cclapper
2010-11-26, 04:40
evrytime i try and go to a website i get redirected
here is my dds log,
thanks in advance
DDS (Ver_10-11-26.01) - NTFSx86
Run by Chris at 21:33:02.64 on Thu 11/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1661 [GMT -5:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\dleecoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\lxdkcoms.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Tenable\Nessus\nessus-service.exe
C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Citrix\ICA Client\PNAMain.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FN9AUDCK\dds[1].scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [{1F657DEA-B6B7-5AFE-F160-110FD3DB438F}] c:\users\chris\appdata\roaming\gyohu\hued.exe
uRun: [uPc+kt0NcZaXms] rundll32.exe c:\windows\system32\hu7ifi.dll, SystemServer
uRun: [Mqqsc] c:\windows\drweb.exe
uRun: [uPc+kt0NYkZJsiv] rundll32.exe c:\windows\system32\d8jpu3zpe.dll, SystemServer
uRun: [Mqurb] c:\windows\taskmgr.exe
uRun: [Mqva] c:\windows\win.exe
uRun: [Mqqoc] c:\windows\debug.exe
uRun: [MqvPc] c:\windows\win32.exe
uRun: [MqrMc] c:\windows\gdi32.exe
uRun: [MqqZ] c:\windows\cmd.exe
uRun: [Lveehfngosf] c:\users\chris\appdata\local\temp\taskmgr.exe
uRun: [Lveehfngpta] c:\users\chris\appdata\local\temp\services.exe
uRun: [Lveehfngnb] c:\users\chris\appdata\local\temp\cmd.exe
uRun: [LveehfngM0ycis\AppData\Local\Temp\3433575231.exe] c:\users\chris\appdata\local\temp\3433575231.exe
uRun: [LveehfngM0ycis\AppData\Local\Temp\1345280333.exe] c:\users\chris\appdata\local\temp\1345280333.exe
uRun: [Lveehfngoe] c:\users\chris\appdata\local\temp\avp.exe
uRun: [Lveehfngoe0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\users\chris\appdata\local\temp\avp.exe
uRun: [Lveehfngoe0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] c:\users\chris\appdata\local\temp\avp.exe
uRun: [Lveehfngoe0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\users\chris\appdata\local\temp\avp.exe
uRun: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\cmd.exe
uRun: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] c:\windows\cmd.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MqmPgQQ] c:\windows\temp\i1zn3ta98.exe
mRun: [Bvukozuvovepur] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\utitaduxotoyeful.dll",Startup
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [MqmPjd] c:\windows\temp\tq9plu.exe
dRun: [Mkuwujecazuwipiq] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\geizior.dll",Startup
dRun: [MqmPgQQ] c:\windows\temp\i1zn3ta98.exe
dRunOnce: [nIkJn03100] c:\programdata\nikjn03100\nIkJn03100.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{7681a1a9-d865-4dc0-a319-41a49f5e78db}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: paradigmsi.com\crm
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {E31B6467-201E-4601-A023-0AE297563F8C} = 10.2.1.18
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Hosts: 10.2.1.67 psblaircrm02
================= FIREFOX ===================
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\92yzp8qx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wildblue.net/
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\92yzp8qx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\92yzp8qx.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\chris\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\92yzp8qx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {CA2B55BB-A05C-4827-A21F-938D27E5667C} - c:\windows\system32\config\systemprofile\appdata\local\{ca2b55bb-a05c-4827-a21f-938d27e5667c}\
============= SERVICES / DRIVERS ===============
R0 ZetSFD;Zetera Storage Class Filter Driver;c:\windows\system32\drivers\ZetSFD.sys [2009-7-17 13824]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-24 165584]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe [2009-7-15 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-24 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-24 40384]
R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe -service --> c:\windows\system32\lxdkcoms.exe -service [?]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-5 636144]
R2 TVService;TVService;c:\program files\team mediaportal\mediaportal tv server\TvService.exe [2010-10-1 196608]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-24 40384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-7-15 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-5 144128]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-7-15 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-7-15 271552]
R3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-12 38976]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-4-25 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-4-25 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-4-25 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-4-25 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-4-25 25704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca321445086810;Google Update Service (gupdate1ca321445086810);c:\program files\google\update\GoogleUpdate.exe [2009-9-10 133104]
S2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdkserv.exe [2009-9-5 99248]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-7-5 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-5 79360]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-5 40552]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\hwdiag\bin\pcd5srvc.pkms [2008-11-4 22904]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\verizon wireless\vzaccess manager\SMSIVZAM5.sys [2009-3-20 32408]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-7-5 79360]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2010-4-25 16896]
