Malware problem - browser hijack

**bmet26** · 2011-03-26, 07:14

I have used Spybot, Malwarebytes Anti-malware, and Lavasoft Ad-aware, and I have not been able to get rid of the infection.

When I attempt to click on google search results, the browser is redirected.

The DDS report follows; thank you for your help!

-----------------------------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin at 1:07:23.78 on Sat 03/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1326 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\lkads.exe
C:\WINDOWS.0\system32\lktsrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS.0\system32\nisvcloc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS.0\system32\tcpsvcs.exe
C:\WINDOWS.0\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS.0\System32\svchost.exe -k HTTPFilter
C:\WINDOWS.0\system32\msiexec.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
C:\TMP\ose00001.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mURLSearchHooks: H - No File
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows.0\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows.0\system32\hkcmd.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NI Background Service] c:\program files\national instruments\shared\update service\BackgroundService.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0AMQAwADAAMwA2ADQAOQAyADQALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQAMgAtAEIANAAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: uno.edu\cas
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\j13l6xiy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\admin\application data\move networks\plugins\npqmp071701000002.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\admin\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [2011-3-24 64512]
R1 vsdatant;vsdatant;c:\windows.0\system32\vsdatant.sys [2009-3-27 532224]
R2 gearsec;gearsec;c:\windows.0\system32\gearsec.exe [2005-11-30 58952]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-22 1405384]
R2 vsmon;TrueVector Internet Monitor;c:\windows.0\system32\zonelabs\vsmon.exe -service --> c:\windows.0\system32\zonelabs\vsmon.exe -service [?]
R3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows.0\system32\drivers\WMP300Nv1.sys [2010-3-21 822400]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows.0\system32\drivers\avgtdix.sys --> c:\windows.0\system32\drivers\avgtdix.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows.0\system32\drivers\ssport.sys --> c:\windows.0\system32\drivers\SSPORT.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-22 15232]
S3 NMUSB;NMUSB;c:\windows.0\system32\drivers\Nmusb.sys [2010-7-9 25056]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-3-27 464264]
S4 WMP300NSvc;WMP300NSvc;c:\program files\linksys\wmp300n\WLService.exe [2010-7-12 53307]
.
=============== Created Last 30 ================
.
2011-03-26 06:34:24 -------- d-----w- c:\program files\ESET
2011-03-26 06:30:18 73728 ----a-w- c:\windows.0\system32\javacpl.cpl
2011-03-24 20:16:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-24 20:16:00 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Spybot - Search & Destroy
2011-03-24 17:11:26 16432 ----a-w- c:\windows.0\system32\lsdelete.exe
2011-03-24 16:52:56 64512 ----a-w- c:\windows.0\system32\drivers\Lbd.sys
2011-03-24 16:52:20 98392 ----a-w- c:\windows.0\system32\drivers\SBREDrv.sys
2011-03-24 16:49:52 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Sunbelt Software
2011-03-24 16:46:42 -------- dc-h--w- c:\docume~1\alluse~1.0\applic~1\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-03-24 16:46:20 -------- d-----w- c:\program files\Lavasoft
2011-03-23 18:09:21 -------- d-----w- C:\OutputFolder
2011-03-23 18:07:35 921600 ----a-w- c:\windows.0\system32\vorbisenc.dll
2011-03-23 18:07:35 45056 ----a-w- c:\windows.0\system32\ogg.dll
2011-03-23 18:07:35 237568 ----a-w- c:\windows.0\system32\OggDS.dll
2011-03-23 18:07:35 188416 ----a-w- c:\windows.0\system32\vorbis.dll
2011-03-23 18:07:34 28672 ----a-w- c:\windows.0\system32\AVEQT.dll
2011-03-23 18:07:34 129024 ----a-w- c:\windows.0\system32\AVERM.dll
2011-03-23 18:07:33 -------- d-----w- c:\program files\Ultra Mobile 3GP Video Converter
2011-03-23 17:53:32 -------- d-----w- c:\program files\Search Toolbar
2011-03-23 17:53:26 -------- d-----w- c:\program files\YTD Setup
2011-03-23 06:50:29 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-17 16:32:53 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\uTorrentBar
2011-03-17 16:30:33 -------- d-----w- c:\program files\Conduit
2011-03-17 16:30:05 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\TMP
2011-03-14 16:30:59 5632 ----a-w- c:\windows.0\system32\dllcache\kbda1.dll
2011-03-14 06:27:57 -------- d-----w- c:\documents and settings\all users.windows.0\Microsoft
2011-03-14 06:23:59 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-03-14 06:23:48 -------- d-----w- c:\windows.0\SHELLNEW
2011-03-14 01:04:39 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Virtualized Applications
2011-03-13 23:47:05 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\SoftGrid Client
2011-03-13 23:47:03 -------- d-----w- c:\docume~1\admin\applic~1\SoftGrid Client
2011-03-13 23:42:36 221184 ----a-w- c:\windows.0\system32\wmpns.dll
2011-03-13 23:42:12 -------- d-----w- c:\windows.0\system32\wbem\snmp
2011-03-13 23:42:11 -------- d-----w- c:\windows.0\system32\xircom
2011-03-13 23:24:53 46592 ------w- c:\windows.0\system32\drivers\irbus.sys
2011-03-13 23:22:15 19456 ----a-w- c:\windows.0\system32\dllcache\agt0401.dll
2011-03-13 23:21:54 19456 ----a-w- c:\windows.0\system32\dllcache\agt040d.dll
2011-03-13 23:18:19 56623 ------w- c:\windows.0\system32\drivers\ati1btxx.sys
2011-03-13 23:17:08 19569 ----a-w- c:\windows.0\002825_.tmp
2011-03-13 21:28:10 30512 ----a-w- c:\windows.0\system32\spool\prtprocs\w32x86\mdippr.dll
2011-03-13 21:28:10 30512 ----a-w- c:\windows.0\system32\mdimon.dll
2011-03-13 21:27:57 33104 ----a-w- c:\windows.0\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-03-13 21:27:56 32592 ----a-w- c:\windows.0\system32\msonpmon.dll
2011-03-13 21:14:20 -------- d-----w- c:\docume~1\admin\applic~1\TP
.
==================== Find3M ====================
.
2011-03-26 06:29:58 472808 ----a-w- c:\windows.0\system32\deployJava1.dll
2011-02-24 19:14:21 398760 ----a-r- c:\windows.0\system32\cpnprt2.cid
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500YD-01NVB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A7A9439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7af7d0]; MOV EAX, [0x8a7af84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8A806AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37C5] -> [0x8A725B58]
\Driver\atapi[0x8A7953D0] -> IRP_MJ_CREATE -> 0x8A7A9439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500YD-01NVB1_____________________10.02E01#5&31f0d48e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A7A927F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 1:08:48.79 ===============

