.656 Scan finished successfully
    16:28:58.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alex\Desktop\MBR.dat"
    16:28:58.546 The log file has been saved successfully to "C:\Documents and Settings\alex\Desktop\aswMBR.txt"

    STEP 2
    Rootkit unhunter log
    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #1
    ==============================================
    >Drivers
    ==============================================
    0xF6B01000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6557696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.16 )
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6111232 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 175.16 )
    0xF3C96000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4272128 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2069376 bytes
    0x804D7000 RAW 2069376 bytes
    0x804D7000 WMIxWDM 2069376 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB76C8000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110527.00 2\navex15.sys 1536000 bytes (Symantec Corporation, AV Engine)
    0xF691B000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1150976 bytes (Agere Systems, SoftModem Device Driver)
    0xF71E9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xF6A34000 C:\WINDOWS\system32\DRIVERS\BLKWGD.sys 466944 bytes (Belkin Corporation., Driver for Belkin Wireless G Desktop Card)
    0xF3712000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xF37CF000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 413696 bytes (Symantec Corporation, SPBBC Driver)
    0xF36B4000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
    0xF6724000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xF38DD000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xF3BF2000 C:\Program Files\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
    0xB976A000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xF6881000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 303104 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
    0xBF5E6000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB8DFA000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xF66E7000 C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 249856 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
    0xF38A4000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 233472 bytes (Symantec Corporation, Network Dispatch Driver)
    0xF684A000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
    0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB9D48000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF71BC000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB684E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xF3782000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xF68CB000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xF3856000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xF387E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xF3620000 C:\WINDOWS\System32\Drivers\dump_nvgts.sys 147456 bytes
    0xF72EC000 nvgts.sys 147456 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
    0xF3C72000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF6AC9000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF6AA6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xF3834000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xF37AD000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
    0xF3BD0000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
    0x806D1000 ACPI_HAL 131840 bytes
    0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xF72B4000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF7328000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF3696000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
    0xF71A2000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xBA393000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
    0xBA37A000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7310000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xF72D4000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xF7276000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF6833000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xBA3AC000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF728D000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
    0xB9F7D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB76B4000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110527.00 2\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
    0xF3BBC000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
    0xF6AED000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xF3936000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xB7B1D000 C:\WINDOWS\system32\DRIVERS\WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF72A2000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF6822000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xF76A7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF7557000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF7527000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xF7497000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xF39A1000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xF7647000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF7567000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB9FFA000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF75E7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF74A7000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xF74E7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF7577000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF7587000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF74C7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF75A7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xB81F9000 C:\DOCUME~1\alex\LOCALS~1\Temp\aswMBR.sys 45056 bytes
    0xF39F1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF7547000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF74B7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF7597000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA790000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
    0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xB993B000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
    0xF75D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xB8D72000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
    0xF75C7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xF74D7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF7667000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xF75B7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF76D7000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB7D22000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xF75F7000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
    0xF7537000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xF74F7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xBA780000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF76E7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF7777000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xF7887000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF780F000 C:\WINDOWS\system32\DRIVERS\nvsmu.sys 32768 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) SMU Microcontroller Driver)
    0xF7807000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF77A7000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xF77BF000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
    0xBA6F6000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF77C7000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xF7867000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xF787F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF786F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF7877000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0xF783F000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
    0xF77B7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xF77F7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF779F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF77AF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF776F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF77D7000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xF775F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xBA36A000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
    0xF3686000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
    0xF796B000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xBA356000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF7943000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
    0xBA74C000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xF3C4E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF40E2000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xF7953000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF66D7000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF79AD000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF79A1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF79B9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF79BF000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF799F000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
    0xF7991000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
    0xF79A5000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF7A17000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7997000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF7B2B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF7A9E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF7B28000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
    0xF7AEB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xF7B0C000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7BB9000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    ==============================================
    >Stealth
    ==============================================


    Nothing detected

    PLease let me know if everything is fine
  10. 29-05-2011  #10
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    So far looks good...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Closed Thread
« google and other links redirected | Googe links being redirected.. »