=============== Created Last 30 ================
2010-11-26 02:19:10 388096 ----a-r- c:\users\chris\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-26 02:19:10 -------- d-----w- c:\program files\Trend Micro
2010-11-26 02:12:52 -------- d-----w- c:\program files\FLAC to MP3 Converter
2010-11-25 04:56:54 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-25 04:56:49 38848 ----a-w- c:\windows\avastSS.scr
2010-11-25 04:56:47 -------- d-----w- c:\progra~2\Alwil Software
2010-11-25 02:56:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-25 02:56:47 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-25 02:56:13 -------- d-----w- c:\progra~2\Hitman Pro
2010-11-25 01:01:13 -------- d-----w- c:\progra~2\nIkJn03100
2010-11-25 01:00:39 -------- d-----w- c:\progra~2\WSTB
2010-11-24 14:16:20 -------- d-----w- c:\windows\pss
2010-11-24 13:38:10 -------- d-----w- c:\users\chris\appdata\roaming\Leeqi
2010-11-24 13:38:10 -------- d-----w- c:\users\chris\appdata\roaming\Gyohu
2010-11-24 13:36:43 30000 ----a-w- c:\windows\system32\xvafii3mw.dll
2010-11-24 03:25:57 -------- d-----w- c:\program files\whitesmoketoolbar
2010-11-24 02:18:39 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-20 18:29:50 -------- d-----w- C:\Music Label Databases
2010-11-20 18:29:28 -------- d-----w- c:\users\chris\appdata\roaming\Music Label
2010-11-20 18:28:58 -------- d-----w- c:\program files\Music Label 2010
2010-11-12 03:20:42 -------- d-----w- c:\program files\BitTorrent
2010-11-12 03:20:04 -------- d-----w- c:\users\chris\appdata\roaming\BitTorrent
2010-11-04 13:26:24 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-04 08:47:08 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e8b0a3b5-85b8-4418-8c2c-48a763efa8a6}\mpengine.dll
2010-11-04 06:09:20 -------- d-----w- c:\program files\TuneSleeve
2010-11-04 06:09:20 -------- d-----w- c:\progra~2\eSellerate
2010-10-31 15:22:12 -------- d-----w- c:\program files\iTunes
2010-10-31 15:22:12 -------- d-----w- c:\program files\iPod
2010-10-31 15:22:12 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-31 15:16:10 -------- d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST950032 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87230446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87236504]; MOV EAX, [0x87236580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E4F458] -> \Device\Harddisk0\DR0[0x864C87C8]
3 CLASSPNP[0x8CA9D59E] -> ntkrnlpa!IofCallDriver[0x82E4F458] -> [0x86461548]
\Driver\iaStor[0x85B651D8] -> IRP_MJ_CREATE -> 0x87230446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9500325AS_____________________________0003DEM1#4&17df1b88&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 21:33:48.56 ===============
here is my dds log,
thanks in advance
DDS (Ver_10-11-26.01) - NTFSx86
Run by Chris at 21:33:02.64 on Thu 11/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1661 [GMT -5:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\dleecoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\lxdkcoms.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Tenable\Nessus\nessus-service.exe
C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Citrix\ICA Client\PNAMain.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FN9AUDCK\dds[1].scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [{1F657DEA-B6B7-5AFE-F160-110FD3DB438F}] c:\users\chris\appdata\roaming\gyohu\hued.exe
uRun: [uPc+kt0NcZaXms] rundll32.exe c:\windows\system32\hu7ifi.dll, SystemServer
uRun: [Mqqsc] c:\windows\drweb.exe
uRun: [uPc+kt0NYkZJsiv] rundll32.exe c:\windows\system32\d8jpu3zpe.dll, SystemServer
uRun: [Mqurb] c:\windows\taskmgr.exe
uRun: [Mqva] c:\windows\win.exe
uRun: [Mqqoc] c:\windows\debug.exe
uRun: [MqvPc] c:\windows\win32.exe
uRun: [MqrMc] c:\windows\gdi32.exe
uRun: [MqqZ] c:\windows\cmd.exe
uRun: [Lveehfngosf] c:\users\chris\appdata\local\temp\taskmgr.exe
uRun: [Lveehfngpta] c:\users\chris\appdata\local\temp\services.exe
uRun: [Lveehfngnb] c:\users\chris\appdata\local\temp\cmd.exe
uRun: [LveehfngM0ycis\AppData\Local\Temp\3433575231.exe] c:\users\chris\appdata\local\temp\3433575231.exe
uRun: [LveehfngM0ycis\AppData\Local\Temp\1345280333.exe] c:\users\chris\appdata\local\temp\1345280333.exe
uRun: [Lveehfngoe] c:\users\chris\appdata\local\temp\avp.exe
uRun: [Lveehfngoe0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\users\chris\appdata\local\temp\avp.exe
uRun: [Lveehfngoe0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] c:\users\chris\appdata\local\temp\avp.exe
uRun: [Lveehfngoe0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\users\chris\appdata\local\temp\avp.exe
uRun: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\cmd.exe
uRun: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] c:\windows\cmd.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MqmPgQQ] c:\windows\temp\i1zn3ta98.exe
mRun: [Bvukozuvovepur] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\utitaduxotoyeful.dll",Startup
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [MqmPjd] c:\windows\temp\tq9plu.exe
dRun: [Mkuwujecazuwipiq] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\geizior.dll",Startup
dRun: [MqmPgQQ] c:\windows\temp\i1zn3ta98.exe
dRunOnce: [nIkJn03100] c:\programdata\nikjn03100\nIkJn03100.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{7681a1a9-d865-4dc0-a319-41a49f5e78db}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: paradigmsi.com\crm
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {E31B6467-201E-4601-A023-0AE297563F8C} = 10.2.1.18