**shelf life** · 2011-03-28, 00:17

hi bmet26,

Based on the log you shouldnt be using the computer until its clean. Make sure it has no connectivity, if your not sure how to do this then I would power it off.

You have a rootkit on your machine. Rootkits hide malicious files and components from traditional antivirus/antimalware software. They bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a reformat/reinstall of Windows as an option.
The best source for information on how to do this would be the computer manufacturers website.

We will get two downloads to use:
Please download TDSS Killer.exe and save it to your desktop

Double click to launch the utility. After it initializes click the start scan button.
Once the scan completes you can click the continue button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
"After clicking Next, the utility applies selected actions and outputs the result."
"A reboot might require after disinfection."
A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)

Please post the log report

After you use tdsskiller you can use combofix. Combofix requires that you read a guide first. Read through the guide then apply the directions on your own machine. Post the combofix log.
Guide to using Combofix

**bmet26** · 2011-03-28, 03:27

Here are the TDSSKiller and ComboFix reports. Thank you for your quick reply.

2011/03/27 18:25:13.0796 1984 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/27 18:25:14.0125 1984 ================================================================================
2011/03/27 18:25:14.0125 1984 SystemInfo:
2011/03/27 18:25:14.0125 1984
2011/03/27 18:25:14.0140 1984 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/27 18:25:14.0140 1984 Product type: Workstation
2011/03/27 18:25:14.0140 1984 ComputerName: PAL
2011/03/27 18:25:14.0140 1984 UserName: Admin
2011/03/27 18:25:14.0140 1984 Windows directory: C:\WINDOWS.0
2011/03/27 18:25:14.0140 1984 System windows directory: C:\WINDOWS.0
2011/03/27 18:25:14.0140 1984 Processor architecture: Intel x86
2011/03/27 18:25:14.0140 1984 Number of processors: 1
2011/03/27 18:25:14.0140 1984 Page size: 0x1000
2011/03/27 18:25:14.0140 1984 Boot type: Normal boot
2011/03/27 18:25:14.0140 1984 ================================================================================
2011/03/27 18:25:14.0406 1984 Initialize success
2011/03/27 18:25:29.0578 1004 ================================================================================
2011/03/27 18:25:29.0578 1004 Scan started
2011/03/27 18:25:29.0578 1004 Mode: Manual;
2011/03/27 18:25:29.0578 1004 ================================================================================
2011/03/27 18:25:30.0390 1004 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS.0\system32\DRIVERS\ACPI.sys
2011/03/27 18:25:30.0468 1004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS.0\system32\drivers\ACPIEC.sys
2011/03/27 18:25:30.0609 1004 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS.0\system32\drivers\aeaudio.sys
2011/03/27 18:25:30.0703 1004 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS.0\system32\drivers\aec.sys
2011/03/27 18:25:30.0781 1004 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS.0\System32\drivers\afd.sys
2011/03/27 18:25:30.0859 1004 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS.0\system32\DRIVERS\agp440.sys
2011/03/27 18:25:31.0265 1004 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS.0\system32\DRIVERS\arp1394.sys
2011/03/27 18:25:31.0546 1004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS.0\system32\DRIVERS\asyncmac.sys
2011/03/27 18:25:31.0609 1004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS.0\system32\DRIVERS\atapi.sys
2011/03/27 18:25:31.0765 1004 ati2mtaa (27bab72eae141d0ce39ec65c0fdeb2d6) C:\WINDOWS.0\system32\DRIVERS\ati2mtaa.sys
2011/03/27 18:25:31.0937 1004 ati2mtag (b70ecb6bd20e13f0ce3c0bc95f5c3a9a) C:\WINDOWS.0\system32\DRIVERS\ati2mtag.sys
2011/03/27 18:25:32.0093 1004 atinrvxx (9982aa116bf913fd2d719a165690b57c) C:\WINDOWS.0\system32\DRIVERS\atinrvxx.sys
2011/03/27 18:25:32.0187 1004 ATITUNEP (c5e545bbb396439bdb618cabc0ed0984) C:\WINDOWS.0\system32\DRIVERS\atintuxx.sys
2011/03/27 18:25:32.0250 1004 ATIXSAudio (e6e2935c08b73fa9a5dfe673cf6fd33d) C:\WINDOWS.0\system32\DRIVERS\atinxsxx.sys
2011/03/27 18:25:32.0328 1004 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS.0\system32\DRIVERS\atmarpc.sys
2011/03/27 18:25:32.0640 1004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS.0\system32\DRIVERS\audstub.sys
2011/03/27 18:25:32.0765 1004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS.0\system32\drivers\Beep.sys
2011/03/27 18:25:32.0875 1004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS.0\system32\drivers\cbidf2k.sys
2011/03/27 18:25:32.0968 1004 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys
2011/03/27 18:25:33.0078 1004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS.0\system32\drivers\Cdaudio.sys
2011/03/27 18:25:33.0156 1004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS.0\system32\drivers\Cdfs.sys
2011/03/27 18:25:33.0250 1004 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS.0\system32\drivers\cdrbsdrv.sys
2011/03/27 18:25:33.0312 1004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS.0\system32\DRIVERS\cdrom.sys
2011/03/27 18:25:33.0656 1004 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS.0\system32\drivers\cvintdrv.sys
