Author Topic: [Resolved] Prbrowser redirects, problems shutting down & starting up  (Read 7693 times)

0 Members and 1 Guest are viewing this topic.

Offline aaronski

  • Bronze Member
  • Posts: 25
I am really new to trying to fix stuff on my own. It seems that somehow I picked up something that is causing any browser I use to redirect to different pages and even links from a google search. Also am having issues trying to launch some programs and shutting down/starting up. Malwarebytes scan today revealed nothing. However my antivirus (ESET NOD32) periodically shows it blocking traffic to unknown ip addresses even when I don't have a browser active. Please help. Here's my log as recommened in the steps.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:52 AM, on 4/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Seagate Product Registration.lnk = C:\Documents and Settings\Home\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com/
O16 - DPF: AuGen - http://alchemyweb.city.newport-beach.ca.us/alchemyweb/Components/AuGen.cab
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file:///D:/components/Liquid.ocx
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} (alaWeb5.cUtil) - file:///C:/a%20la%20mode/WinTOTAL/Content/cabs/alaWeb5.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11071 bytes
« Last Edit: May 25, 2011, 01:07:00 pm by K27 »



Offline K27

  • Malware Removal Staff
  • Gold Member
  • Posts: 2342
    • Go Good IT Solutions
Hi aaronski,

Welcome to SpywareHammer,

I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.




Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.
In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.





Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




    I need to see some additional information about what is happening in your machine. 
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.  Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.   
    • When done, DDS will open two (2) logs

             1. DDS.txt
             2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.

     
    • Instead of attaching, please copy/past both logs into your next reply.

    • Close the program window, and delete the program from your desktop.
    Please note:  You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet. 
    Information on A/V control HERE



    Please post back the MBAM log and BOTH DDS logs for review,

    Thanks
    SpywareHammer - Knowledgebase

    The internet is the new age battle of the old age clash between good and evil

    Offline aaronski

    • Bronze Member
    • Posts: 25
    Great thank you ...will go through the steps as directed and post as requested when completed.

    Offline aaronski

    • Bronze Member
    • Posts: 25
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6467

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/28/2011 2:04:34 PM
    mbam-log-2011-04-28 (14-04-34).txt

    Scan type: Quick scan
    Objects scanned: 160693
    Time elapsed: 10 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    .
    DDS (Ver_11-03-05.01) - NTFSx86 
    Run by Home at 14:11:37.43 on Thu 04/28/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1091 [GMT -7:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\a la mode\Sched\eSched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    svchost.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Home\Desktop\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uWindow Title = Windows Internet Explorer provided by MSN & Bing
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [The Assistant] c:\program files\a la mode\sched\eSched.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent
    mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    StartupFolder: c:\docume~1\home\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\home\application data\leadertech\powerregister\Seagate Product Registration.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: AuGen - hxxp://alchemyweb.city.newport-beach.ca.us/alchemyweb/Components/AuGen.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file:///D:/components/Liquid.ocx
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} - file:///C:/a%20la%20mode/WinTOTAL/Content/cabs/alaWeb5.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-27 532224]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824]
    R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlservr.exe [2005-5-4 9150464]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-21 136176]
    S3 Atmss$a;Atmss$a;c:\windows\system32\drivers\audstub.sys [2009-12-3 3072]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-21 136176]
    S3 Rsiot0uadhww;Rsiot0uadhww;

    S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlagent.EXE [2005-5-3 323584]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 Wpastubkdh;Wpastubkdh;

