Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

google-analytics virus, need help

This is a discussion on google-analytics virus, need help within the Resolved HJT Threads forums, part of the Tech Support Forum category. I've recently been having some problems with my desktop computer. It's an older, custom machine that runs XP. At first

Thread Tools Search this Thread
Old 10-11-2010, 02:15 PM   #1
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

I've recently been having some problems with my desktop computer. It's an older, custom machine that runs XP. At first I thought it was just running slow, but eventually I was unable to browse without being taken to unwanted sites (google-analytics.com), later the page would just load indefinitely. Finally, my symantec anti-virus said that a backdoor.tideservI!.inf was detected and a file known as a0083034.sys was trying to be quarantined. The quarantine said 'partial' success, and when I tried to use the 'clean' tool it also only partially succeeded. Despite the partial success, the problem persists.

When I googled the issue, I stumbled across a page on these forums where someone had the same issue I have. They did not post the necessary info, thus here I am. - Also, I do NOT have access to a Windows install disc or boot cd.

DDS (Ver_10-10-10.03) - NTFSx86
Run by Benjamin at 15:21:49.32 on Mon 10/11/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2517 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Razer\Tarantula\razerhid.exe
D:\Program Files\Razer\Lachesis\razerhid.exe
D:\Program Files\Razer\Lachesis\OSD.exe
D:\Program Files\Razer\Lachesis\razertra.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Razer\Lachesis\razerofa.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Documents and Settings\Benjamin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=d:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [BitTorrent DNA] "d:\program files\dna\btdna.exe"
uRun: [qokpdliv] d:\documents and settings\benjamin\local settings\application data\uytokvxtl\xynrnvfshdw.exe
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [zzGBK] F:\setup.exe
mRun: [UpdReg] d:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [IMJPMIG8.1] "d:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] d:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] d:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] d:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ccApp] "d:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] d:\progra~1\symant~1\VPTray.exe
mRun: [Tarantula] d:\program files\razer\tarantula\razerhid.exe
mRun: [Lachesis] d:\program files\razer\lachesis\razerhid.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [qokpdliv] d:\documents and settings\benjamin\local settings\application data\uytokvxtl\xynrnvfshdw.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
Trusted Zone: aol.com\free
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
TCP: NameServer =,
Notify: NavLogon - d:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\benjamin\applic~1\mozilla\firefox\profiles\bly7f771.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;d:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;d:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;d:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;d:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Symantec AntiVirus;Symantec AntiVirus;d:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R3 AE1000;Linksys AE1000 Driver;d:\windows\system32\drivers\AE1000XP.sys [2010-8-12 816672]
R3 LachesisFltr;Lachesis Mouse Driver;d:\windows\system32\drivers\Lachesis.sys [2008-1-9 12032]
R3 NAVENG;NAVENG;d:\progra~1\common~1\symant~1\virusd~1\20101011.002\naveng.sys [2010-10-11 86064]
R3 NAVEX15;NAVEX15;d:\progra~1\common~1\symant~1\virusd~1\20101011.002\navex15.sys [2010-10-11 1371184]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\d:\program files\vmlaunch\buddyvm.sys --> d:\program files\vmlaunch\BuddyVM.sys [?]
S3 ccPwdSvc;Symantec Password Validation;d:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 SavRoam;SAVRoam;d:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 TarFltr;Razer Tarantula USB Keyboard;d:\windows\system32\drivers\UsbFltr.sys [2008-1-9 44800]

=============== Created Last 30 ================

2010-10-07 17:12:19 16968 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys
2010-10-07 17:11:28 -------- d-----w- d:\docume~1\alluse~1\applic~1\Hitman Pro
2010-10-07 17:11:27 -------- d-----w- d:\program files\Hitman Pro 3.5

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- d:\windows\system32\spoolsv.exe
2010-08-13 16:08:35 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-08-13 16:08:35 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-22 15:49:15 590848 ----a-w- d:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- d:\windows\system32\xpsp4res.dll

============= FINISH: 15:22:27.21 ===============
Attached Files
File Type: zip ark.zip (4.7 KB, 18 views)
megatrawn is offline  
Sponsored Links
Old 10-13-2010, 03:28 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10

Hello and welcome to TSF.