2011/03/27 18:25:33.0859 1004 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS.0\system32\Drivers\DgiVecp.sys
2011/03/27 18:25:33.0937 1004 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS.0\system32\DRIVERS\disk.sys
2011/03/27 18:25:34.0093 1004 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS.0\system32\drivers\dmboot.sys
2011/03/27 18:25:34.0203 1004 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS.0\system32\drivers\dmio.sys
2011/03/27 18:25:34.0265 1004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS.0\system32\drivers\dmload.sys
2011/03/27 18:25:34.0359 1004 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS.0\system32\drivers\DMusic.sys
2011/03/27 18:25:34.0515 1004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS.0\system32\drivers\drmkaud.sys
2011/03/27 18:25:34.0593 1004 E1000 (a97b4360acc61d9d3cae50cd155ef02c) C:\WINDOWS.0\system32\DRIVERS\e1000325.sys
2011/03/27 18:25:34.0687 1004 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS.0\system32\DRIVERS\enum1394.sys
2011/03/27 18:25:35.0031 1004 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS.0\system32\drivers\Fastfat.sys
2011/03/27 18:25:35.0140 1004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS.0\system32\DRIVERS\fdc.sys
2011/03/27 18:25:35.0218 1004 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS.0\system32\drivers\Fips.sys
2011/03/27 18:25:35.0281 1004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS.0\system32\DRIVERS\flpydisk.sys
2011/03/27 18:25:35.0390 1004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS.0\system32\drivers\fltmgr.sys
2011/03/27 18:25:35.0468 1004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS.0\system32\drivers\Fs_Rec.sys
2011/03/27 18:25:35.0531 1004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS.0\system32\DRIVERS\ftdisk.sys
2011/03/27 18:25:35.0625 1004 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys
2011/03/27 18:25:35.0718 1004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS.0\system32\DRIVERS\msgpc.sys
2011/03/27 18:25:35.0843 1004 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\PROGRA~1\Linksys\WMP300N\GTNDIS5.SYS
2011/03/27 18:25:35.0953 1004 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS.0\system32\DRIVERS\hidusb.sys
2011/03/27 18:25:36.0125 1004 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS.0\system32\Drivers\HTTP.sys
2011/03/27 18:25:36.0312 1004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS.0\system32\DRIVERS\i8042prt.sys
2011/03/27 18:25:36.0406 1004 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS.0\system32\DRIVERS\ialmnt5.sys
2011/03/27 18:25:36.0484 1004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS.0\system32\DRIVERS\imapi.sys
2011/03/27 18:25:36.0890 1004 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS.0\system32\DRIVERS\intelide.sys
2011/03/27 18:25:36.0953 1004 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS.0\system32\DRIVERS\intelppm.sys
2011/03/27 18:25:37.0015 1004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS.0\system32\drivers\ip6fw.sys
2011/03/27 18:25:37.0093 1004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS.0\system32\DRIVERS\ipfltdrv.sys
2011/03/27 18:25:37.0171 1004 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS.0\system32\DRIVERS\ipinip.sys
2011/03/27 18:25:37.0265 1004 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS.0\system32\DRIVERS\ipnat.sys
2011/03/27 18:25:37.0359 1004 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS.0\system32\DRIVERS\ipsec.sys
2011/03/27 18:25:37.0421 1004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS.0\system32\DRIVERS\irenum.sys
2011/03/27 18:25:37.0515 1004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS.0\system32\DRIVERS\isapnp.sys
2011/03/27 18:25:37.0593 1004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS.0\system32\DRIVERS\kbdclass.sys
2011/03/27 18:25:37.0656 1004 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys
2011/03/27 18:25:37.0734 1004 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS.0\system32\drivers\kmixer.sys
2011/03/27 18:25:37.0812 1004 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS.0\system32\drivers\KSecDD.sys
2011/03/27 18:25:37.0890 1004 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS.0\system32\DRIVERS\L8042Kbd.sys
2011/03/27 18:25:38.0078 1004 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/03/27 18:25:38.0156 1004 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS.0\system32\DRIVERS\Lbd.sys
2011/03/27 18:25:38.0312 1004 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys
2011/03/27 18:25:38.0468 1004 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys
2011/03/27 18:25:38.0609 1004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS.0\system32\drivers\mnmdd.sys
2011/03/27 18:25:38.0921 1004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS.0\system32\drivers\Modem.sys
2011/03/27 18:25:39.0015 1004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS.0\system32\DRIVERS\mouclass.sys
2011/03/27 18:25:39.0109 1004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS.0\system32\DRIVERS\mouhid.sys
2011/03/27 18:25:39.0187 1004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS.0\system32\drivers\MountMgr.sys
2011/03/27 18:25:39.0328 1004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS.0\system32\DRIVERS\mrxdav.sys
2011/03/27 18:25:39.0406 1004 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS.0\system32\DRIVERS\mrxsmb.sys