    .
    =============== Created Last 30 ================
    .
    2011-04-28 18:50:06   --------   d-----w-   c:\docume~1\home\locals~1\applic~1\ESET
    2011-04-28 17:30:02   709456   ----a-w-   c:\windows\isRS-000.tmp
    2011-04-28 16:34:17   388096   ----a-r-   c:\docume~1\home\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-04-28 16:34:16   --------   d-----w-   c:\program files\Trend Micro
    2011-04-28 16:09:15   --------   dc-h--w-   c:\windows\ie8
    2011-04-28 15:32:27   --------   d-----w-   c:\docume~1\home\applic~1\RegistryKeys
    2011-04-28 05:43:00   --------   d-----w-   c:\program files\InCode Solutions
    2011-04-27 22:07:31   --------   d-----w-   c:\windows\Internet Logs
    2011-04-27 21:45:09   --------   d--h--w-   c:\windows\msdownld.tmp
    2011-04-27 21:33:12   --------   d-----w-   c:\program files\ESET
    2011-04-27 21:09:28   --------   d-----w-   c:\program files\CCleaner
    2011-04-27 07:23:48   --------   d-----w-   c:\windows\system32\NtmsData
    2011-04-27 05:49:44   --------   d-----w-   c:\program files\Avira
    2011-04-27 05:49:44   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Avira
    2011-04-27 02:41:27   --------   d-----w-   c:\program files\iPod
    2011-04-27 02:41:23   --------   d-----w-   c:\program files\iTunes
    2011-04-27 02:38:00   --------   d-----w-   c:\program files\Bonjour
    2011-04-14 00:19:13   --------   d-----w-   c:\program files\Watchtower
    2011-04-06 23:20:16   91424   ----a-w-   c:\windows\system32\dnssd.dll
    2011-04-06 23:20:16   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
    2011-04-06 23:20:16   197920   ----a-w-   c:\windows\system32\dnssdX.dll
    2011-04-06 23:20:16   107808   ----a-w-   c:\windows\system32\dns-sd.exe
    .
    ==================== Find3M  ====================
    .
    2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
    2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
    2011-02-24 21:08:22   3735552   ----a-w-   c:\windows\system32\alarpt5.ocx
    2011-02-19 00:28:28   1238528   ----a-w-   c:\windows\system32\zpeng25.dll
    2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52   270848   ----a-w-   c:\windows\system32\sbe.dll
    2011-02-09 13:53:52   186880   ----a-w-   c:\windows\system32\encdec.dll
    2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
    2011-02-02 07:58:35   2067456   ----a-w-   c:\windows\system32\mstscax.dll
    2011-02-01 19:15:10   1451336   ----a-w-   c:\windows\system32\wtfiles.dll
    .
    =================== ROOTKIT  ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3250410AS rev.3.AAA -> Harddisk0\DR0 -> \Device\00000626
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D6E4F0]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d747d0]; MOV EAX, [0x89d7484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D4EAB8]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89D02F18]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89D4E030]
    \Driver\nvata[0x89D50C98] -> IRP_MJ_CREATE -> 0x89D6E4F0
    error: Read  Incorrect function.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
    detected disk devices:
    \Device\00000060 -> \??\IDE#DiskST3250410AS_____________________________3.AAA___#2020202020202020202020205235305956374131#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 14:12:54.07 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/3/2009 3:05:32 PM
    System Uptime: 4/28/2011 10:33:55 AM (4 hours ago)
    .
    Motherboard: MSI |  | MS-7310
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | CPU 1 | 2211/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 233 GiB total, 132.028 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&2FF81D47&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&2FF81D47&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP402: 1/28/2011 10:54:04 PM - System Checkpoint
    RP403: 1/29/2011 11:35:51 PM - System Checkpoint
    RP404: 1/30/2011 11:56:55 PM - System Checkpoint
    RP405: 2/1/2011 12:36:29 PM - System Checkpoint
    RP406: 2/2/2011 2:32:27 PM - System Checkpoint
    RP407: 2/3/2011 3:32:22 PM - System Checkpoint
    RP408: 2/4/2011 3:57:36 PM - System Checkpoint
    RP409: 2/5/2011 4:08:23 PM - System Checkpoint
    RP410: 2/5/2011 5:44:59 PM - Removed Opera 11.00.
    RP411: 2/6/2011 6:25:49 PM - System Checkpoint
    RP412: 2/7/2011 7:24:24 PM - System Checkpoint
    RP413: 2/8/2011 8:58:11 PM - System Checkpoint
    RP414: 2/9/2011 9:38:22 PM - System Checkpoint
    RP415: 2/9/2011 11:38:05 PM - Software Distribution Service 3.0
    RP416: 2/10/2011 11:55:05 PM - System Checkpoint
    RP417: 2/12/2011 9:27:06 AM - System Checkpoint
    RP418: 2/13/2011 12:56:48 PM - System Checkpoint
    RP419: 2/14/2011 3:54:59 PM - System Checkpoint
    RP420: 2/15/2011 5:07:42 PM - System Checkpoint
    RP421: 2/18/2011 8:23:10 PM - System Checkpoint
    RP422: 2/24/2011 11:35:10 AM - System Checkpoint
    RP423: 2/25/2011 11:36:00 AM - System Checkpoint
    RP424: 2/26/2011 1:13:12 PM - System Checkpoint
    RP425: 2/27/2011 1:14:30 PM - System Checkpoint
    RP426: 2/28/2011 2:47:33 PM - System Checkpoint
    RP427: 3/1/2011 2:55:52 PM - System Checkpoint
    RP428: 3/2/2011 8:05:01 PM - System Checkpoint
    RP429: 3/3/2011 9:01:25 PM - System Checkpoint
    RP430: 3/4/2011 9:23:01 PM - System Checkpoint
    RP431: 3/5/2011 9:41:53 PM - System Checkpoint
    RP432: 3/7/2011 9:43:12 AM - System Checkpoint
    RP433: 3/8/2011 10:02:44 AM - System Checkpoint
    RP434: 3/9/2011 11:20:22 PM - System Checkpoint
    RP435: 3/10/2011 3:00:12 AM - Software Distribution Service 3.0
    RP436: 3/12/2011 1:01:59 PM - System Checkpoint
    RP437: 3/13/2011 3:42:14 PM - System Checkpoint
    RP438: 3/14/2011 4:04:37 PM - System Checkpoint
    RP439: 3/16/2011 8:32:41 AM - System Checkpoint
    RP440: 3/16/2011 11:44:28 PM - Software Distribution Service 3.0
    RP441: 3/18/2011 12:30:52 AM - System Checkpoint
    RP442: 3/19/2011 12:46:53 PM - System Checkpoint
    RP443: 3/20/2011 1:09:58 PM - System Checkpoint
    RP444: 3/21/2011 1:55:50 PM - System Checkpoint
    RP445: 3/22/2011 8:49:38 AM - Removed Bonjour
    RP446: 3/23/2011 9:25:49 AM - System Checkpoint
    RP447: 3/24/2011 12:05:37 PM - System Checkpoint
    RP448: 3/25/2011 1:21:23 AM - Software Distribution Service 3.0
    RP449: 3/27/2011 3:38:54 PM - System Checkpoint
    RP450: 3/28/2011 3:49:11 PM - System Checkpoint
    RP451: 3/29/2011 4:39:18 PM - System Checkpoint
    RP452: 3/30/2011 5:09:15 PM - System Checkpoint
    RP453: 3/30/2011 8:25:46 PM - Removed Adobe Reader 9.4.3.
    RP454: 3/30/2011 8:25:58 PM - Installed Adobe Reader X (10.0.1).
    RP455: 3/31/2011 9:18:00 PM - System Checkpoint
    RP456: 4/1/2011 10:01:41 PM - System Checkpoint
    RP457: 4/2/2011 10:16:39 PM - System Checkpoint
    RP458: 4/3/2011 11:02:03 PM - System Checkpoint
    RP459: 4/4/2011 11:15:20 PM - System Checkpoint
    RP460: 4/5/2011 11:34:07 PM - System Checkpoint
    RP461: 4/7/2011 12:29:58 AM - System Checkpoint
    RP462: 4/9/2011 6:30:45 PM - System Checkpoint
    RP463: 4/10/2011 6:48:18 PM - System Checkpoint
    RP464: 4/11/2011 6:59:18 PM - System Checkpoint
    RP465: 4/12/2011 7:04:25 PM - System Checkpoint
    RP466: 4/13/2011 5:01:31 PM - Software Distribution Service 3.0
    RP467: 4/14/2011 5:43:25 PM - System Checkpoint
    RP468: 4/15/2011 7:46:26 PM - System Checkpoint
    RP469: 4/16/2011 8:03:18 PM - System Checkpoint
    RP470: 4/17/2011 8:25:09 PM - System Checkpoint
    RP471: 4/18/2011 9:15:28 PM - System Checkpoint
    RP472: 4/19/2011 10:10:26 PM - System Checkpoint
    RP473: 4/21/2011 12:12:28 PM - System Checkpoint
    RP474: 4/22/2011 12:33:44 PM - System Checkpoint
    RP475: 4/23/2011 2:16:37 PM - System Checkpoint
    RP476: 4/24/2011 3:55:37 PM - System Checkpoint
    RP477: 4/25/2011 4:20:46 PM - System Checkpoint
    RP478: 4/26/2011 5:05:15 PM - System Checkpoint
    RP479: 4/26/2011 10:28:29 PM - Avira AntiVir Personal - 4/26/2011 22:28
    RP480: 4/26/2011 10:49:44 PM - Avira AntiVir Premium - 4/26/2011 22:48
    RP481: 4/27/2011 2:33:08 PM - Installed ESET NOD32 Antivirus
    RP482: 4/28/2011 9:09:39 AM - Installed Windows Internet Explorer 8.
    RP483: 4/28/2011 9:34:15 AM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Creative Suite
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    CutePDF Writer 2.8
    Dropbox
    DVD Solution
    ESET NOD32 Antivirus
    Facebook Plug-In
    FormViewer
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HotSPOT Client 2009
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 2170 series
    hp psc 2170 series
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Kelly Slater's Pro Surfer(tm)
    Malwarebytes' Anti-Malware
    Memeo Instant Backup
    Memeo Send
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server Desktop Engine (ALAMODE)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Launcher
    Nero OEM
    NVIDIA Drivers
    Opera 11.10
    PDF-XChange 3
    PowerDVD
    PowerProducer
    QuickTime
    RemoveIT Pro v4 - SE
    Safari
    Seagate Dashboard
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sony USB Driver
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Watchtower Library 2010 - English
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    ZoneAlarm
    ZoneAlarm Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/28/2011 8:23:00 AM, error: Service Control Manager [7009]  - Timeout (120000 milliseconds) waiting for the MSSQL$ALAMODE service to connect.
    4/28/2011 8:23:00 AM, error: Service Control Manager [7009]  - Timeout (120000 milliseconds) waiting for the Java Quick Starter service to connect.
    4/28/2011 8:23:00 AM, error: Service Control Manager [7000]  - The MSSQL$ALAMODE service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    4/28/2011 8:23:00 AM, error: Service Control Manager [7000]  - The Java Quick Starter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    4/27/2011 2:51:47 PM, error: Service Control Manager [7038]  - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    4/27/2011 2:51:47 PM, error: Service Control Manager [7000]  - The SSDP Discovery Service service failed to start due to the following error:  The service did not start due to a logon failure.
    4/27/2011 2:51:44 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
    4/27/2011 2:26:20 PM, error: Service Control Manager [7000]  - The avgntflt service failed to start due to the following error:  The system cannot find the file specified.
    4/26/2011 10:35:35 PM, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    4/26/2011 10:35:35 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    4/26/2011 10:35:35 PM, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    4/26/2011 10:27:30 PM, error: System Error [1003]  - Error code 10000050, parameter1 ffffffe8, parameter2 00000001, parameter3 805266ca, parameter4 00000000.
    4/24/2011 3:40:57 PM, error: Service Control Manager [7000]  - The Wpastubkdh service failed to start due to the following error:  The system cannot find the file specified.
    4/24/2011 3:40:57 PM, error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================