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Hosts: 10.2.1.67 psblaircrm02
================= FIREFOX ===================
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\92yzp8qx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wildblue.net/
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\92yzp8qx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\92yzp8qx.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\chris\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\92yzp8qx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {CA2B55BB-A05C-4827-A21F-938D27E5667C} - c:\windows\system32\config\systemprofile\appdata\local\{ca2b55bb-a05c-4827-a21f-938d27e5667c}\
============= SERVICES / DRIVERS ===============
R0 ZetSFD;Zetera Storage Class Filter Driver;c:\windows\system32\drivers\ZetSFD.sys [2009-7-17 13824]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-24 165584]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe [2009-7-15 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-24 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-24 40384]
R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe -service --> c:\windows\system32\lxdkcoms.exe -service [?]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-5 636144]
R2 TVService;TVService;c:\program files\team mediaportal\mediaportal tv server\TvService.exe [2010-10-1 196608]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-24 40384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-7-15 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-5 144128]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-7-15 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-7-15 271552]
R3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-12 38976]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-4-25 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-4-25 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-4-25 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-4-25 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-4-25 25704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca321445086810;Google Update Service (gupdate1ca321445086810);c:\program files\google\update\GoogleUpdate.exe [2009-9-10 133104]
S2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdkserv.exe [2009-9-5 99248]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-7-5 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-5 79360]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-5 40552]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\hwdiag\bin\pcd5srvc.pkms [2008-11-4 22904]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\verizon wireless\vzaccess manager\SMSIVZAM5.sys [2009-3-20 32408]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-7-5 79360]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2010-4-25 16896]
=============== Created Last 30 ================
2010-11-26 02:19:10 388096 ----a-r- c:\users\chris\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-26 02:19:10 -------- d-----w- c:\program files\Trend Micro
2010-11-26 02:12:52 -------- d-----w- c:\program files\FLAC to MP3 Converter
2010-11-25 04:56:54 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-25 04:56:49 38848 ----a-w- c:\windows\avastSS.scr
2010-11-25 04:56:47 -------- d-----w- c:\progra~2\Alwil Software
2010-11-25 02:56:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-25 02:56:47 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-25 02:56:13 -------- d-----w- c:\progra~2\Hitman Pro
2010-11-25 01:01:13 -------- d-----w- c:\progra~2\nIkJn03100
2010-11-25 01:00:39 -------- d-----w- c:\progra~2\WSTB
2010-11-24 14:16:20 -------- d-----w- c:\windows\pss
2010-11-24 13:38:10 -------- d-----w- c:\users\chris\appdata\roaming\Leeqi
2010-11-24 13:38:10 -------- d-----w- c:\users\chris\appdata\roaming\Gyohu
2010-11-24 13:36:43 30000 ----a-w- c:\windows\system32\xvafii3mw.dll
2010-11-24 03:25:57 -------- d-----w- c:\program files\whitesmoketoolbar
2010-11-24 02:18:39 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-20 18:29:50 -------- d-----w- C:\Music Label Databases
2010-11-20 18:29:28 -------- d-----w- c:\users\chris\appdata\roaming\Music Label
2010-11-20 18:28:58 -------- d-----w- c:\program files\Music Label 2010
2010-11-12 03:20:42 -------- d-----w- c:\program files\BitTorrent
2010-11-12 03:20:04 -------- d-----w- c:\users\chris\appdata\roaming\BitTorrent
2010-11-04 13:26:24 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-04 08:47:08 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e8b0a3b5-85b8-4418-8c2c-48a763efa8a6}\mpengine.dll
2010-11-04 06:09:20 -------- d-----w- c:\program files\TuneSleeve
2010-11-04 06:09:20 -------- d-----w- c:\progra~2\eSellerate
2010-10-31 15:22:12 -------- d-----w- c:\program files\iTunes
2010-10-31 15:22:12 -------- d-----w- c:\program files\iPod
2010-10-31 15:22:12 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-31 15:16:10 -------- d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST950032 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87230446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87236504]; MOV EAX, [0x87236580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E4F458] -> \Device\Harddisk0\DR0[0x864C87C8]
3 CLASSPNP[0x8CA9D59E] -> ntkrnlpa!IofCallDriver[0x82E4F458] -> [0x86461548]
\Driver\iaStor[0x85B651D8] -> IRP_MJ_CREATE -> 0x87230446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9500325AS_____________________________0003DEM1#4&17df1b88&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 21:33:48.56 ===============