2011/03/27 18:25:39.0515 1004 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS.0\system32\drivers\Msfs.sys
2011/03/27 18:25:39.0593 1004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS.0\system32\drivers\MSKSSRV.sys
2011/03/27 18:25:39.0656 1004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS.0\system32\drivers\MSPCLOCK.sys
2011/03/27 18:25:39.0718 1004 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS.0\system32\drivers\MSPQM.sys
2011/03/27 18:25:39.0812 1004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS.0\system32\DRIVERS\mssmbios.sys
2011/03/27 18:25:39.0875 1004 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS.0\system32\drivers\MSTEE.sys
2011/03/27 18:25:39.0953 1004 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS.0\system32\drivers\Mup.sys
2011/03/27 18:25:40.0046 1004 MVDCODEC (a6c4bb3897a0b3ac8d175528385408ea) C:\WINDOWS.0\system32\DRIVERS\atinmdxx.sys
2011/03/27 18:25:40.0125 1004 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys
2011/03/27 18:25:40.0218 1004 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS.0\system32\drivers\NDIS.sys
2011/03/27 18:25:40.0281 1004 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys
2011/03/27 18:25:40.0343 1004 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS.0\system32\DRIVERS\ndistapi.sys
2011/03/27 18:25:40.0406 1004 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS.0\system32\DRIVERS\ndisuio.sys
2011/03/27 18:25:40.0484 1004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS.0\system32\DRIVERS\ndiswan.sys
2011/03/27 18:25:40.0546 1004 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS.0\system32\drivers\NDProxy.sys
2011/03/27 18:25:40.0609 1004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS.0\system32\DRIVERS\netbios.sys
2011/03/27 18:25:40.0734 1004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS.0\system32\DRIVERS\netbt.sys
2011/03/27 18:25:41.0093 1004 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS.0\system32\DRIVERS\nic1394.sys
2011/03/27 18:25:41.0250 1004 NMUSB (e3b706e58e2580ee8bcd8a934a2c4dc1) C:\WINDOWS.0\system32\DRIVERS\Nmusb.sys
2011/03/27 18:25:41.0312 1004 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS.0\system32\drivers\Npfs.sys
2011/03/27 18:25:41.0390 1004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS.0\system32\drivers\Ntfs.sys
2011/03/27 18:25:41.0515 1004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS.0\system32\drivers\Null.sys
2011/03/27 18:25:41.0578 1004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS.0\system32\DRIVERS\nwlnkflt.sys
2011/03/27 18:25:41.0656 1004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS.0\system32\DRIVERS\nwlnkfwd.sys
2011/03/27 18:25:41.0734 1004 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS.0\system32\DRIVERS\ohci1394.sys
2011/03/27 18:25:41.0812 1004 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS.0\SYSTEM32\DRIVERS\OMCI.SYS
2011/03/27 18:25:41.0921 1004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS.0\system32\DRIVERS\parport.sys
2011/03/27 18:25:42.0000 1004 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS.0\system32\drivers\PartMgr.sys
2011/03/27 18:25:42.0062 1004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS.0\system32\drivers\ParVdm.sys
2011/03/27 18:25:42.0140 1004 PCDCODEC (ac941d0decc28fb5ce96138d1ab72561) C:\WINDOWS.0\system32\DRIVERS\atinpdxx.sys
2011/03/27 18:25:42.0218 1004 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS.0\system32\DRIVERS\pci.sys
2011/03/27 18:25:42.0343 1004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS.0\system32\DRIVERS\pciide.sys
2011/03/27 18:25:42.0421 1004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS.0\system32\drivers\Pcmcia.sys
2011/03/27 18:25:42.0890 1004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS.0\system32\DRIVERS\raspptp.sys
2011/03/27 18:25:43.0031 1004 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS.0\system32\DRIVERS\psched.sys
2011/03/27 18:25:43.0093 1004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS.0\system32\DRIVERS\ptilink.sys
2011/03/27 18:25:43.0406 1004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS.0\system32\DRIVERS\rasacd.sys
2011/03/27 18:25:43.0500 1004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS.0\system32\DRIVERS\rasl2tp.sys
2011/03/27 18:25:43.0781 1004 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS.0\system32\DRIVERS\raspppoe.sys
2011/03/27 18:25:43.0843 1004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS.0\system32\DRIVERS\raspti.sys
2011/03/27 18:25:43.0937 1004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS.0\system32\DRIVERS\rdbss.sys
2011/03/27 18:25:44.0015 1004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS.0\system32\DRIVERS\RDPCDD.sys
2011/03/27 18:25:44.0093 1004 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS.0\system32\DRIVERS\rdpdr.sys
2011/03/27 18:25:44.0218 1004 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS.0\system32\drivers\RDPWD.sys
2011/03/27 18:25:44.0312 1004 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS.0\system32\DRIVERS\redbook.sys
2011/03/27 18:25:44.0437 1004 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS.0\system32\DRIVERS\rspndr.sys
2011/03/27 18:25:44.0562 1004 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS.0\system32\DRIVERS\sbp2port.sys
2011/03/27 18:25:44.0703 1004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS.0\system32\DRIVERS\secdrv.sys