    Offline K27

    • Malware Removal Staff
    • Gold Member
    • Posts: 2342
      • Go Good IT Solutions
    Hi,

    Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





    • If an infected file is detected, the default action will be Cure, click on Continue.





    • If a suspicious file is detected, the default action will be Skip, click on Continue.





    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    Please post the TDSSKiller log back for review

    Thanks
    SpywareHammer - Knowledgebase

    The internet is the new age battle of the old age clash between good and evil

    Offline aaronski

    • Bronze Member
    • Posts: 25
    2011/04/28 17:08:12.0500 3196   TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/28 17:08:14.0500 3196   ================================================================================
    2011/04/28 17:08:14.0500 3196   SystemInfo:
    2011/04/28 17:08:14.0500 3196   
    2011/04/28 17:08:14.0500 3196   OS Version: 5.1.2600 ServicePack: 3.0
    2011/04/28 17:08:14.0500 3196   Product type: Workstation
    2011/04/28 17:08:14.0500 3196   ComputerName: ROSS-0C2442AC03
    2011/04/28 17:08:14.0500 3196   UserName: Home
    2011/04/28 17:08:14.0500 3196   Windows directory: C:\WINDOWS
    2011/04/28 17:08:14.0500 3196   System windows directory: C:\WINDOWS
    2011/04/28 17:08:14.0500 3196   Processor architecture: Intel x86
    2011/04/28 17:08:14.0500 3196   Number of processors: 2
    2011/04/28 17:08:14.0500 3196   Page size: 0x1000
    2011/04/28 17:08:14.0500 3196   Boot type: Normal boot
    2011/04/28 17:08:14.0500 3196   ================================================================================
    2011/04/28 17:08:14.0750 3196   !crdlk
    2011/04/28 17:08:14.0781 3196   Initialize success
    2011/04/28 17:13:31.0375 3488   ================================================================================
    2011/04/28 17:13:31.0375 3488   Scan started
    2011/04/28 17:13:31.0375 3488   Mode: Manual;
    2011/04/28 17:13:31.0375 3488   ================================================================================
    2011/04/28 17:13:32.0062 3488   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/04/28 17:13:32.0109 3488   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/04/28 17:13:32.0156 3488   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/04/28 17:13:32.0187 3488   AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/04/28 17:13:32.0296 3488   ALCXWDM         (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2011/04/28 17:13:32.0500 3488   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/04/28 17:13:32.0515 3488   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/04/28 17:13:32.0562 3488   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/04/28 17:13:32.0609 3488   Atmss$a         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\drivers\audstub.sys
    2011/04/28 17:13:32.0625 3488   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/04/28 17:13:32.0656 3488   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/04/28 17:13:32.0703 3488   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/04/28 17:13:32.0734 3488   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/04/28 17:13:32.0750 3488   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/04/28 17:13:32.0781 3488   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/04/28 17:13:32.0906 3488   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/04/28 17:13:32.0968 3488   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/04/28 17:13:33.0109 3488   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/04/28 17:13:33.0125 3488   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/04/28 17:13:33.0171 3488   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/04/28 17:13:33.0218 3488   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/04/28 17:13:33.0265 3488   eamon           (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
    2011/04/28 17:13:33.0312 3488   ehdrv           (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    2011/04/28 17:13:33.0359 3488   epfwtdir        (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    2011/04/28 17:13:33.0421 3488   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/04/28 17:13:33.0453 3488   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/04/28 17:13:33.0468 3488   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/04/28 17:13:33.0484 3488   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/04/28 17:13:33.0515 3488   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/04/28 17:13:33.0546 3488   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/04/28 17:13:33.0562 3488   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/04/28 17:13:33.0609 3488   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/28 17:13:33.0640 3488   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/04/28 17:13:33.0671 3488   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/04/28 17:13:33.0734 3488   HPZid412        (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/04/28 17:13:33.0750 3488   HPZipr12        (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/04/28 17:13:33.0765 3488   HPZius12        (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/04/28 17:13:33.0796 3488   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/04/28 17:13:33.0890 3488   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/04/28 17:13:33.0937 3488   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/04/28 17:13:34.0125 3488   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/04/28 17:13:34.0171 3488   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/04/28 17:13:34.0187 3488   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/04/28 17:13:34.0218 3488   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/04/28 17:13:34.0250 3488   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/04/28 17:13:34.0281 3488   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/04/28 17:13:34.0328 3488   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/04/28 17:13:34.0406 3488   ISWKL           (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    2011/04/28 17:13:34.0453 3488   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/04/28 17:13:34.0484 3488   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/04/28 17:13:34.0515 3488   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/04/28 17:13:34.0593 3488   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/04/28 17:13:34.0625 3488   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/04/28 17:13:34.0656 3488   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/04/28 17:13:34.0687 3488   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/04/28 17:13:34.0703 3488   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/04/28 17:13:34.0734 3488   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/04/28 17:13:34.0781 3488   MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/04/28 17:13:34.0812 3488   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/04/28 17:13:34.0843 3488   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/04/28 17:13:34.0859 3488   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/04/28 17:13:34.0875 3488   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/04/28 17:13:34.0906 3488   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/04/28 17:13:34.0921 3488   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/04/28 17:13:34.0953 3488   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/04/28 17:13:34.0984 3488   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/04/28 17:13:35.0031 3488   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/04/28 17:13:35.0031 3488   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/04/28 17:13:35.0093 3488   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/04/28 17:13:35.0109 3488   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/04/28 17:13:35.0125 3488   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/04/28 17:13:35.0156 3488   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/04/28 17:13:35.0203 3488   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/04/28 17:13:35.0250 3488   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/04/28 17:13:35.0390 3488   nv              (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/04/28 17:13:35.0531 3488   nvata           (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
    2011/04/28 17:13:35.0562 3488   NVENETFD        (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    2011/04/28 17:13:35.0578 3488   nvnetbus        (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    2011/04/28 17:13:35.0609 3488   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/04/28 17:13:35.0625 3488   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/04/28 17:13:35.0671 3488   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/04/28 17:13:35.0687 3488   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/04/28 17:13:35.0718 3488   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/04/28 17:13:35.0750 3488   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/04/28 17:13:35.0796 3488   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/04/28 17:13:35.0843 3488   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/04/28 17:13:36.0062 3488   pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    2011/04/28 17:13:36.0109 3488   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/04/28 17:13:36.0125 3488   Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/04/28 17:13:36.0140 3488   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/04/28 17:13:36.0187 3488   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/04/28 17:13:36.0343 3488   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/04/28 17:13:36.0359 3488   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/04/28 17:13:36.0390 3488   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/04/28 17:13:36.0406 3488   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/04/28 17:13:36.0453 3488   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/04/28 17:13:36.0468 3488   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/04/28 17:13:36.0500 3488   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/04/28 17:13:36.0546 3488   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/04/28 17:13:36.0593 3488   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/04/28 17:13:36.0625 3488   ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/04/28 17:13:36.0687 3488   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/04/28 17:13:36.0734 3488   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/04/28 17:13:36.0750 3488   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/04/28 17:13:36.0781 3488   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/04/28 17:13:36.0859 3488   SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2011/04/28 17:13:36.0921 3488   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/04/28 17:13:36.0968 3488   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/04/28 17:13:37.0031 3488   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/04/28 17:13:37.0078 3488   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/04/28 17:13:37.0109 3488   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/04/28 17:13:37.0250 3488   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/04/28 17:13:37.0296 3488   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/04/28 17:13:37.0343 3488   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/04/28 17:13:37.0359 3488   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/04/28 17:13:37.0390 3488   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/04/28 17:13:37.0468 3488   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/04/28 17:13:37.0515 3488   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/04/28 17:13:37.0578 3488   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/04/28 17:13:37.0609 3488   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/04/28 17:13:37.0625 3488   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/04/28 17:13:37.0640 3488   usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/04/28 17:13:37.0671 3488   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/04/28 17:13:37.0703 3488   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/04/28 17:13:37.0734 3488   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/04/28 17:13:37.0781 3488   usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    2011/04/28 17:13:37.0812 3488   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/04/28 17:13:37.0859 3488   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/04/28 17:13:37.0937 3488   vsdatant        (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