I would like to see the reports from a couple more scans.
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

amateur is offline  
Old 10-14-2010, 10:29 AM   #3
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

Hello Amateur, and thank you for taking your time to help me. I found out today that I'm running XP Home Edition with Service Pack 3.

RkU Version: 3.8.388.590, Type LE (SR2)
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
0xB9549000 D:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6557696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.16 )
0xBF012000 D:\WINDOWS\System32\nv4_disp.dll 6111232 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 175.16 )
0x804D7000 D:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 D:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB4BDF000 D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101011.002\navex15.sys 1368064 bytes (Symantec Corporation, AV Engine)
0xB9EA7000 PCI_PNP3324 1048576 bytes
0xB9EA7000 sppi.sys 1048576 bytes
0xB9EA7000 sptd 1048576 bytes
0xB9268000 D:\WINDOWS\system32\drivers\ha10kx2k.sys 954368 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xB6DD9000 D:\WINDOWS\system32\DRIVERS\AE1000XP.sys 815104 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xB9188000 D:\WINDOWS\system32\drivers\ctac32k.sys 647168 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xB9D43000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB6BDA000 D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6B7C000 D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB939D000 D:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB9C11000 D:\WINDOWS\system32\drivers\ctaud2k.sys 376832 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xB6D25000 D:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB6109000 D:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB7033000 D:\Program Files\Symantec AntiVirus\savrt.sys 348160 bytes (Symantec Corporation, AutoProtect)
0xB5CB5000 D:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6CE5000 D:\WINDOWS\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xB9B8A000 D:\WINDOWS\system32\DRIVERS\yk51x86.sys 225280 bytes (Marvell, NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller)
0xB94FF000 D:\WINDOWS\System32\Drivers\a249gd79.SYS 221184 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E61000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB63A0000 D:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D16000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9BC1000 D:\WINDOWS\system32\drivers\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB6C4A000 D:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6C97000 D:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB6CBF000 D:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB4A73000 D:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9351000 D:\WINDOWS\system32\drivers\hap17v2k.sys 147456 bytes (Creative Technology Ltd, Creative EMU10KX-P17v HAL (WDM))
0xB9BED000 D:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9C90000 D:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9C6D000 D:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB6C75000 D:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB9246000 D:\WINDOWS\system32\drivers\emupia2k.sys 139264 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 D:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9226000 D:\WINDOWS\system32\drivers\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xB9DF9000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB6A1B000 D:\WINDOWS\system32\DRIVERS\nvcap.sys 131072 bytes (NVIDIA Corporation, NVIDIA WDM Video Capture (universal))
0xB9E31000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB5137000 D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB7016000 D:\Program Files\Symantec\SYMEVENT.SYS 118784 bytes (Symantec Corporation, Symantec Event Library)
0xB9CFC000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E19000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB6B3C000 D:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E8F000 D:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DD0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB94D4000 D:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB4A5C000 D:\DOCUME~1\Benjamin\LOCALS~1\Temp\pxtdqpob.sys 94208 bytes
0xB6675000 D:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xB6183000 D:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB4BCB000 D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101011.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xB94EB000 D:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB7002000 D:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xB9535000 D:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB6D7E000 D:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 D:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DE7000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E50000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB949B000 D:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA2F8000 D:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA158000 D:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA188000 D:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA198000 D:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA2A8000 D:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA178000 D:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA168000 D:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB6485000 D:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA1F8000 D:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 D:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 D:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1A8000 D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB946B000 D:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1C8000 D:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2C8000 D:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA148000 D:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1B8000 D:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA208000 D:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1E8000 D:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA258000 D:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1D8000 D:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2B8000 D:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB4EF5000 D:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA138000 D:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA288000 D:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA448000 D:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3D0000 D:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA388000 D:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA410000 D:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3F0000 D:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 D:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB4AA7000 D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA478000 D:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA480000 D:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA418000 D:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA398000 D:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA420000 D:\WINDOWS\system32\DRIVERS\irsir.sys 20480 bytes (Microsoft Corporation, Serial Infrared Driver)
0xBA428000 D:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA460000 D:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA430000 D:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xBA470000 D:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA440000 D:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA380000 D:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA3A0000 D:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB94D0000 D:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA59C000 D:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB66F7000 D:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB6DB1000 D:\WINDOWS\system32\DRIVERS\NVxbar.sys 16384 bytes (NVIDIA Corporation, NVIDIA WDM A/V Crossbar)
0xB6390000 D:\WINDOWS\system32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xBA574000 D:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 D:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB6DCD000 D:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB6545000 D:\WINDOWS\system32\drivers\EIO.sys 12288 bytes (ASUSTeK Computer Inc., ASUS Kernel Mode Driver for NT )
0xBA54C000 D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xBA560000 D:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA578000 D:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xBA558000 D:\WINDOWS\system32\drivers\Lachesis.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Lachesis USB Optical Mouse Driver)
0xBA580000 D:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA58C000 D:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9395000 D:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB59E9000 D:\WINDOWS\System32\Drivers\SYMREDRV.SYS 12288 bytes (Symantec Corporation, Redirector Filter Driver)
0xBA5CC000 D:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5B0000 D:\WINDOWS\system32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xBA5F8000 D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5CA000 D:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 D:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5CE000 D:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E6000 D:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5D0000 D:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5BA000 D:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BE000 D:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 D:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA78D000 D:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA75B000 D:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6EE000 D:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8B20C1F8 unknown_irp_handler 3592 bytes
0x879A91F8 unknown_irp_handler 3592 bytes
0x8B0171F8 unknown_irp_handler 3592 bytes
0x8B0361F8 unknown_irp_handler 3592 bytes
0x8791C1F8 unknown_irp_handler 3592 bytes
0x8B13A1F8 unknown_irp_handler 3592 bytes
0x8B1A21F8 unknown_irp_handler 3592 bytes
0x8B1361F8 unknown_irp_handler 3592 bytes
0x879481F8 unknown_irp_handler 3592 bytes
0x879111F8 unknown_irp_handler 3592 bytes
0x8798F500 unknown_irp_handler 2816 bytes
WARNING: File locked for read access [D:\WINDOWS\system32\drivers\sptd.sys]