2011/03/27 18:25:44.0796 1004 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS.0\system32\DRIVERS\serenum.sys
2011/03/27 18:25:44.0890 1004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS.0\system32\DRIVERS\serial.sys
2011/03/27 18:25:44.0953 1004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS.0\system32\drivers\Sfloppy.sys
2011/03/27 18:25:45.0109 1004 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS.0\system32\DRIVERS\SLIP.sys
2011/03/27 18:25:45.0203 1004 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS.0\system32\drivers\smwdm.sys
2011/03/27 18:25:45.0406 1004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS.0\system32\drivers\splitter.sys
2011/03/27 18:25:45.0500 1004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS.0\system32\DRIVERS\sr.sys
2011/03/27 18:25:45.0875 1004 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS.0\system32\DRIVERS\srv.sys
2011/03/27 18:25:46.0078 1004 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys
2011/03/27 18:25:46.0140 1004 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS.0\system32\DRIVERS\swenum.sys
2011/03/27 18:25:46.0218 1004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS.0\system32\drivers\swmidi.sys
2011/03/27 18:25:46.0437 1004 symsnap (c9273531eac75ee225e3170fb6107fa3) C:\WINDOWS.0\system32\DRIVERS\symsnap.sys
2011/03/27 18:25:46.0609 1004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS.0\system32\drivers\sysaudio.sys
2011/03/27 18:25:46.0734 1004 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS.0\system32\DRIVERS\tcpip.sys
2011/03/27 18:25:46.0828 1004 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS.0\system32\drivers\TDPIPE.sys
2011/03/27 18:25:46.0890 1004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS.0\system32\drivers\TDTCP.sys
2011/03/27 18:25:46.0953 1004 TermDD (88155247177638048422893737429d9e) C:\WINDOWS.0\system32\DRIVERS\termdd.sys
2011/03/27 18:25:47.0062 1004 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS.0\system32\drivers\tiehdusb.sys
2011/03/27 18:25:47.0234 1004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS.0\system32\drivers\Udfs.sys
2011/03/27 18:25:47.0406 1004 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS.0\system32\DRIVERS\update.sys
2011/03/27 18:25:47.0531 1004 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS.0\system32\Drivers\usbaapl.sys
2011/03/27 18:25:47.0656 1004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys
2011/03/27 18:25:47.0718 1004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS.0\system32\DRIVERS\usbehci.sys
2011/03/27 18:25:47.0796 1004 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS.0\system32\DRIVERS\usbhub.sys
2011/03/27 18:25:48.0046 1004 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS.0\system32\DRIVERS\usbprint.sys
2011/03/27 18:25:48.0125 1004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS.0\system32\DRIVERS\usbscan.sys
2011/03/27 18:25:48.0203 1004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS
2011/03/27 18:25:48.0265 1004 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys
2011/03/27 18:25:48.0343 1004 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS.0\system32\DRIVERS\v2imount.sys
2011/03/27 18:25:48.0421 1004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS.0\System32\drivers\vga.sys
2011/03/27 18:25:48.0531 1004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS.0\system32\drivers\VolSnap.sys
2011/03/27 18:25:48.0609 1004 VProEventMonitor (e78781b2c86c92a0a738df566460f716) C:\WINDOWS.0\system32\DRIVERS\vproeventmonitor.sys
2011/03/27 18:25:48.0734 1004 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS.0\system32\vsdatant.sys
2011/03/27 18:25:48.0921 1004 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS.0\system32\DRIVERS\wanarp.sys
2011/03/27 18:25:49.0015 1004 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys
2011/03/27 18:25:49.0171 1004 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS.0\system32\drivers\wdmaud.sys
2011/03/27 18:25:49.0265 1004 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS.0\system32\DRIVERS\wimfltr.sys
2011/03/27 18:25:49.0515 1004 WMP300Nv1 (ee44fe4c6388eae2ec5749e2c5d781f2) C:\WINDOWS.0\system32\DRIVERS\WMP300Nv1.sys
2011/03/27 18:25:49.0671 1004 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS.0\system32\Drivers\wpdusb.sys
2011/03/27 18:25:49.0781 1004 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS
2011/03/27 18:25:50.0078 1004 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys
2011/03/27 18:25:50.0156 1004 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys
2011/03/27 18:25:50.0296 1004 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS.0\system32\drivers\ialmsbw.sys
2011/03/27 18:25:50.0421 1004 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS.0\system32\drivers\ialmkchw.sys
2011/03/27 18:25:50.0500 1004 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/27 18:25:50.0578 1004 ================================================================================
2011/03/27 18:25:50.0578 1004 Scan finished
2011/03/27 18:25:50.0578 1004 ================================================================================
2011/03/27 18:25:50.0609 1332 Detected object count: 1
2011/03/27 18:25:59.0468 1332 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/27 18:25:59.0468 1332 \HardDisk0 - ok
2011/03/27 18:25:59.0468 1332 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