    2011/04/28 17:13:38.0015 3488   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/04/28 17:13:38.0062 3488   WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    2011/04/28 17:13:38.0109 3488   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/04/28 17:13:38.0203 3488   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/04/28 17:13:38.0265 3488   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/04/28 17:13:38.0296 3488   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/04/28 17:13:38.0375 3488   ================================================================================
    2011/04/28 17:13:38.0375 3488   Scan finished
    2011/04/28 17:13:38.0375 3488   ================================================================================
    2011/04/28 17:14:02.0203 2640   ================================================================================
    2011/04/28 17:14:02.0203 2640   Scan started
    2011/04/28 17:14:02.0203 2640   Mode: Manual;
    2011/04/28 17:14:02.0203 2640   ================================================================================
    2011/04/28 17:14:02.0500 2640   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/04/28 17:14:02.0546 2640   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/04/28 17:14:02.0609 2640   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/04/28 17:14:02.0656 2640   AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/04/28 17:14:02.0781 2640   ALCXWDM         (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2011/04/28 17:14:03.0015 2640   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/04/28 17:14:03.0046 2640   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/04/28 17:14:03.0109 2640   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/04/28 17:14:03.0156 2640   Atmss$a         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\drivers\audstub.sys
    2011/04/28 17:14:03.0171 2640   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/04/28 17:14:03.0203 2640   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/04/28 17:14:03.0234 2640   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/04/28 17:14:03.0265 2640   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/04/28 17:14:03.0296 2640   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/04/28 17:14:03.0312 2640   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/04/28 17:14:03.0500 2640   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/04/28 17:14:03.0562 2640   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/04/28 17:14:03.0609 2640   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/04/28 17:14:03.0640 2640   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/04/28 17:14:03.0687 2640   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/04/28 17:14:03.0750 2640   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/04/28 17:14:03.0796 2640   eamon           (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
    2011/04/28 17:14:03.0843 2640   ehdrv           (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    2011/04/28 17:14:03.0875 2640   epfwtdir        (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    2011/04/28 17:14:03.0906 2640   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/04/28 17:14:03.0953 2640   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/04/28 17:14:03.0968 2640   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/04/28 17:14:03.0984 2640   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/04/28 17:14:04.0015 2640   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/04/28 17:14:04.0046 2640   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/04/28 17:14:04.0062 2640   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/04/28 17:14:04.0109 2640   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/28 17:14:04.0140 2640   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/04/28 17:14:04.0187 2640   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/04/28 17:14:04.0250 2640   HPZid412        (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/04/28 17:14:04.0281 2640   HPZipr12        (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/04/28 17:14:04.0296 2640   HPZius12        (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/04/28 17:14:04.0359 2640   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/04/28 17:14:04.0437 2640   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/04/28 17:14:04.0468 2640   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/04/28 17:14:04.0546 2640   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/04/28 17:14:04.0578 2640   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/04/28 17:14:04.0593 2640   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/04/28 17:14:04.0625 2640   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/04/28 17:14:04.0656 2640   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/04/28 17:14:04.0687 2640   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/04/28 17:14:04.0734 2640   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/04/28 17:14:04.0812 2640   ISWKL           (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    2011/04/28 17:14:04.0843 2640   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/04/28 17:14:04.0890 2640   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/04/28 17:14:04.0906 2640   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/04/28 17:14:05.0000 2640   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/04/28 17:14:05.0031 2640   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/04/28 17:14:05.0062 2640   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/04/28 17:14:05.0109 2640   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/04/28 17:14:05.0125 2640   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/04/28 17:14:05.0156 2640   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/04/28 17:14:05.0203 2640   MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/04/28 17:14:05.0234 2640   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/04/28 17:14:05.0281 2640   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/04/28 17:14:05.0328 2640   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/04/28 17:14:05.0343 2640   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/04/28 17:14:05.0359 2640   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/04/28 17:14:05.0375 2640   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/04/28 17:14:05.0406 2640   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/04/28 17:14:05.0421 2640   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/04/28 17:14:05.0468 2640   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/04/28 17:14:05.0468 2640   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/04/28 17:14:05.0500 2640   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/04/28 17:14:05.0515 2640   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/04/28 17:14:05.0531 2640   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/04/28 17:14:05.0562 2640   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/04/28 17:14:05.0609 2640   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/04/28 17:14:05.0656 2640   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/04/28 17:14:05.0781 2640   nv              (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/04/28 17:14:05.0843 2640   nvata           (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
    2011/04/28 17:14:05.0859 2640   NVENETFD        (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    2011/04/28 17:14:05.0890 2640   nvnetbus        (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    2011/04/28 17:14:05.0921 2640   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/04/28 17:14:05.0937 2640   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/04/28 17:14:06.0000 2640   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/04/28 17:14:06.0015 2640   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/04/28 17:14:06.0046 2640   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/04/28 17:14:06.0093 2640   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/04/28 17:14:06.0125 2640   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/04/28 17:14:06.0156 2640   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/04/28 17:14:06.0296 2640   pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    2011/04/28 17:14:06.0328 2640   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/04/28 17:14:06.0343 2640   Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/04/28 17:14:06.0375 2640   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/04/28 17:14:06.0390 2640   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/04/28 17:14:06.0515 2640   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/04/28 17:14:06.0546 2640   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/04/28 17:14:06.0562 2640   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/04/28 17:14:06.0578 2640   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/04/28 17:14:06.0593 2640   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/04/28 17:14:06.0609 2640   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/04/28 17:14:06.0656 2640   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/04/28 17:14:06.0718 2640   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/04/28 17:14:06.0734 2640   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/04/28 17:14:06.0781 2640   ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/04/28 17:14:06.0843 2640   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/04/28 17:14:06.0875 2640   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/04/28 17:14:06.0906 2640   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/04/28 17:14:06.0921 2640   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/04/28 17:14:07.0000 2640   SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2011/04/28 17:14:07.0062 2640   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/04/28 17:14:07.0125 2640   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/04/28 17:14:07.0156 2640   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/04/28 17:14:07.0203 2640   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/04/28 17:14:07.0218 2640   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/04/28 17:14:07.0328 2640   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/04/28 17:14:07.0390 2640   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/04/28 17:14:07.0421 2640   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/04/28 17:14:07.0437 2640   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/04/28 17:14:07.0468 2640   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/04/28 17:14:07.0546 2640   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/04/28 17:14:07.0609 2640   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/04/28 17:14:07.0656 2640   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/04/28 17:14:07.0687 2640   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/04/28 17:14:07.0703 2640   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/04/28 17:14:07.0718 2640   usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/04/28 17:14:07.0750 2640   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/04/28 17:14:07.0781 2640   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/04/28 17:14:07.0812 2640   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/04/28 17:14:07.0843 2640   usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    2011/04/28 17:14:07.0875 2640   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/04/28 17:14:07.0937 2640   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/04/28 17:14:08.0031 2640   vsdatant        (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
    2011/04/28 17:14:08.0078 2640   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/04/28 17:14:08.0125 2640   WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    2011/04/28 17:14:08.0171 2640   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/04/28 17:14:08.0265 2640   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/04/28 17:14:08.0328 2640   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/04/28 17:14:08.0359 2640   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/04/28 17:14:08.0453 2640   ================================================================================
    2011/04/28 17:14:08.0453 2640   Scan finished
    2011/04/28 17:14:08.0453 2640   ================================================================================