MBRCheck, version 1.2.3
(c) 2010, AD

Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EA7000 sppi.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E61000 ACPI.sys
0xB9E50000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA0D8000 MountMgr.sys
0xB9E31000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9E19000 atapi.sys
0xBA0F8000 disk.sys
0xB9DF9000 fltmgr.sys
0xB9DE7000 sr.sys
0xB9DD0000 KSecDD.sys
0xB9D43000 Ntfs.sys
0xB9D16000 NDIS.sys
0xB9CFC000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA380000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9C90000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9C6D000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA54C000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB9C11000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB9BED000 \SystemRoot\system32\drivers\portcls.sys
0xBA178000 \SystemRoot\system32\drivers\drmk.sys
0xB9BC1000 \SystemRoot\system32\drivers\ctoss2k.sys
0xBA5B0000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xBA188000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9B8A000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB9549000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9535000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB94FF000 \SystemRoot\System32\Drivers\a249gd79.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA198000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA574000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA420000 \SystemRoot\system32\DRIVERS\irsir.sys
0xBA578000 \SystemRoot\system32\DRIVERS\irenum.sys
0xB94EB000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA78D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA430000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xBA440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA1A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB94D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB949B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA480000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB939D000 \SystemRoot\system32\DRIVERS\update.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9351000 \SystemRoot\system32\drivers\hap17v2k.sys
0xB9268000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xB9246000 \SystemRoot\system32\drivers\emupia2k.sys
0xB9226000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xB9188000 \SystemRoot\system32\drivers\ctac32k.sys
0xBA398000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB7033000 \??\D:\Program Files\Symantec AntiVirus\savrt.sys
0xB7016000 \??\D:\Program Files\Symantec\SYMEVENT.SYS
0xB7002000 \??\D:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6DD9000 \SystemRoot\system32\DRIVERS\AE1000XP.sys
0xBA558000 \SystemRoot\system32\drivers\Lachesis.sys
0xBA560000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA258000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA580000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB94D0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA5CA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6EE000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5CC000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA418000 \SystemRoot\System32\drivers\vga.sys
0xBA5CE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA428000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9395000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6D7E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6D25000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6CE5000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB6CBF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB6C97000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6C75000 \SystemRoot\System32\drivers\afd.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6C4A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6BDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6B7C000 \??\D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6B3C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5F8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6DCD000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA75B000 \SystemRoot\System32\drivers\dxgthk.sys
0xB6A1B000 \SystemRoot\system32\DRIVERS\nvcap.sys
