MBAM found 11 threats.
Here's the logs.
DDS (Ver_10-12-12.02) - NTFSx86
Run by user at 18:02:28.03 on 04/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.858 [GMT 0:00]
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WakeMeUp\WMUSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WakeMeUp\WMUAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WakeMeUp\WMUTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\Java\eclipse-java-ganymede-SR2-win32\eclipse\eclipse.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysql.exe
C:\Program Files\UltraChm\UltraChm.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\user\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = ${URL_SEARCHPAGE}
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
uSearch Bar = hxxp://www.google.com/ie
mSearch Page = ${URL_SEARCHPAGE}
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
mWinlogon: Shell=Explorer.exe rundll32.exe oskewl
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog1.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {EBC780C8-5A2F-4BF2-B274-FDA3D61ACC6C} - No File
uRun: [Eobe] "c:\progra~1\ppatch~1\msiexec.exe" -vt yazr
uRun: [Oocucow] c:\documents and settings\user\my documents\?racle\m?hta.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [NexonEULauncher]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMUTray.exe] c:\program files\wakemeup\WMUTray.exe
mRun: [zBrowser Launcher] //~c:\program files\logitech\itouch\itouch.exe
mRun: [ipmon] ipmon.exe
mRun: [High Definition Audio Property Page Shortcut] //~hdashcut.exe
mRun: [adiras] adiras.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WMUAgent.exe] c:\program files\wakemeup\WMUAgent.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [braviax]
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {05854035-8B79-3CF1-4AA6-579916116B5D} - hxxp://85.255.113.214/1/gdnFR2339.exe
DPF: {4DD43FB9-05DA-4DB3-5385-089E0EA51DE5} - hxxp://85.255.113.214/1/gdnFR2339.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256811490390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: cinnamomum - No File
STS: incestuously - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli CPGFRPx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\oj9e3282.default\
FF - prefs.js: browser.startup.homepage -
www.google.com
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\oj9e3282.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\winnt_x86-msvc\components\libchm.dll
FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: TinEye Reverse Image Search:
[email protected] - %profile%\extensions\
[email protected]
FF - Ext: CHM Reader: {6e098d65-7d2d-46d4-ada0-2f882a29f795} - %profile%\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Java Quick Starter:
[email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-29 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-10-29 532224]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-7-15 32512]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-4-16 33792]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080406.003\NAVENG.SYS [2008-4-7 82256]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080406.003\NAVEX15.SYS [2008-4-7 895408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 136176]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-6-15 20160]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-22 1684736]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz129;cpuz129;\??\c:\docume~1\user\locals~1\temp\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz_x32.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [2010-11-8 16384]
S3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [2010-11-8 19456]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [2010-10-28 618112]
S3 ProtoWall;ProtoWall Defender;c:\windows\system32\drivers\protowall.sys --> c:\windows\system32\drivers\ProtoWall.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 Gpcclascw;Gpcclascw; [x]
S4 NtmlSvc;NtmlSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
=============== Created Last 30 ================
2011-01-04 17:57:15 388096 ----a-r- c:\docume~1\user\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-04 17:57:15 -------- d-----w- c:\program files\Trend Micro
2010-12-29 14:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\MySQL
2010-12-24 13:45:10 -------- d-----w- c:\program files\Nero
2010-12-24 13:44:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-12-24 13:38:50 -------- d-----w- c:\program files\Ask.com
2010-12-24 13:38:32 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-24 13:38:18 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-12-24 03:05:27 -------- d-----w- c:\program files\MySQL
2010-12-21 23:16:34 -------- d-----w- c:\program files\Winamp Detect
2010-12-18 01:20:07 1531392 ------w- c:\temp\TSDNWIN.exe
2010-12-18 01:20:06 -------- d-----w- C:\Temp
2010-12-18 00:57:46 1446264 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
2010-12-15 06:20:39 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:18:48 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-09 10:47:06 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll
2010-12-05 20:13:17 70924 ----a-w- c:\windows\system32\EBPMON2.DLL
2010-12-05 20:13:17 56832 ----a-w- c:\windows\system32\ECBTEG.DLL
2010-12-05 20:13:17 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2010-12-05 20:13:17 -------- d-----w- c:\program files\EPSON
2010-12-05 19:48:43 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-12-05 19:48:43 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-12-05 19:46:10 -------- d-----w- C:\epson