    Offline K27

    • Malware Removal Staff
    • Gold Member
    • Posts: 2342
      • Go Good IT Solutions
    Please post a fresh set of DDS logs.

    Thanks.
    SpywareHammer - Knowledgebase

    The internet is the new age battle of the old age clash between good and evil

    Offline aaronski

    • Bronze Member
    • Posts: 25
    Hi K27,

    OK just ran new DDS logs. Will be leaving for work here at around 8:30 pst so if you ask me to do anything else after that I won't be able to do it till after I get home around 5 pm. Thank you again. Still having browser redirects and my antivirus is periodically showing blocking contact to an unknown server.


    .
    DDS (Ver_11-03-05.01) - NTFSx86 
    Run by Home at  7:17:45.46 on Fri 04/29/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.311 [GMT -7:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\a la mode\Sched\eSched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    svchost.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files\Opera\opera.exe
    C:\Documents and Settings\Home\Desktop\Virus Stuff\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uWindow Title = Windows Internet Explorer provided by MSN & Bing
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [The Assistant] c:\program files\a la mode\sched\eSched.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent
    mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    StartupFolder: c:\docume~1\home\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\home\application data\leadertech\powerregister\Seagate Product Registration.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: AuGen - hxxp://alchemyweb.city.newport-beach.ca.us/alchemyweb/Components/AuGen.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file:///D:/components/Liquid.ocx
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} - file:///C:/a%20la%20mode/WinTOTAL/Content/cabs/alaWeb5.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-27 532224]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824]
    R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlservr.exe [2005-5-4 9150464]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-21 136176]
    S3 Atmss$a;Atmss$a;c:\windows\system32\drivers\audstub.sys [2009-12-3 3072]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-21 136176]
    S3 Rsiot0uadhww;Rsiot0uadhww;

    S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlagent.EXE [2005-5-3 323584]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 Wpastubkdh;Wpastubkdh;