0xB946B000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xB6DB1000 \SystemRoot\system32\DRIVERS\NVxbar.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB6675000 \SystemRoot\system32\DRIVERS\irda.sys
0xB66F7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB63A0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5E6000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB6545000 \??\D:\WINDOWS\system32\drivers\EIO.sys
0xB6390000 \??\D:\WINDOWS\system32\drivers\PfModNT.sys
0xB6183000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6485000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6109000 \SystemRoot\system32\DRIVERS\srv.sys
0xB5CB5000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5137000 \??\D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys
0xB59E9000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB4BDF000 \??\D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101011.002\navex15.sys
0xB4BCB000 \??\D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101011.002\naveng.sys
0xB4A73000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4A5C000 \??\D:\DOCUME~1\Benjamin\LOCALS~1\Temp\pxtdqpob.sys
0xB4AA7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 39):
0 System Idle Process
4 System
784 D:\WINDOWS\system32\smss.exe
840 csrss.exe
868 D:\WINDOWS\system32\winlogon.exe
924 D:\WINDOWS\system32\services.exe
936 D:\WINDOWS\system32\lsass.exe
1100 D:\WINDOWS\system32\svchost.exe
1148 svchost.exe
1204 D:\WINDOWS\system32\svchost.exe
1364 svchost.exe
1416 svchost.exe
1704 D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1732 D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1872 D:\WINDOWS\system32\spoolsv.exe
1936 svchost.exe
1964 D:\Program Files\Bonjour\mDNSResponder.exe
1980 D:\Program Files\Symantec AntiVirus\DefWatch.exe
276 D:\Program Files\Java\jre6\bin\jqs.exe
344 D:\WINDOWS\system32\nvsvc32.exe
472 D:\WINDOWS\system32\svchost.exe
524 D:\Program Files\Symantec AntiVirus\Rtvscan.exe
940 D:\WINDOWS\explorer.exe
2036 D:\Program Files\Common Files\Java\Java Update\jusched.exe
364 D:\Program Files\Common Files\Symantec Shared\ccApp.exe
644 D:\PROGRA~1\SYMANT~1\VPTray.exe
812 D:\Program Files\Razer\Tarantula\razerhid.exe
1328 D:\Program Files\Razer\Lachesis\razerhid.exe
1900 alg.exe
2112 D:\Program Files\Razer\Lachesis\OSD.exe
2160 D:\WINDOWS\system32\rundll32.exe
2320 D:\Program Files\Razer\Lachesis\razertra.exe
2436 D:\Program Files\iTunes\iTunesHelper.exe
2472 D:\WINDOWS\system32\ctfmon.exe
2484 D:\Program Files\Razer\Lachesis\razerofa.exe
3520 D:\Program Files\DNA\btdna.exe
824 D:\Program Files\iPod\bin\iPodService.exe
2744 D:\WINDOWS\system32\wuauclt.exe
284 E:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03
PhysicalDrive1 Model Number: SAMSUNGSP2004C, Rev: VM100-33

Size Device Name MBR Status
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
186 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


If you need anything else, I'll be waiting and watching!
megatrawn is offline  
Old 10-14-2010, 11:02 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10


Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Do not re-enable these drivers until otherwise instructed.


Please download ComboFix from one of these locations:

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how, please look in here:

    How to disable your security applications
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

# Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done that.

amateur is offline  
Old 10-14-2010, 01:24 PM   #5
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

ComboFix 10-10-12.03 - Benjamin 10/14/2010 15:15:27.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2607 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))

2010-10-13 23:42 . 2010-09-18 06:53 974848 -c----w- d:\windows\system32\dllcache\mfc42.dll
2010-10-13 23:42 . 2010-09-18 06:53 953856 -c----w- d:\windows\system32\dllcache\mfc40u.dll
2010-10-13 23:42 . 2010-08-23 16:12 617472 -c----w- d:\windows\system32\dllcache\comctl32.dll
2010-10-07 17:12 . 2010-10-11 20:07 16968 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys
2010-10-07 17:11 . 2010-10-07 17:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Hitman Pro
2010-10-07 17:11 . 2010-10-07 17:11 -------- d-----w- d:\program files\Hitman Pro 3.5