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-16 16:20:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-11-08 19:45:05 17488 ----a-w- c:\windows\gdrv.sys
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 03:17:32 16330752 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 03:10:48 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 03:10:38 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 03:09:30 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 03:03:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-10-27 02:51:32 3958784 ----a-w- c:\windows\system32\ati3duag.dll
2010-10-27 02:50:50 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:49:50 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-10-27 02:48:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-10-27 02:36:10 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
2010-10-27 02:30:48 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:30:34 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:30:26 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-10-27 02:30:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:30:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-10-27 02:28:34 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-10-27 02:27:04 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-10-27 02:26:18 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:22:32 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-10-27 02:20:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 02:20:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-27 02:20:32 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:20:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-10-27 02:14:34 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 21:36:21 438272 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2010-10-12 19:30:23 234576 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-12 19:30:23 234576 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-19 17:45:23 17892 ----a-w- c:\program files\common files\becybiwica.bin
2009-08-17 12:56:18 10417 ----a-w- c:\program files\common files\epojuhexe.bin
2009-08-17 11:21:17 10237 ----a-w- c:\program files\common files\xuxezew.dll
2009-08-17 11:21:16 13017 ----a-w- c:\program files\common files\eheny.bin
2009-08-17 11:21:15 18733 ----a-w- c:\program files\common files\qydaj.pif
2009-08-14 07:56:31 11663 ----a-w- c:\program files\common files\oxim.com
2009-08-12 23:31:18 15896 ----a-w- c:\program files\common files\elago.scr
2005-03-18 10:36:31 35840 ----a-w- c:\program files\StartSetup.exe
2002-03-05 05:08:11 184320 ----a-w- c:\program files\setup.exe
2001-09-27 06:56:04 1707856 ----a-w- c:\program files\instmsia.exe
2001-08-28 04:13:08 1821008 ----a-w- c:\program files\instmsiw.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200JB-00GVA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AC1E555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ac247b0]; MOV EAX, [0x8ac2482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AC7FAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008c[0x8AC703B8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AC54D98]
\Driver\atapi[0x8AC47A08] -> IRP_MJ_CREATE -> 0x8AC1E555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD1200JB-00GVA0_____________________08.02D08#5&17ef7b8e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AC1E39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 18:04:29.75 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 22/10/2009 19:48:26
System Uptime: 03/01/2011 11:51:34 (31 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2933/266mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 3.375 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP322: 23/11/2010 11:17:00 - System Checkpoint
RP323: 24/11/2010 14:16:01 - System Checkpoint
RP324: 26/11/2010 11:34:55 - System Checkpoint
RP325: 28/11/2010 05:37:47 - System Checkpoint
RP326: 29/11/2010 21:24:19 - System Checkpoint
RP327: 01/12/2010 02:22:20 - System Checkpoint
RP328: 03/12/2010 01:24:35 - System Checkpoint
RP329: 04/12/2010 14:55:48 - System Checkpoint
RP330: 05/12/2010 17:32:40 - System Checkpoint
RP331: 05/12/2010 20:01:34 - Installed EPSON TWAIN 5
RP332: 05/12/2010 20:04:13 - Installed EPSON TWAIN 5
RP333: 07/12/2010 03:02:24 - System Checkpoint
RP334: 08/12/2010 03:20:27 - System Checkpoint
RP335: 09/12/2010 15:30:45 - System Checkpoint
RP336: 10/12/2010 19:24:34 - System Checkpoint
RP337: 11/12/2010 20:55:08 - System Checkpoint
RP338: 13/12/2010 00:15:53 - System Checkpoint
RP339: 14/12/2010 04:23:01 - System Checkpoint
RP340: 14/12/2010 22:22:50 - Installed Windows Media Player 10
RP341: 14/12/2010 22:23:57 - Software Distribution Service 3.0
RP342: 15/12/2010 10:00:16 - Software Distribution Service 3.0
RP343: 16/12/2010 16:43:04 - System Checkpoint
RP344: 17/12/2010 20:47:18 - System Checkpoint
RP345: 19/12/2010 06:57:16 - System Checkpoint
RP346: 19/12/2010 14:49:21 - Software Distribution Service 3.0
RP347: 20/12/2010 15:07:58 - System Checkpoint
RP348: 21/12/2010 19:52:37 - System Checkpoint
RP349: 22/12/2010 00:55:03 - Removed VideoImpression
RP350: 22/12/2010 16:31:50 - Removed Skype™ 5.0
RP351: 23/12/2010 19:29:29 - System Checkpoint
RP352: 24/12/2010 03:05:26 - Installed MySQL Server 5.5
RP353: 24/12/2010 13:35:11 - Removed Microsoft Visual C++ 2005 Redistributable
RP354: 24/12/2010 13:35:41 - Installed Microsoft Visual C++ 2005 Redistributable
RP355: 24/12/2010 13:37:49 - Installed Windows XP KB942288-v3.