    .
    =============== Created Last 30 ================
    .
    2011-04-28 18:50:06   --------   d-----w-   c:\docume~1\home\locals~1\applic~1\ESET
    2011-04-28 17:30:02   709456   ----a-w-   c:\windows\isRS-000.tmp
    2011-04-28 16:34:17   388096   ----a-r-   c:\docume~1\home\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-04-28 16:34:16   --------   d-----w-   c:\program files\Trend Micro
    2011-04-28 16:09:15   --------   dc-h--w-   c:\windows\ie8
    2011-04-28 15:32:27   --------   d-----w-   c:\docume~1\home\applic~1\RegistryKeys
    2011-04-28 05:43:00   --------   d-----w-   c:\program files\InCode Solutions
    2011-04-27 22:07:31   --------   d-----w-   c:\windows\Internet Logs
    2011-04-27 21:45:09   --------   d--h--w-   c:\windows\msdownld.tmp
    2011-04-27 21:33:12   --------   d-----w-   c:\program files\ESET
    2011-04-27 21:09:28   --------   d-----w-   c:\program files\CCleaner
    2011-04-27 07:23:48   --------   d-----w-   c:\windows\system32\NtmsData
    2011-04-27 05:49:44   --------   d-----w-   c:\program files\Avira
    2011-04-27 05:49:44   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Avira
    2011-04-27 02:41:27   --------   d-----w-   c:\program files\iPod
    2011-04-27 02:41:23   --------   d-----w-   c:\program files\iTunes
    2011-04-27 02:38:00   --------   d-----w-   c:\program files\Bonjour
    2011-04-14 00:19:13   --------   d-----w-   c:\program files\Watchtower
    2011-04-06 23:20:16   91424   ----a-w-   c:\windows\system32\dnssd.dll
    2011-04-06 23:20:16   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
    2011-04-06 23:20:16   197920   ----a-w-   c:\windows\system32\dnssdX.dll
    2011-04-06 23:20:16   107808   ----a-w-   c:\windows\system32\dns-sd.exe
    .
    ==================== Find3M  ====================
    .
    2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
    2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
    2011-02-24 21:08:22   3735552   ----a-w-   c:\windows\system32\alarpt5.ocx
    2011-02-19 00:28:28   1238528   ----a-w-   c:\windows\system32\zpeng25.dll
    2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52   270848   ----a-w-   c:\windows\system32\sbe.dll
    2011-02-09 13:53:52   186880   ----a-w-   c:\windows\system32\encdec.dll
    2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
    2011-02-02 07:58:35   2067456   ----a-w-   c:\windows\system32\mstscax.dll
    2011-02-01 19:15:10   1451336   ----a-w-   c:\windows\system32\wtfiles.dll
    .
    =================== ROOTKIT  ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3250410AS rev.3.AAA -> Harddisk0\DR0 -> \Device\00000626
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D6E4F0]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d747d0]; MOV EAX, [0x89d7484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D4EAB8]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89D02F18]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89D4E030]
    \Driver\nvata[0x89D50C98] -> IRP_MJ_CREATE -> 0x89D6E4F0
    error: Read  Incorrect function.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
    detected disk devices:
    \Device\00000060 -> \??\IDE#DiskST3250410AS_____________________________3.AAA___#2020202020202020202020205235305956374131#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH:  7:19:18.89 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/3/2009 3:05:32 PM
    System Uptime: 4/28/2011 10:33:55 AM (21 hours ago)
    .
    Motherboard: MSI |  | MS-7310
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | CPU 1 | 2211/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 233 GiB total, 131.494 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&2FF81D47&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&2FF81D47&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP403: 1/29/2011 11:35:51 PM - System Checkpoint
    RP404: 1/30/2011 11:56:55 PM - System Checkpoint
    RP405: 2/1/2011 12:36:29 PM - System Checkpoint
    RP406: 2/2/2011 2:32:27 PM - System Checkpoint
    RP407: 2/3/2011 3:32:22 PM - System Checkpoint
    RP408: 2/4/2011 3:57:36 PM - System Checkpoint
    RP409: 2/5/2011 4:08:23 PM - System Checkpoint
    RP410: 2/5/2011 5:44:59 PM - Removed Opera 11.00.
    RP411: 2/6/2011 6:25:49 PM - System Checkpoint
    RP412: 2/7/2011 7:24:24 PM - System Checkpoint
    RP413: 2/8/2011 8:58:11 PM - System Checkpoint
    RP414: 2/9/2011 9:38:22 PM - System Checkpoint
    RP415: 2/9/2011 11:38:05 PM - Software Distribution Service 3.0
    RP416: 2/10/2011 11:55:05 PM - System Checkpoint
    RP417: 2/12/2011 9:27:06 AM - System Checkpoint
    RP418: 2/13/2011 12:56:48 PM - System Checkpoint
    RP419: 2/14/2011 3:54:59 PM - System Checkpoint
    RP420: 2/15/2011 5:07:42 PM - System Checkpoint
    RP421: 2/18/2011 8:23:10 PM - System Checkpoint
    RP422: 2/24/2011 11:35:10 AM - System Checkpoint
    RP423: 2/25/2011 11:36:00 AM - System Checkpoint
    RP424: 2/26/2011 1:13:12 PM - System Checkpoint
    RP425: 2/27/2011 1:14:30 PM - System Checkpoint
    RP426: 2/28/2011 2:47:33 PM - System Checkpoint
    RP427: 3/1/2011 2:55:52 PM - System Checkpoint
    RP428: 3/2/2011 8:05:01 PM - System Checkpoint
    RP429: 3/3/2011 9:01:25 PM - System Checkpoint
    RP430: 3/4/2011 9:23:01 PM - System Checkpoint
    RP431: 3/5/2011 9:41:53 PM - System Checkpoint
    RP432: 3/7/2011 9:43:12 AM - System Checkpoint
    RP433: 3/8/2011 10:02:44 AM - System Checkpoint
    RP434: 3/9/2011 11:20:22 PM - System Checkpoint
    RP435: 3/10/2011 3:00:12 AM - Software Distribution Service 3.0
    RP436: 3/12/2011 1:01:59 PM - System Checkpoint
    RP437: 3/13/2011 3:42:14 PM - System Checkpoint
    RP438: 3/14/2011 4:04:37 PM - System Checkpoint
    RP439: 3/16/2011 8:32:41 AM - System Checkpoint
    RP440: 3/16/2011 11:44:28 PM - Software Distribution Service 3.0
    RP441: 3/18/2011 12:30:52 AM - System Checkpoint
    RP442: 3/19/2011 12:46:53 PM - System Checkpoint
    RP443: 3/20/2011 1:09:58 PM - System Checkpoint
    RP444: 3/21/2011 1:55:50 PM - System Checkpoint
    RP445: 3/22/2011 8:49:38 AM - Removed Bonjour
    RP446: 3/23/2011 9:25:49 AM - System Checkpoint
    RP447: 3/24/2011 12:05:37 PM - System Checkpoint
    RP448: 3/25/2011 1:21:23 AM - Software Distribution Service 3.0
    RP449: 3/27/2011 3:38:54 PM - System Checkpoint
    RP450: 3/28/2011 3:49:11 PM - System Checkpoint
    RP451: 3/29/2011 4:39:18 PM - System Checkpoint
    RP452: 3/30/2011 5:09:15 PM - System Checkpoint
    RP453: 3/30/2011 8:25:46 PM - Removed Adobe Reader 9.4.3.
    RP454: 3/30/2011 8:25:58 PM - Installed Adobe Reader X (10.0.1).
    RP455: 3/31/2011 9:18:00 PM - System Checkpoint
    RP456: 4/1/2011 10:01:41 PM - System Checkpoint
    RP457: 4/2/2011 10:16:39 PM - System Checkpoint
    RP458: 4/3/2011 11:02:03 PM - System Checkpoint
    RP459: 4/4/2011 11:15:20 PM - System Checkpoint
    RP460: 4/5/2011 11:34:07 PM - System Checkpoint
    RP461: 4/7/2011 12:29:58 AM - System Checkpoint
    RP462: 4/9/2011 6:30:45 PM - System Checkpoint
    RP463: 4/10/2011 6:48:18 PM - System Checkpoint
    RP464: 4/11/2011 6:59:18 PM - System Checkpoint
    RP465: 4/12/2011 7:04:25 PM - System Checkpoint
    RP466: 4/13/2011 5:01:31 PM - Software Distribution Service 3.0
    RP467: 4/14/2011 5:43:25 PM - System Checkpoint
    RP468: 4/15/2011 7:46:26 PM - System Checkpoint
    RP469: 4/16/2011 8:03:18 PM - System Checkpoint
    RP470: 4/17/2011 8:25:09 PM - System Checkpoint
    RP471: 4/18/2011 9:15:28 PM - System Checkpoint
    RP472: 4/19/2011 10:10:26 PM - System Checkpoint
    RP473: 4/21/2011 12:12:28 PM - System Checkpoint
    RP474: 4/22/2011 12:33:44 PM - System Checkpoint
    RP475: 4/23/2011 2:16:37 PM - System Checkpoint
    RP476: 4/24/2011 3:55:37 PM - System Checkpoint
    RP477: 4/25/2011 4:20:46 PM - System Checkpoint
    RP478: 4/26/2011 5:05:15 PM - System Checkpoint
    RP479: 4/26/2011 10:28:29 PM - Avira AntiVir Personal - 4/26/2011 22:28
    RP480: 4/26/2011 10:49:44 PM - Avira AntiVir Premium - 4/26/2011 22:48
    RP481: 4/27/2011 2:33:08 PM - Installed ESET NOD32 Antivirus
    RP482: 4/28/2011 9:09:39 AM - Installed Windows Internet Explorer 8.
    RP483: 4/28/2011 9:34:15 AM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Creative Suite
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    CutePDF Writer 2.8
    Dropbox
    DVD Solution
    ESET NOD32 Antivirus
    Facebook Plug-In
    FormViewer
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HotSPOT Client 2009
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 2170 series
    hp psc 2170 series
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Kelly Slater's Pro Surfer(tm)
    Malwarebytes' Anti-Malware
    Memeo Instant Backup
    Memeo Send
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server Desktop Engine (ALAMODE)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Launcher
    Nero OEM
    NVIDIA Drivers
    Opera 11.10
    PDF-XChange 3
    PowerDVD
    PowerProducer
    QuickTime
    RemoveIT Pro v4 - SE
    Safari
    Seagate Dashboard
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sony USB Driver
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Watchtower Library 2010 - English
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    ZoneAlarm
    ZoneAlarm Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/28/2011 8:23:00 AM, error: Service Control Manager [7009]  - Timeout (120000 milliseconds) waiting for the MSSQL$ALAMODE service to connect.
    4/28/2011 8:23:00 AM, error: Service Control Manager [7009]  - Timeout (120000 milliseconds) waiting for the Java Quick Starter service to connect.
    4/28/2011 8:23:00 AM, error: Service Control Manager [7000]  - The MSSQL$ALAMODE service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    4/28/2011 8:23:00 AM, error: Service Control Manager [7000]  - The Java Quick Starter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    4/27/2011 2:51:47 PM, error: Service Control Manager [7038]  - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    4/27/2011 2:51:47 PM, error: Service Control Manager [7000]  - The SSDP Discovery Service service failed to start due to the following error:  The service did not start due to a logon failure.
    4/27/2011 2:51:44 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
    4/27/2011 2:26:20 PM, error: Service Control Manager [7000]  - The avgntflt service failed to start due to the following error:  The system cannot find the file specified.
    4/26/2011 10:35:35 PM, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    4/26/2011 10:35:35 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    4/26/2011 10:35:35 PM, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    4/26/2011 10:27:30 PM, error: System Error [1003]  - Error code 10000050, parameter1 ffffffe8, parameter2 00000001, parameter3 805266ca, parameter4 00000000.
    4/24/2011 3:40:57 PM, error: Service Control Manager [7000]  - The Wpastubkdh service failed to start due to the following error:  The system cannot find the file specified.
    4/24/2011 3:40:57 PM, error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================