ComboFix 11-03-27.01 - Admin 03/27/2011 19:54:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1635 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 03:08 . 2011-03-28 03:08 53248 ----a-w- c:\temp\catchme.dll
2011-03-26 08:02 . 2011-03-26 08:03 -------- d-----w- c:\program files\ERUNT
2011-03-26 06:34 . 2011-03-26 06:34 -------- d-----w- c:\program files\ESET
2011-03-26 06:30 . 2011-03-26 06:29 73728 ----a-w- c:\windows.0\system32\javacpl.cpl
2011-03-24 20:16 . 2011-03-24 20:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2011-03-24 20:16 . 2011-03-24 20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-24 17:11 . 2011-03-22 08:05 16432 ----a-w- c:\windows.0\system32\lsdelete.exe
2011-03-24 16:52 . 2011-03-22 08:05 64512 ----a-w- c:\windows.0\system32\drivers\Lbd.sys
2011-03-24 16:52 . 2011-03-24 16:52 98392 ----a-w- c:\windows.0\system32\drivers\SBREDrv.sys
2011-03-24 16:49 . 2011-03-24 16:49 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Sunbelt Software
2011-03-24 16:46 . 2011-03-26 07:48 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS.0\Application Data\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-03-24 16:46 . 2011-03-24 16:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft
2011-03-24 16:46 . 2011-03-24 16:46 -------- d-----w- c:\program files\Lavasoft
2011-03-24 12:05 . 2011-03-24 12:05 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-03-24 06:22 . 2011-03-24 06:22 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2011-03-24 06:20 . 2011-03-24 06:20 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
2011-03-24 06:20 . 2011-03-24 06:20 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-03-23 18:09 . 2011-03-23 18:09 -------- d-----w- C:\OutputFolder
2011-03-23 18:07 . 2002-10-07 09:42 237568 ----a-w- c:\windows.0\system32\OggDS.dll
2011-03-23 18:07 . 2002-10-05 14:04 921600 ----a-w- c:\windows.0\system32\vorbisenc.dll
2011-03-23 18:07 . 2002-10-05 14:04 188416 ----a-w- c:\windows.0\system32\vorbis.dll
2011-03-23 18:07 . 2002-10-05 14:04 45056 ----a-w- c:\windows.0\system32\ogg.dll
2011-03-23 18:07 . 2007-04-12 21:19 129024 ----a-w- c:\windows.0\system32\AVERM.dll
2011-03-23 18:07 . 2006-09-26 20:57 28672 ----a-w- c:\windows.0\system32\AVEQT.dll
2011-03-23 18:07 . 2011-03-23 18:08 -------- d-----w- c:\program files\Ultra Mobile 3GP Video Converter
2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\program files\YTD Setup
2011-03-23 17:14 . 2008-04-14 12:42 26624 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-03-23 06:50 . 2011-03-23 06:50 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-23 06:48 . 2011-03-23 06:49 -------- d-----w- c:\windows.0\system32\drivers\UMDF
2011-03-21 17:06 . 2011-03-21 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-17 16:32 . 2011-03-17 16:32 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\uTorrentBar
2011-03-17 16:30 . 2011-03-17 16:30 -------- d-----w- c:\program files\Conduit
2011-03-17 16:30 . 2011-03-17 16:30 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\TMP
2011-03-14 16:30 . 2004-08-04 12:00 5632 ----a-w- c:\windows.0\system32\dllcache\kbda1.dll
2011-03-14 06:27 . 2011-03-14 06:27 -------- d-----w- c:\program files\Microsoft.NET
2011-03-14 06:27 . 2011-03-14 06:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Microsoft
2011-03-14 06:23 . 2011-03-14 06:23 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-03-14 06:23 . 2011-03-14 06:24 -------- d-----w- c:\windows.0\SHELLNEW
2011-03-14 06:22 . 2011-03-14 06:22 -------- d-----r- C:\MSOCache
2011-03-14 05:45 . 2011-03-14 05:45 -------- d-----w- c:\program files\Common Files\Java
2011-03-14 05:44 . 2011-03-14 05:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\McAfee
2011-03-14 01:04 . 2011-03-14 03:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Virtualized Applications
2011-03-13 23:47 . 2011-03-14 03:40 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\SoftGrid Client
2011-03-13 23:47 . 2011-03-14 05:02 -------- d-----w- c:\documents and settings\Admin\Application Data\SoftGrid Client