RP356: 24/12/2010 13:38:12 - Installed DirectX
RP357: 24/12/2010 13:38:28 - Installed DirectX
RP358: 24/12/2010 13:44:52 - Installed Nero Burning ROM 10.
RP359: 26/12/2010 12:15:47 - System Checkpoint
RP360: 28/12/2010 00:27:08 - System Checkpoint
RP361: 29/12/2010 05:32:16 - System Checkpoint
RP362: 29/12/2010 13:43:28 - Removed MySQL Server 5.5
RP363: 29/12/2010 13:46:28 - Installed MySQL Server 5.5
RP364: 29/12/2010 13:52:08 - Removed MySQL Server 5.5
RP365: 29/12/2010 14:00:14 - Installed MySQL Server 5.5
RP366: 30/12/2010 14:03:16 - System Checkpoint
RP367: 31/12/2010 14:04:15 - System Checkpoint
RP368: 01/01/2011 15:45:10 - System Checkpoint
RP369: 02/01/2011 16:12:55 - System Checkpoint
RP370: 03/01/2011 17:03:10 - System Checkpoint
RP371: 04/01/2011 17:57:14 - Installed HiJackThis
==== Installed Programs ======================
@BIOS
µTorrent
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Any Video Converter 2.7.8
Ask Toolbar
Audacity 1.2.6
Auralia 3 Student Edition
Belkin 54g USB Network Adapter
BT Voyager 105 ADSL Modem
CDisplay 1.8
DivX Converter
DivX Setup
EasySetPackage
eMule
EPSON Printer Software
EPSON TWAIN 5
ESET NOD32 Antivirus
Free FLV Converter V 6.7.3
Free Video Converter V 1.0
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GtkRadiant-1.3.8-ET
Guitar Pro 5.2
Hex Bubbles
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huawei Modems
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java DB 10.4.1.3
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 11
jEdit 4.2
LAME v3.98.2 for Audacity
Logitech iTouch Software
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.5.74
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MilkDrop for Winamp 2x (remove only)
Moyea FLV to Video Converter Pro 2 version 2.2.1.152
Mozilla Firefox (3.0.9)
Mozilla Firefox (3.6.13)
Mpeg2Decoder 1.3
MySQL Server 5.5
Native Instruments Service Center
Native Instruments Traktor
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OGA Notifier 2.0.0048.0
OpenAL
PDF Settings CS5
PeerGuardian 2.0
Philips Upgrade Tool
Pixelfusion WMP Plugin 1.60
PowerISO
Quake 4(TM) 1.0.5.2 Patch
QuickTime
RealPlayer
Realtek High Definition Audio Driver
SAGEM
[email protected] 800-840
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sibelius 3
Sibelius Scorch
Skype™ 5.0
Slideshow XL
SoulSeek 157 NS 12d
SoulSeek Client 156c
SpinnerDemo2
Spybot - Search & Destroy
Steinberg Cubase SX v3.1.1.944
StreamPlug Player
Subtitle Workshop 2.51
Switch Sound File Converter
Symantec Real Time Storage Protection Component
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
System Requirements Lab
System Requirements Lab for Intel
ToggleEN Toolbar
Trust 100K Series Webcam
UltraChm 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb972691)
Update for Outlook 2007 Junk Email Filter (KB974810)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Video Enhancer 1.9.3
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
VobSub v2.23 (Remove Only)
WakeMeUp!
WebFldrs XP
WebSlayer-Beta
Win Web Crawler 3.0
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Wireless Manager
YouTube FLV to AVI converter Pro 2.2.5
ZoneAlarm
==== Event Viewer Messages From Past Week ========
03/01/2011 23:52:19, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
03/01/2011 23:50:31, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
03/01/2011 23:46:22, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================