ChronoTrigger
2011-04-12, 10:41
I am not an expert at Malware stuff. I am not even sure if anything is wrong. But my idiot brother may have caused some problems. This computer is very important. And i Just wanted to make sure. I would like to provide AVG Rootkit errors, as well as the DDS Report.... About that, was i supposed to copy paste, or attach the document?
Here is the rootkit.
Scan "Anti-Rootkit scan" completed.
Rootkits;"43";"0";"43"
Scan started:;"Tuesday, April 12, 2011, 1:55:51 AM"
Scan finished:;"Tuesday, April 12, 2011, 2:20:29 AM (24 minute(s) 37 second(s))"
Total object scanned:;"417016"
User who launched the scan:;"SYSTEM"
Rootkits
;"File";"Infection";"Result"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL -> wpsdrvnt.sys +0x16D0";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_CLOSE -> wpsdrvnt.sys +0x1580";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_CREATE -> wpsdrvnt.sys +0x1360";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_DEVICE_CONTROL -> wpsdrvnt.sys +0x16A0";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPTransmit+0x10FC -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPTransmit+0x2A52 -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPRegisterProtocol+0x930 -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook wanarp.sys +0x53FD -> Teefer.sys +0x8350";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
And the DDS Report...........
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 3:13:16.21 on Tue 04/12/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2318 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds (1).com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = https://forms.netsuite.com/app/site/crm/externalleadpage.nl?compid=438708&formid=83&h=380f83e044ae6b5f3101
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [SpeedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SmartSoft PDF Printer (demo) Agent] "c:\program files\smart pdf converter pro\sspdfagentd.exe"
mRun: [SmartSoft PDF Printer (demo) virtual printer agent] "c:\program files\smart pdf converter pro\sspdfagentd.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\regist~1.lnk - c:\program files\eset\noderator\Register NOD32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{176130bc-99a1-41fe-a78b-56045e33ad70}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-11-25 203616]
R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]
R2 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2008-11-25 14688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-10-15 243856]
S2 gupdate1c9647bf2396ed8;Google Update Service (gupdate1c9647bf2396ed8);c:\program files\google\update\GoogleUpdate.exe [2008-12-22 133104]
S2 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2008-11-25 14951264]
S2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-11 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2011-04-12 07:47:25 -------- d-----w- c:\program files\iPod
2011-04-12 07:47:23 -------- d-----w- c:\program files\iTunes
2011-04-12 07:39:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-12 07:39:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-12 07:38:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-04-12 07:38:15 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple
2011-04-12 07:37:52 -------- d-----w- c:\program files\Bonjour
2011-04-12 07:37:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple Computer
2011-04-12 07:28:05 55888 ----a-w- c:\windows\system32\drivers\Teefer.sys
2011-04-12 07:28:05 11914 ----a-w- c:\windows\system32\drivers\wg3n.sys
2011-04-12 07:28:04 18515 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2011-04-12 07:28:02 77824 ----a-w- c:\windows\system32\SSSensor.dll
2011-04-12 07:27:59 -------- d-----w- c:\program files\Sygate
2011-04-12 07:27:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard
.
==================== Find3M ====================
.
.
============= FINISH: 3:14:06.82 ===============
Here is the rootkit.
Scan "Anti-Rootkit scan" completed.
Rootkits;"43";"0";"43"
Scan started:;"Tuesday, April 12, 2011, 1:55:51 AM"
Scan finished:;"Tuesday, April 12, 2011, 2:20:29 AM (24 minute(s) 37 second(s))"
Total object scanned:;"417016"
User who launched the scan:;"SYSTEM"
Rootkits
;"File";"Infection";"Result"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL -> wpsdrvnt.sys +0x16D0";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_CLOSE -> wpsdrvnt.sys +0x1580";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_CREATE -> wpsdrvnt.sys +0x1360";"Object is hidden"
;"C:\WINDOWS\system32\drivers\wpsdrvnt.sys";"IRP hook, \Driver\Tcpip IRP_MJ_DEVICE_CONTROL -> wpsdrvnt.sys +0x16A0";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndisuio.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPTransmit+0x10FC -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPTransmit+0x2A52 -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook tcpip.sys IPRegisterProtocol+0x930 -> Teefer.sys +0x8200";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"tcpip.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"ndiswan.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"raspppoe.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"NDProxy.SYS, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"Inline hook wanarp.sys +0x53FD -> Teefer.sys +0x8350";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wanarp.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisDeregisterProtocol -> Teefer.sys +0x8C80";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"arp1394.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisRegisterProtocol -> Teefer.sys +0x8B30";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"dne2000.sys, hooked import NDIS.SYS NdisOpenAdapter -> Teefer.sys +0x8D20";"Object is hidden"
;"C:\WINDOWS\system32\drivers\Teefer.sys";"wg3n.sys, hooked import NDIS.SYS NdisCloseAdapter -> Teefer.sys +0x8D80";"Object is hidden"
And the DDS Report...........
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 3:13:16.21 on Tue 04/12/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2318 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds (1).com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = https://forms.netsuite.com/app/site/crm/externalleadpage.nl?compid=438708&formid=83&h=380f83e044ae6b5f3101
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [SpeedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SmartSoft PDF Printer (demo) Agent] "c:\program files\smart pdf converter pro\sspdfagentd.exe"
mRun: [SmartSoft PDF Printer (demo) virtual printer agent] "c:\program files\smart pdf converter pro\sspdfagentd.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\regist~1.lnk - c:\program files\eset\noderator\Register NOD32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{176130bc-99a1-41fe-a78b-56045e33ad70}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-11-25 203616]
R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]
R2 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2008-11-25 14688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-10-15 243856]
S2 gupdate1c9647bf2396ed8;Google Update Service (gupdate1c9647bf2396ed8);c:\program files\google\update\GoogleUpdate.exe [2008-12-22 133104]
S2 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2008-11-25 14951264]
S2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-11 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2011-04-12 07:47:25 -------- d-----w- c:\program files\iPod
2011-04-12 07:47:23 -------- d-----w- c:\program files\iTunes
2011-04-12 07:39:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-12 07:39:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-12 07:38:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-12 07:38:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-04-12 07:38:15 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple
2011-04-12 07:37:52 -------- d-----w- c:\program files\Bonjour
2011-04-12 07:37:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple Computer
2011-04-12 07:28:05 55888 ----a-w- c:\windows\system32\drivers\Teefer.sys
2011-04-12 07:28:05 11914 ----a-w- c:\windows\system32\drivers\wg3n.sys
2011-04-12 07:28:04 18515 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2011-04-12 07:28:02 77824 ----a-w- c:\windows\system32\SSSensor.dll
2011-04-12 07:27:59 -------- d-----w- c:\program files\Sygate
2011-04-12 07:27:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard
.
==================== Find3M ====================
.
.
============= FINISH: 3:14:06.82 ===============