Hi there, my computer has a rootkit that doesn't seem to want to go away. First I noticed that "antimalware doctor" was installed on my computer and I knew this bad, shortly after avast pops up saying it's found a rootkit. I let it run a boot-time scan and deleted what it had found, but after it finished the same message popped up wanting to do the boot-time scan again. Instead I just ran MBAM, deleted the infected files and restarted. But it's still there, everytime I boot up my computer that same avast message pops up. If I press "no" on restart computer another avast window will pop up saying "Suspicious files have been detected(using a heuristic method).This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.The file name that comes up is "\\.\PHYSICALDRIVE0 MBR:TDL4". I've ran the scan several times,as well as MBAM and it's not finding anything anymore. Everytime I search something on google I get redirected, sometimes when I restart my taskbar goes back to "windows classic style"(even though it's always on "windows XP style") with no other options, I know it's still in there. So I ran DDS and GMER, these are the results:
Attach.txt:
DDS (Ver_11-03-05.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2011 2:55:49 PM
System Uptime: 5/12/2011 5:51:32 PM (3 hours ago)
.
Motherboard: | | SiS-661
Processor: Intel(R) Celeron(R) CPU 1.80GHz | Socket 478 | 1804/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 50.999 GiB free.
D: is CDROM (CDFS)
G: is FIXED (NTFS) - 932 GiB total, 896.21 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_0C56105B&REV_A0\3&61AAA01&0&17
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_0C56105B&REV_A0\3&61AAA01&0&17
Service:
.
==== System Restore Points ===================
.
RP14: 4/1/2011 6:08:12 PM - Installed PowerDVD
RP15: 4/1/2011 6:31:34 PM - Installed Microsoft Office Enterprise 2007
RP16: 4/1/2011 6:41:56 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP17: 4/1/2011 6:53:02 PM - Installed Java(TM) 6 Update 18
RP18: 4/1/2011 7:01:45 PM - Installed Windows XP -- Software Updates KB952011.
RP19: 4/1/2011 7:05:31 PM - Installed Windows Media Player Firefox Plugin
RP20: 4/1/2011 7:18:14 PM - Installed Nero 7 Ultra Edition
RP21: 4/1/2011 8:21:03 PM - Installed iTunes
RP22: 4/1/2011 9:12:36 PM - Printer Driver Adobe PDF Converter Installed
RP23: 4/1/2011 9:41:18 PM - avast! Free Antivirus Setup
RP24: 4/1/2011 11:14:29 PM - Installed Nancy Drew: Secrets Can Kill REMASTERED
RP25: 4/1/2011 11:36:41 PM - Installed Nancy Drew: Danger by Design
RP26: 4/2/2011 12:03:13 AM - Installed Nancy Drew: Shadow at the Water's Edge
RP27: 4/2/2011 9:48:55 PM - Removed Nancy Drew: Danger by Design
RP28: 4/3/2011 10:47:11 PM - System Checkpoint
RP29: 4/4/2011 11:36:02 PM - System Checkpoint
RP30: 4/5/2011 11:53:24 PM - System Checkpoint
RP31: 4/7/2011 7:17:14 PM - System Checkpoint
RP32: 4/9/2011 1:44:01 PM - System Checkpoint
RP33: 4/10/2011 4:55:51 PM - System Checkpoint
RP34: 4/11/2011 5:37:23 PM - System Checkpoint
RP35: 4/11/2011 10:50:08 PM - Installed The Sims Deluxe Edition
RP36: 4/12/2011 11:45:38 PM - System Checkpoint
RP37: 4/14/2011 1:28:06 PM - System Checkpoint
RP38: 4/16/2011 1:21:35 PM - System Checkpoint
RP39: 4/17/2011 8:59:35 PM - System Checkpoint
RP40: 4/19/2011 8:19:22 PM - System Checkpoint
RP41: 4/20/2011 2:03:13 AM - Printer Driver HP Officejet J4500 Series fax Installed
RP42: 4/21/2011 1:27:37 PM - System Checkpoint
RP43: 4/22/2011 2:54:34 PM - System Checkpoint
RP44: 4/23/2011 2:57:09 PM - System Checkpoint
RP45: 4/24/2011 7:32:32 PM - System Checkpoint
RP46: 4/25/2011 7:43:33 PM - System Checkpoint
RP47: 4/26/2011 8:22:05 PM - System Checkpoint
RP48: 4/27/2011 9:38:14 PM - System Checkpoint
RP49: 4/29/2011 3:01:28 PM - System Checkpoint
RP50: 4/30/2011 4:48:42 PM - System Checkpoint
RP51: 5/1/2011 5:06:48 PM - System Checkpoint
RP52: 5/2/2011 6:25:28 PM - System Checkpoint
RP53: 5/3/2011 7:16:46 PM - System Checkpoint
RP54: 5/3/2011 11:27:03 PM - Installed The Sims Hot Date
RP55: 5/3/2011 11:41:30 PM - Installed The Sims Vacation
RP56: 5/3/2011 11:52:29 PM - Installed The Sims Deluxe Edition
RP57: 5/5/2011 12:07:10 AM - System Checkpoint
RP58: 5/5/2011 12:40:10 AM - Installed The Sims Unleashed
RP59: 5/5/2011 1:12:44 AM - Installed The Sims Superstar
RP60: 5/6/2011 12:10:16 PM - System Checkpoint
RP61: 5/7/2011 12:21:28 PM - System Checkpoint
RP62: 5/9/2011 1:23:28 AM - System Checkpoint
RP63: 5/11/2011 8:29:08 PM - System Checkpoint
RP64: 5/12/2011 1:29:50 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
4500_Help
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.0.1)
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Uninstaller PRO v10.1 (remove!)