    Offline K27

    • Malware Removal Staff
    • Gold Member
    • Posts: 2342
      • Go Good IT Solutions
    Hi,

    The Rootkit is still active, hence the redirects. It is like TDSSKiller did not even see it.




    Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
    Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

    ComboFix MUST be saved to your desktop before running the tool

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    When prompted to install the recovery console please make sure to do so as this is a VERY IMPORTANT backup of ComboFix (XP only, Vista/Windows 7 will NOT be propmted to install the recovery console)

    You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run ComboFix,
    Post back and we will install it manually.

    DO NOT mouse click when ComboFix is running as this will cause ComboFix to Stall and it will not work as it should

    EXTRA NOTES:
    • If Combofix detects a Rootkit on the system it will give a warning and prompt for a reboot, please allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for a few minutes on reboot, this is normal
    • On some Vista machines, after running Combofix, you may receive a warning message about registry key's being listed for deletion, when trying to open certain programs. Please reboot the system and this will fix the issue (These certain items will not be deleted)


    Please include the C:\ComboFix.txt in your next reply for further review.

    Thanks,
    K27.
    SpywareHammer - Knowledgebase

    The internet is the new age battle of the old age clash between good and evil

    Offline aaronski

    • Bronze Member
    • Posts: 25
    Hello K27,

    So I ran the ComboFix as directed. All appeared to run and complete. Here is the log below. I don't know what I'm looking at in these logs but I did notice this as you'll see  - "possible TDL3 rootkit infection". However, Combofix never tried to reboot. Thank you again for your help.