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2010-08-13 323392]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="d:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="d:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"Tarantula"="d:\program files\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]
"Lachesis"="d:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - d:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2004-03-19 08:33 24576 ----a-w- d:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 03:46 13529088 ----a-w- d:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 03:46 1630208 ----a-w- d:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-04 00:06 45056 ----a-w- d:\program files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 07:11 132496 ----a-w- d:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"d:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Steam\\steamapps\\senorpigeon11@hotmail.com\\team fortress 2\\hl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\trawnikb@hotmail.com\\counter-strike source\\hl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\trawnikb@hotmail.com\\team fortress 2\\hl2.exe"=
"d:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Documents and Settings\\Benjamin\\Desktop\\StarCraft_2_NA_en-US.exe"=
"d:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"d:\\Program Files\\StarCraft II\\Support\\SC2Editor.exe"=
"d:\\Program Files\\StarCraft II\\Support\\Repair.exe"=

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 AE1000;Linksys AE1000 Driver;d:\windows\system32\drivers\AE1000XP.sys [8/12/2010 5:11 PM 816672]
R3 LachesisFltr;Lachesis Mouse Driver;d:\windows\system32\drivers\Lachesis.sys [1/9/2008 6:41 PM 12032]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\d:\program files\VMLaunch\BuddyVM.sys --> d:\program files\VMLaunch\BuddyVM.sys [?]
S3 SavRoam;SAVRoam;d:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 1:30 PM 124608]
S3 TarFltr;Razer Tarantula USB Keyboard;d:\windows\system32\drivers\UsbFltr.sys [1/9/2008 6:40 PM 44800]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [6/5/2008 2:18 AM 717296]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv11010
*Deregistered* - EraserUtilRebootDrv
Contents of the 'Scheduled Tasks' folder

2010-10-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
------- Supplementary Scan -------
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aol.com\free
FF - ProfilePath - d:\documents and settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\bly7f771.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-qokpdliv - d:\documents and settings\Benjamin\Local Settings\Application Data\uytokvxtl\xynrnvfshdw.exe
HKLM-Run-zzGBK - F:\setup.exe
HKLM-Run-qokpdliv - d:\documents and settings\Benjamin\Local Settings\Application Data\uytokvxtl\xynrnvfshdw.exe
MSConfigStartUp-WinampAgent - d:\program files\Winamp\winampa.exe

Completion time: 2010-10-14 15:20:07
ComboFix-quarantined-files.txt 2010-10-14 20:20

Pre-Run: 13,736,841,216 bytes free
Post-Run: 13,735,350,272 bytes free

[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 7D18AFA896FDFDE58FD0448160783C9D

Here is the ComboFix log you requested.
megatrawn is offline  
Old 10-14-2010, 01:30 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10

Are you still experiencing redirects?

Pleae go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

amateur is offline  
Old 10-17-2010, 09:34 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10

Are you having any problem running ESET online scan?

Even if the ESET online scan is clean and you have no re-directs, we still have some cleaning up to do. The process is not completed yet. Please reply back with the ESET results.

amateur is offline  
Old 10-18-2010, 02:35 PM   #8
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

Hello again Amateur,

I am still experiencing redirects, however it is not nearly as often. I am, however, having difficulty using the ESET scanner. It provides me a prompt to install, and when I click the install button it asks me to 'retry', which causes it to reload indefinately.

Thanks for the help!
megatrawn is offline  
Old 10-18-2010, 02:53 PM   #9
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

pay no heed to the previous message!

I minimized the ESET scan log and was prompted to 'retry' or 'cancel' because of a resending info error (but i did not press back or anything) so the log that I currently have only says

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

I am going to rerun the scanner and post that log this evening.

Thanks for your help
megatrawn is offline  
Old 10-18-2010, 04:10 PM   #10
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=
# api_version=3.0.2
# EOSSerial=e3d1d533346e71449c4017a3e11fbae7
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-18 10:56:11
# local_time=2010-10-18 05:56:11 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=61507
# found=2
# cleaned=0
# scan_time=1527
D:\System Volume Information\_restore{26D7909A-32A0-4B4A-BB87-BBB32538EC60}\RP502\A0083028.dll a variant of Win32/Kryptik.HBL trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{26D7909A-32A0-4B4A-BB87-BBB32538EC60}\RP502\A0083029.dll Win32/Olmarik.ADF trojan 00000000000000000000000000000000 I

Here you go!
megatrawn is offline  
Old 10-18-2010, 11:04 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10


The items in the ESET log are in the system restore cache where system restore points are stored, and therefore inert unless the system is manually restored to an infected date. It's not anything to be worried about at the moment as the system restore cache will be cleared as part of the final instructions when we are done. Until then, even an infected system restore is better than having none, so we will wait.