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CyberLink PowerDVD 9
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocMgr
DocProc
DocProcQFolder
eSupportQFolder
Fax
Free YouTube to MP3 Converter version 3.9.35.324
GPBaseService
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
iMacsoft iPod to PC Transfer
iTunes
J4500
Java Auto Updater
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nancy Drew: Secrets Can Kill REMASTERED
Nancy Drew: Shadow at the Water's Edge
Nero 7 Ultra Edition
OCR Software by I.R.I.S. 10.0
PDF Settings
Picasa 3
Plants vs. Zombies
PowerISO
ProductContext
PSSWCORE
QuickTime
rayman2
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skins
SmartWebPrintingOC
Software Update for Web Folders
SolutionCenter
Sophos Anti-Rootkit 1.5.4
Status
Toolbox
TrayApp
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WebFldrs XP
WebReg
Webshots Desktop
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Xilisoft iPhone Ringtone Maker
Xilisoft iPhone Transfer
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 3:49:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
5/9/2011 10:18:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Themes service.
5/9/2011 10:18:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
5/9/2011 10:18:18 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2011 2:49:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
5/8/2011 12:49:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
5/8/2011 1:49:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
5/7/2011 9:49:01 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
5/7/2011 9:49:01 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
5/7/2011 8:49:02 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
5/7/2011 8:49:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
5/7/2011 7:49:01 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
5/7/2011 7:49:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
5/7/2011 6:49:01 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
5/7/2011 6:49:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
5/7/2011 5:49:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
5/7/2011 5:49:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
5/7/2011 4:49:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
5/7/2011 4:49:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
5/7/2011 3:49:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
5/7/2011 2:49:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
5/7/2011 2:28:40 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/7/2011 12:49:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
5/7/2011 11:49:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
5/7/2011 11:49:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
5/7/2011 10:49:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
5/7/2011 10:49:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
5/7/2011 1:49:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
5/7/2011 1:20:44 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 1.0.0.0, the version of the system file is 5.1.2600.5512.
5/5/2011 2:46:02 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
5/12/2011 2:53:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
5/12/2011 2:45:16 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Emily at 19:59:35.84 on Thu 05/12/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.419 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\gmer\gmer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\dds.scr
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\emily\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301695638546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301695622984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\xy85n44r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en#t_0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: XULRunner: {572FBE01-02C6-4A99-B7F7-FC9C8FE7E6E3} - c:\documents and settings\emily\local settings\application data\{572FBE01-02C6-4A99-B7F7-FC9C8FE7E6E3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-1 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-1 301528]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-5-12 18816]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/04/01 17:58:25];c:\program files\cyberlink\powerdvd9\000.fcl [2009-5-7 87536]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10754\AGCoreService.exe [2011-4-3 20480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-1 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-1 42184]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\a.tmp --> c:\windows\system32\A.tmp [?]
.
=============== Created Last 30 ================
.