    ComboFix 11-04-29.02 - Home 04/29/2011  23:33:03.1.2 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1214 [GMT -7:00]
    Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Home\Application Data\PriceGong
    c:\documents and settings\Home\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Home\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Home\My Documents\DPE.DUS
    .
    .
    (((((((((((((((((((((((((   Files Created from 2011-03-28 to 2011-04-30  )))))))))))))))))))))))))))))))
    .
    .
    2011-04-30 06:26 . 2011-04-30 06:27   --------   d-----w-   C:\32788R22FWJFW
    2011-04-29 12:48 . 2011-04-29 12:48   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2011-04-29 12:48 . 2011-04-29 12:48   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-04-28 18:50 . 2011-04-28 18:50   --------   d-----w-   c:\documents and settings\Home\Local Settings\Application Data\ESET
    2011-04-28 18:38 . 2011-04-28 18:38   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-04-28 16:34 . 2011-04-28 16:34   388096   ----a-r-   c:\documents and settings\Home\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-28 16:34 . 2011-04-28 16:34   --------   d-----w-   c:\program files\Trend Micro
    2011-04-28 16:09 . 2011-04-28 16:10   --------   dc-h--w-   c:\windows\ie8
    2011-04-28 15:32 . 2011-04-28 15:32   --------   d-----w-   c:\documents and settings\Home\Application Data\RegistryKeys
    2011-04-28 05:43 . 2011-04-28 05:43   --------   d-----w-   c:\program files\InCode Solutions
    2011-04-27 22:07 . 2011-04-30 06:46   --------   d-----w-   c:\windows\Internet Logs
    2011-04-27 21:45 . 2011-04-28 16:10   --------   d--h--w-   c:\windows\msdownld.tmp
    2011-04-27 21:33 . 2011-04-27 21:33   --------   d-----w-   c:\program files\ESET
    2011-04-27 21:33 . 2011-04-27 21:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\ESET
    2011-04-27 21:09 . 2011-04-28 16:02   --------   d-----w-   c:\program files\CCleaner
    2011-04-27 07:23 . 2011-04-27 17:05   --------   d-----w-   c:\windows\system32\NtmsData
    2011-04-27 05:49 . 2011-04-27 21:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
    2011-04-27 05:49 . 2011-04-27 05:49   --------   d-----w-   c:\program files\Avira
    2011-04-27 02:41 . 2011-04-27 02:41   --------   d-----w-   c:\program files\iPod
    2011-04-27 02:41 . 2011-04-27 02:41   --------   d-----w-   c:\program files\iTunes
    2011-04-27 02:38 . 2011-04-27 02:38   --------   d-----w-   c:\program files\Bonjour
    2011-04-27 02:07 . 2011-04-27 02:07   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple
    2011-04-14 00:19 . 2011-04-14 00:19   --------   d-----w-   c:\program files\Watchtower
    2011-04-06 23:20 . 2011-04-06 23:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
    2011-04-06 23:20 . 2011-04-06 23:20   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
    2011-04-06 23:20 . 2011-04-06 23:20   197920   ----a-w-   c:\windows\system32\dnssdX.dll
    2011-04-06 23:20 . 2011-04-06 23:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2009-12-03 23:01   692736   ----a-w-   c:\windows\system32\inetcomm.dll
    2011-03-03 13:21 . 2008-04-14 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
    2011-02-24 21:08 . 2009-12-05 02:18   3735552   ----a-w-   c:\windows\system32\alarpt5.ocx
    2011-02-17 13:18 . 2008-04-14 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2008-04-14 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-12-04 00:21   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2008-04-14 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2008-04-14 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-14 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2008-04-14 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2008-04-14 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
    2011-02-02 07:58 . 2009-12-03 23:00   2067456   ----a-w-   c:\windows\system32\mstscax.dll
    2011-02-01 19:15 . 2009-12-05 02:18   1451336   ----a-w-   c:\windows\system32\wtfiles.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    2010-12-01 19:27   2735200   ----a-w-   c:\program files\ZoneAlarm_Security\tbZone.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36   94208   ----a-w-   c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36   94208   ----a-w-   c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36   94208   ----a-w-   c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36   94208   ----a-w-   c:\documents and settings\Home\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-31 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
    "The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
    "Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-05 2219184]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-19 1043968]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
    .
    c:\documents and settings\Home\Start Menu\Programs\Startup\
    Seagate Product Registration.lnk - c:\documents and settings\Home\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [2010-12-7 1731736]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-8 110592]
    hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 19:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 19:50   155648   ----a-w-   c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-09-18 07:55   13574144   ----a-w-   c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-09-18 07:55   86016   ----a-w-   c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-09-18 07:55   1657376   ----a-w-   c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2003-12-09 01:35   32768   ----a-w-   c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2004-12-22 09:09   77824   ----a-w-   c:\windows\SOUNDMAN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
    "c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Documents and Settings\\Home\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 8:25 AM 26872]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 8:25 AM 488952]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 11:35 AM 25824]
    R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/4/2005 1:04 AM 9150464]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 7:47 AM 14088]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/21/2011 4:11 PM 136176]
    S3 Atmss$a;Atmss$a;c:\windows\system32\drivers\audstub.sys [12/3/2009 7:54 AM 3072]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/21/2011 4:11 PM 136176]
    S3 Rsiot0uadhww;Rsiot0uadhww;

    S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 10:42 PM 323584]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
    S3 Wpastubkdh;Wpastubkdh;

    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 23:11]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 23:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    DPF: AuGen - hxxp://alchemyweb.city.newport-beach.ca.us/alchemyweb/Components/AuGen.cab
    DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file:///D:/components/Liquid.ocx
    DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} - file:///C:/a%20la%20mode/WinTOTAL/Content/cabs/alaWeb5.CAB
    DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    AddRemove-{B97CF5C3-0487-11D8-A36E-0050BAE317E1} - c:\program files\Uninstall_CDS.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-29 23:46
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3250410AS rev.3.AAA -> Harddisk0\DR0 -> \Device\00000032
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D374F0]<<
    c:\docume~1\Home\LOCALS~1\Temp\catchme.sys 
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d3d7d0]; MOV EAX, [0x89d3d84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D7FAB8]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89DBBF18]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89D7F030]
    \Driver\nvata[0x89DBD9C0] -> IRP_MJ_CREATE -> 0x89D374F0
    error: Read  Incorrect function.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
    detected disk devices:
    \Device\00000060 -> \??\IDE#DiskST3250410AS_____________________________3.AAA___#2020202020202020202020205235305956374131#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(688)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'lsass.exe'(748)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    Completion time: 2011-04-29  23:50:13
    ComboFix-quarantined-files.txt  2011-04-30 06:50
    .
    Pre-Run: 139,868,864,512 bytes free
    Post-Run: 141,856,030,720 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 048E9E1A0C9511B1E1AB6F55F5B1378C


    Offline K27

    • Malware Removal Staff
    • Gold Member
    • Posts: 2342
      • Go Good IT Solutions
    Re: [In Progress] Prbrowser redirects, problems shutting down & starting up
    « Reply #10 on: April 30, 2011, 02:10:28 am »
    Hi,

    We need to get a Anti-Rootkit Scan done see we can see exactly what is happening.

    Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
    Next, please perform a rootkit scan:
    • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
    • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
    • When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
    • Leave your system completely idle while this longer scan is in progress.
    • When the scan is done,  save the scan log to the Windows clipboard
    • Open Notepad or a similar text editor
    • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
    • Exit the Program
    • Save the Scan log as ARK.txt and post it in your next reply.
    • Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.
    .
    If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.



    Please post the ARK report back for review.

    Thanks.
    SpywareHammer - Knowledgebase

    The internet is the new age battle of the old age clash between good and evil

    Offline aaronski

    • Bronze Member
    • Posts: 25
    Re: [In Progress] Prbrowser redirects, problems shutting down & starting up
    « Reply #11 on: April 30, 2011, 11:23:22 pm »
    Hi K27,

    Sorry but can you tell me where I'm supposed to download ARK folder you mention?

    Thanks!

    Offline K27

    • Malware Removal Staff
    • Gold Member
    • Posts: 2342
      • Go Good IT Solutions
    Hi,

    Sorry, my reply was missing a line.

    Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.
    SpywareHammer - Knowledgebase

    The internet is the new age battle of the old age clash between good and evil

    Offline aaronski

    • Bronze Member
    • Posts: 25
    K27,

    Tried pasting but it said I exceeded char. limit. I've attached the txt file.

    Offline K27

    • Malware Removal Staff
    • Gold Member
    • Posts: 2342
      • Go Good IT Solutions
    Hi,

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

    • Click the "Scan" button to start scan. 
    • Upon completion of the scan, click Save log, and save it to your desktop. ([COLOR="Navy"]Note - do not select any Fix at this time[/COLOR])
    • Please post the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat.  Right click that file and select Send To>Compressed (zipped) folder.  Please attach that zipped file in your next reply.

    Thanks.
    SpywareHammer - Knowledgebase

    The internet is the new age battle of the old age clash between good and evil