I am still experiencing redirects, however it is not nearly as often.
Do the redirects occur when you click on google search results? Which browser does it happen with, IE, FireFox or other? Are you using a router?

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Launch Malwarebyte's, and select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

amateur is offline  
Old 10-19-2010, 10:08 AM   #12
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

Here are the results of the scanner.

Malwarebytes' Anti-Malware 1.46
Database version: 4882
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
10/19/2010 12:04:45 PM
mbam-log-2010-10-19 (12-04-45).txt
Scan type: Quick scan
Objects scanned: 130089
Time elapsed: 3 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

I've only experienced redirects when using Firefox (it's my default browser). And in the past it has redirected me when I click links, but also when i type in the url. However, today I have not been redirected. So... perhaps it has been fixed?
megatrawn is offline  
Old 10-19-2010, 10:46 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10


However, today I have not been redirected. So... perhaps it has been fixed?
I am not seeing anything in the logs to cause redirects. But, let's keep the topic open a little while and let me know whether you're free of redirects or not. If still no directs, then I'll give you the final instructions.

Are you using a router?
Also, I didn't get a reply to this question.

amateur is offline  
Old 10-19-2010, 01:18 PM   #14
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

Originally Posted by amateur View Post

Also, I didn't get a reply to this question. Are you using a router?
I actually am using a linksys AE1000 wireless adapter.
megatrawn is offline  
Old 10-20-2010, 03:55 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10

How do you connect to the internet? Are you using the wireless adapter to connect to the internet via wireless modem/router? Are you on a network? Are there other computers in the network and are they also getting redirected?

amateur is offline  
Old 10-20-2010, 11:51 AM   #16
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

Originally Posted by amateur View Post
How do you connect to the internet? Are you using the wireless adapter to connect to the internet via wireless modem/router? Are you on a network? Are there other computers in the network and are they also getting redirected?
I connect to my own wireless modem, but I am not on a network.
megatrawn is offline  
Old 10-20-2010, 11:59 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10

Have the redirects stopped or do you still get redirected?

amateur is offline  
Old 10-20-2010, 04:40 PM   #18
Registered Member
Join Date: Oct 2010
Posts: 10
OS: xp

Originally Posted by amateur View Post
Have the redirects stopped or do you still get redirected?

They seem to have stopped. I haven't been redirected lately.
megatrawn is offline  
Old 10-20-2010, 11:34 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10


LimeWire 4.18.8

The above are p2p file sharing programs which are installed on your machine. This practice can make you vulnerable to data and identity theft. Please read this sticky:

Perils of P2P File Sharing

I would strongly urge you to remove them via Add or Remove Programs in Control Panel as suggested in our
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help page.

  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link

Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add or Remove Programs):

Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

These are all outdated, and security risks by having them installed still. Leave Java(TM) 6 Update 21 alone as it's the latest version.

You can also clear your java cache. Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


Adobe Reader 8.1.3 is out of date and can be exploited. Please download the latest version, here.

Uncheck Google Toolbar or Free McAfeeŽ Security Scan Plus,, or any other offers they may have. during the installation, unless you want it.


The logs are clean, but if you're still being redirected, please let me know. Otherwise, continue with the following final steps:

Please disable all protection applications as before .
  • Click Start thenRun
  • Now type ComboFix /Uninstall in the run box and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

You may re-enable your security applications now.

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article:

Strong passwords: How to create and use them

You may also consider a password keeper, to keep all your passwords safe.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!

amateur is offline  
Old 10-23-2010, 06:56 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
amateur's Avatar
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10

Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:


amateur is offline  

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question

» Site Navigation
 > FAQ

All times are GMT -7. The time now is 08:39 PM.

vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Copyright 2001 - 2015, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts


Partially Powered By Products Found At Lampwrights.com