2011-05-13 01:25:36 625664 ----a-w- C:\dds.scr
2011-05-13 00:46:25 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-05-13 00:04:40 -------- d-----w- c:\program files\Sophos
2011-05-13 00:00:46 1376832 ----a-w- C:\sar_15_sfx.exe
2011-05-12 09:42:43 -------- d-----w- C:\gmer
2011-05-12 08:35:00 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-12 08:29:55 388096 ----a-r- c:\docume~1\emily\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-12 08:29:53 -------- d-----w- c:\program files\HiJack
2011-05-10 01:58:15 -------- d-----w- c:\program files\CyberDefender
2011-05-07 07:58:33 0 ----a-w- c:\windows\Ycoqetekolasihik.bin
2011-05-07 07:58:21 -------- d-----w- c:\docume~1\emily\locals~1\applic~1\{572FBE01-02C6-4A99-B7F7-FC9C8FE7E6E3}
2011-04-20 09:05:58 -------- d-----w- c:\docume~1\emily\locals~1\applic~1\HP
2011-04-20 08:28:20 -------- d-----w- c:\program files\common files\HP
2011-04-20 08:28:01 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-04-20 08:22:28 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-04-20 08:22:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-04-20 08:18:12 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
2011-04-20 08:18:10 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2011-04-20 08:18:06 271704 ----a-r- c:\windows\system32\hpzids01.dll
2011-04-20 08:17:23 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-04-20 08:16:21 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2011-04-20 08:16:21 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-04-20 08:16:21 294912 ----a-r- c:\windows\system32\hpovst11.dll
2011-04-20 08:16:20 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2011-04-20 08:16:20 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2011-04-20 04:43:20 1373528 ----a-r- c:\windows\hpzshl01.exe
2011-04-20 04:43:20 1140056 ----a-r- c:\windows\hpzmsi01.exe
2011-04-20 04:43:19 -------- d-----w- c:\windows\yellowtail
2011-04-20 04:42:56 -------- d-----w- c:\program files\HP
2011-04-20 04:42:47 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-20 04:42:47 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-20 04:42:40 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-04-20 04:42:40 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-04-13 07:28:21 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-04-13 07:27:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
.
==================== Find3M ====================
.
2011-04-02 01:53:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 01:53:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-04-02 01:08:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-04-02 01:08:05 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-02 01:08:05 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-02 00:42:24 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP0822N rev.WA100-31 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867046F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8670aa10]; MOV EAX, [0x8670aa8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86740AB8]
3 CLASSPNP[0xF786EFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000059[0x86794F18]
5 ACPI[0xF77E5620] -> nt!IofCallDriver[0x804E37D5] -> [0x86782D98]
\Driver\atapi[0x86746030] -> IRP_MJ_CREATE -> 0x867046F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8670453B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:07:56.57 ===============
Attach.txt:
DDS (Ver_11-03-05.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2011 2:55:49 PM
System Uptime: 5/12/2011 5:51:32 PM (3 hours ago)
.
Motherboard: | | SiS-661
Processor: Intel(R) Celeron(R) CPU 1.80GHz | Socket 478 | 1804/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 50.999 GiB free.
D: is CDROM (CDFS)
G: is FIXED (NTFS) - 932 GiB total, 896.21 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_0C56105B&REV_A0\3&61AAA01&0&17
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_0C56105B&REV_A0\3&61AAA01&0&17
Service:
.
==== System Restore Points ===================
.
RP14: 4/1/2011 6:08:12 PM - Installed PowerDVD
RP15: 4/1/2011 6:31:34 PM - Installed Microsoft Office Enterprise 2007
RP16: 4/1/2011 6:41:56 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP17: 4/1/2011 6:53:02 PM - Installed Java(TM) 6 Update 18
RP18: 4/1/2011 7:01:45 PM - Installed Windows XP -- Software Updates KB952011.
RP19: 4/1/2011 7:05:31 PM - Installed Windows Media Player Firefox Plugin
RP20: 4/1/2011 7:18:14 PM - Installed Nero 7 Ultra Edition
RP21: 4/1/2011 8:21:03 PM - Installed iTunes
RP22: 4/1/2011 9:12:36 PM - Printer Driver Adobe PDF Converter Installed
RP23: 4/1/2011 9:41:18 PM - avast! Free Antivirus Setup
RP24: 4/1/2011 11:14:29 PM - Installed Nancy Drew: Secrets Can Kill REMASTERED
RP25: 4/1/2011 11:36:41 PM - Installed Nancy Drew: Danger by Design
RP26: 4/2/2011 12:03:13 AM - Installed Nancy Drew: Shadow at the Water's Edge
RP27: 4/2/2011 9:48:55 PM - Removed Nancy Drew: Danger by Design
RP28: 4/3/2011 10:47:11 PM - System Checkpoint
RP29: 4/4/2011 11:36:02 PM - System Checkpoint
RP30: 4/5/2011 11:53:24 PM - System Checkpoint
RP31: 4/7/2011 7:17:14 PM - System Checkpoint
RP32: 4/9/2011 1:44:01 PM - System Checkpoint
RP33: 4/10/2011 4:55:51 PM - System Checkpoint
RP34: 4/11/2011 5:37:23 PM - System Checkpoint
RP35: 4/11/2011 10:50:08 PM - Installed The Sims Deluxe Edition
RP36: 4/12/2011 11:45:38 PM - System Checkpoint
RP37: 4/14/2011 1:28:06 PM - System Checkpoint
RP38: 4/16/2011 1:21:35 PM - System Checkpoint