2011-03-13 23:42 . 2008-04-14 12:42 221184 ----a-w- c:\windows.0\system32\wmpns.dll
2011-03-13 23:42 . 2011-03-13 23:42 -------- d-----w- c:\windows.0\system32\wbem\snmp
2011-03-13 23:42 . 2011-03-13 23:42 -------- d-----w- c:\windows.0\system32\xircom
2011-03-13 23:24 . 2008-04-14 07:15 46592 ------w- c:\windows.0\system32\drivers\irbus.sys
2011-03-13 23:22 . 2007-04-03 06:56 19456 ----a-w- c:\windows.0\system32\dllcache\agt0401.dll
2011-03-13 23:21 . 2007-04-03 06:56 19456 ----a-w- c:\windows.0\system32\dllcache\agt040d.dll
2011-03-13 23:18 . 2008-04-14 12:41 4255 ------w- c:\windows.0\system32\drivers\adv01nt5.dll
2011-03-13 23:17 . 2006-12-29 07:31 19569 ----a-w- c:\windows.0\002825_.tmp
2011-03-13 21:28 . 2006-10-27 02:58 30512 ----a-w- c:\windows.0\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-03-13 21:28 . 2006-10-27 02:58 30512 ----a-w- c:\windows.0\system32\mdimon.dll
2011-03-13 21:27 . 2006-10-27 02:56 33104 ----a-w- c:\windows.0\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-03-13 21:27 . 2006-10-27 02:56 32592 ----a-w- c:\windows.0\system32\msonpmon.dll
2011-03-13 21:14 . 2011-03-14 04:57 -------- d-----w- c:\documents and settings\Admin\Application Data\TP
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 06:29 . 2010-10-09 04:55 472808 ----a-w- c:\windows.0\system32\deployJava1.dll
2011-02-24 19:14 . 2009-03-28 16:24 398760 ----a-r- c:\windows.0\system32\cpnprt2.cid
2008-12-10 22:50 . 2008-12-10 22:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-10-08 00:11 . 2009-10-08 00:11 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-17 02:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-30 39408]
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-31 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows.0\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows.0\system32\hkcmd.exe" [2003-04-07 114688]
"AtiPTA"="atiptaxx.exe" [2001-09-27 245760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows.0\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
"ASKService"=2 (0x2)
"iPod Service"=3 (0x3)
"bgsvcgen"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WMP300NSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [3/24/2011 9:52 AM 64512]
R2 gearsec;gearsec;c:\windows.0\system32\gearsec.exe [11/30/2005 11:43 AM 58952]
S2 SSPORT;SSPORT;\??\c:\windows.0\system32\Drivers\SSPORT.sys --> c:\windows.0\system32\Drivers\SSPORT.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/22/2011 1:05 AM 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3/22/2011 1:05 AM 15232]
S3 NMUSB;NMUSB;c:\windows.0\system32\drivers\Nmusb.sys [7/9/2010 4:48 PM 25056]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows.0\system32\drivers\WMP300Nv1.sys [3/21/2010 3:01 PM 822400]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [3/27/2009 10:59 PM 464264]
S4 WMP300NSvc;WMP300NSvc;c:\program files\Linksys\WMP300N\WLService.exe [7/12/2010 5:54 PM 53307]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows.0\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-22 08:05]
.
2011-03-27 c:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1409082233-682003330-1003Core1cb6c3833a79942.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-31 18:15]
.
2011-03-28 c:\windows.0\Tasks\User_Feed_Synchronization-{0DF74E7E-E268-4436-8E53-961B863730AE}.job
- c:\windows.0\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: uno.edu\cas
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\j13l6xiy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Admin\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Samsung ML-1630 Series - c:\program files\Samsung\Samsung ML-1630 Series\Install\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 20:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(544)
c:\windows.0\system32\Ati2evxx.dll
.
Completion time: 2011-03-27 20:10:56
ComboFix-quarantined-files.txt 2011-03-28 03:10
.
Pre-Run: 177,335,803,904 bytes free
Post-Run: 177,893,900,288 bytes free
.
- - End Of File - - E9CAB87FDC434C09CCC7B339CE7D1F33

**shelf life** · 2011-03-28, 22:59

Hi,

Ok good. Please post a new DDS log. Did you install the ask toolbar intentionally? Looks like it hitched a ride in with something else. If you dont use it you can uninstall it via the add/remove programs panel.

**bmet26** · 2011-03-29, 05:10

It appears as if the Ask Toolbar was installed with ZoneAlarm; I have removed it.

The new DDS report follows.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin at 22:06:36.75 on Mon 03/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1545 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS.0\system32\svchost.exe -k netsvcs
C:\WINDOWS.0\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\lkads.exe
C:\WINDOWS.0\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS.0\system32\nisvcloc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS.0\system32\tcpsvcs.exe
C:\WINDOWS.0\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows.0\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows.0\system32\hkcmd.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NI Background Service] c:\program files\national instruments\shared\update service\BackgroundService.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0AMQAwADAAMwA2ADQAOQAyADQALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQAMgAtAEIANAAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: uno.edu\cas
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\j13l6xiy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\admin\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [2011-3-24 64512]
R1 vsdatant;vsdatant;c:\windows.0\system32\vsdatant.sys [2009-3-27 532224]
R2 gearsec;gearsec;c:\windows.0\system32\gearsec.exe [2005-11-30 58952]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 SSPORT;SSPORT;\??\c:\windows.0\system32\drivers\ssport.sys --> c:\windows.0\system32\drivers\SSPORT.sys [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows.0\system32\zonelabs\vsmon.exe -service --> c:\windows.0\system32\zonelabs\vsmon.exe -service [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-22 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-22 15232]
S3 NMUSB;NMUSB;c:\windows.0\system32\drivers\Nmusb.sys [2010-7-9 25056]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows.0\system32\drivers\WMP300Nv1.sys [2010-3-21 822400]
S4 WMP300NSvc;WMP300NSvc;c:\program files\linksys\wmp300n\WLService.exe [2010-7-12 53307]
.
=============== Created Last 30 ================
.
2011-03-28 02:49:20 -------- d-sha-r- C:\cmdcons
2011-03-28 02:49:19 -------- d-----w- c:\windows.0\setup.pss
2011-03-28 02:29:49 98816 ----a-w- c:\windows.0\sed.exe
2011-03-28 02:29:49 89088 ----a-w- c:\windows.0\MBR.exe
2011-03-28 02:29:49 256512 ----a-w- c:\windows.0\PEV.exe
2011-03-28 02:29:49 161792 ----a-w- c:\windows.0\SWREG.exe
2011-03-26 06:34:24 -------- d-----w- c:\program files\ESET
2011-03-26 06:30:18 73728 ----a-w- c:\windows.0\system32\javacpl.cpl
2011-03-24 20:16:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-24 20:16:00 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Spybot - Search & Destroy
2011-03-24 17:11:26 16432 ----a-w- c:\windows.0\system32\lsdelete.exe
2011-03-24 16:52:56 64512 ----a-w- c:\windows.0\system32\drivers\Lbd.sys
2011-03-24 16:52:20 98392 ----a-w- c:\windows.0\system32\drivers\SBREDrv.sys
2011-03-24 16:49:52 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Sunbelt Software
2011-03-24 16:46:42 -------- dc-h--w- c:\docume~1\alluse~1.0\applic~1\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-03-24 16:46:20 -------- d-----w- c:\program files\Lavasoft
2011-03-23 18:09:21 -------- d-----w- C:\OutputFolder
2011-03-23 18:07:35 921600 ----a-w- c:\windows.0\system32\vorbisenc.dll
2011-03-23 18:07:35 45056 ----a-w- c:\windows.0\system32\ogg.dll
2011-03-23 18:07:35 237568 ----a-w- c:\windows.0\system32\OggDS.dll
2011-03-23 18:07:35 188416 ----a-w- c:\windows.0\system32\vorbis.dll
2011-03-23 18:07:34 28672 ----a-w- c:\windows.0\system32\AVEQT.dll
2011-03-23 18:07:34 129024 ----a-w- c:\windows.0\system32\AVERM.dll
2011-03-23 18:07:33 -------- d-----w- c:\program files\Ultra Mobile 3GP Video Converter
2011-03-23 17:53:26 -------- d-----w- c:\program files\YTD Setup
2011-03-23 06:50:29 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-17 16:32:53 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\uTorrentBar
2011-03-17 16:30:33 -------- d-----w- c:\program files\Conduit
2011-03-17 16:30:05 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\TMP
2011-03-14 16:30:59 5632 ----a-w- c:\windows.0\system32\dllcache\kbda1.dll
2011-03-14 06:27:57 -------- d-----w- c:\documents and settings\all users.windows.0\Microsoft
2011-03-14 06:23:59 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-03-14 06:23:48 -------- d-----w- c:\windows.0\SHELLNEW
2011-03-14 01:04:39 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Virtualized Applications
2011-03-13 23:47:05 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\SoftGrid Client
2011-03-13 23:47:03 -------- d-----w- c:\docume~1\admin\applic~1\SoftGrid Client
2011-03-13 23:42:36 221184 ----a-w- c:\windows.0\system32\wmpns.dll
2011-03-13 23:42:12 -------- d-----w- c:\windows.0\system32\wbem\snmp
2011-03-13 23:42:11 -------- d-----w- c:\windows.0\system32\xircom
2011-03-13 23:24:53 46592 ------w- c:\windows.0\system32\drivers\irbus.sys
2011-03-13 23:22:15 19456 ----a-w- c:\windows.0\system32\dllcache\agt0401.dll
2011-03-13 23:21:54 19456 ----a-w- c:\windows.0\system32\dllcache\agt040d.dll
2011-03-13 23:18:19 56623 ------w- c:\windows.0\system32\drivers\ati1btxx.sys
2011-03-13 23:17:08 19569 ----a-w- c:\windows.0\002825_.tmp
2011-03-13 21:28:10 30512 ----a-w- c:\windows.0\system32\spool\prtprocs\w32x86\mdippr.dll
2011-03-13 21:28:10 30512 ----a-w- c:\windows.0\system32\mdimon.dll
2011-03-13 21:27:57 33104 ----a-w- c:\windows.0\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-03-13 21:27:56 32592 ----a-w- c:\windows.0\system32\msonpmon.dll
2011-03-13 21:14:20 -------- d-----w- c:\docume~1\admin\applic~1\TP
.
==================== Find3M ====================
.
2011-03-26 06:29:58 472808 ----a-w- c:\windows.0\system32\deployJava1.dll
2011-02-24 19:14:21 398760 ----a-r- c:\windows.0\system32\cpnprt2.cid
.
============= FINISH: 22:07:10.59 ===============

**shelf life** · 2011-03-29, 23:21

Looks like XP was installed to C:\windows.0, logs look ok check malwarebytes for updates and do a scan with it, then we can call it quits.

**bmet26** · 2011-04-07, 03:32

Thank you!!!

**shelf life** · 2011-04-07, 23:35

Your welcome. Take a look in your add/remove programs uninstall and look for Conduit or Conduit toolbar and uninstall if present. Most likely this is a toolbar that is or was installed at one time.

You can remove combofix like this;
start>run and type in combofix /uninstall
click ok or enter
note the safe after the x and before the /

You can delete the tdsskiller icon from your desktop.

Note that malwarebytes must be updated manually and a scan started manually.
You can make a new restore point, the how and the why:

One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

Last some tips for you:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A slide show how to for securing Internet Explorer 8.0 for safer surfing. How to harden FireFox. for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. A file can be named anything and be nothing but malware or have malware bundled in it. Can you really trust the source of the file?

More info/tips with pictures, links below

Happy Safe Surfing.

Thread: Malware problem - browser hijack

Thread Tools

Display

Malware problem - browser hijack

ComboFix and TDSSKiller reports

Second DDS report

Posting Permissions