RP39: 4/17/2011 8:59:35 PM - System Checkpoint
RP40: 4/19/2011 8:19:22 PM - System Checkpoint
RP41: 4/20/2011 2:03:13 AM - Printer Driver HP Officejet J4500 Series fax Installed
RP42: 4/21/2011 1:27:37 PM - System Checkpoint
RP43: 4/22/2011 2:54:34 PM - System Checkpoint
RP44: 4/23/2011 2:57:09 PM - System Checkpoint
RP45: 4/24/2011 7:32:32 PM - System Checkpoint
RP46: 4/25/2011 7:43:33 PM - System Checkpoint
RP47: 4/26/2011 8:22:05 PM - System Checkpoint
RP48: 4/27/2011 9:38:14 PM - System Checkpoint
RP49: 4/29/2011 3:01:28 PM - System Checkpoint
RP50: 4/30/2011 4:48:42 PM - System Checkpoint
RP51: 5/1/2011 5:06:48 PM - System Checkpoint
RP52: 5/2/2011 6:25:28 PM - System Checkpoint
RP53: 5/3/2011 7:16:46 PM - System Checkpoint
RP54: 5/3/2011 11:27:03 PM - Installed The Sims Hot Date
RP55: 5/3/2011 11:41:30 PM - Installed The Sims Vacation
RP56: 5/3/2011 11:52:29 PM - Installed The Sims Deluxe Edition
RP57: 5/5/2011 12:07:10 AM - System Checkpoint
RP58: 5/5/2011 12:40:10 AM - Installed The Sims Unleashed
RP59: 5/5/2011 1:12:44 AM - Installed The Sims Superstar
RP60: 5/6/2011 12:10:16 PM - System Checkpoint
RP61: 5/7/2011 12:21:28 PM - System Checkpoint
RP62: 5/9/2011 1:23:28 AM - System Checkpoint
RP63: 5/11/2011 8:29:08 PM - System Checkpoint
RP64: 5/12/2011 1:29:50 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
4500_Help
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.0.1)
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Uninstaller PRO v10.1 (remove!)
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CyberLink PowerDVD 9
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocMgr
DocProc
DocProcQFolder
eSupportQFolder
Fax
Free YouTube to MP3 Converter version 3.9.35.324
GPBaseService
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
iMacsoft iPod to PC Transfer
iTunes
J4500
Java Auto Updater
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nancy Drew: Secrets Can Kill REMASTERED
Nancy Drew: Shadow at the Water's Edge
Nero 7 Ultra Edition
OCR Software by I.R.I.S. 10.0
PDF Settings
Picasa 3
Plants vs. Zombies
PowerISO
ProductContext
PSSWCORE
QuickTime
rayman2
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skins
SmartWebPrintingOC
Software Update for Web Folders
SolutionCenter
Sophos Anti-Rootkit 1.5.4
Status
Toolbox
TrayApp
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WebFldrs XP
WebReg
Webshots Desktop
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Xilisoft iPhone Ringtone Maker
Xilisoft iPhone Transfer
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 3:49:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
5/9/2011 10:18:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Themes service.
5/9/2011 10:18:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
5/9/2011 10:18:18 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2011 2:49:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
5/8/2011 12:49:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
5/8/2011 1:49:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
5/7/2011 9:49:01 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
5/7/2011 9:49:01 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
5/7/2011 8:49:02 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
5/7/2011 8:49:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
5/7/2011 7:49:01 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
5/7/2011 7:49:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
5/7/2011 6:49:01 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
5/7/2011 6:49:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
5/7/2011 5:49:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
5/7/2011 5:49:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
5/7/2011 4:49:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
5/7/2011 4:49:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
5/7/2011 3:49:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
5/7/2011 2:49:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
5/7/2011 2:28:40 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/7/2011 12:49:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
5/7/2011 11:49:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
5/7/2011 11:49:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
5/7/2011 10:49:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
5/7/2011 10:49:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
5/7/2011 1:49:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
5/7/2011 1:20:44 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 1.0.0.0, the version of the system file is 5.1.2600.5512.
5/5/2011 2:46:02 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
5/12/2011 2:53:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
5/12/2011 2:45:16 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Emily at 19:59:35.84 on Thu 05/12/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.419 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\gmer\gmer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\dds.scr
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\emily\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301695638546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301695622984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\xy85n44r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en#t_0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: XULRunner: {572FBE01-02C6-4A99-B7F7-FC9C8FE7E6E3} - c:\documents and settings\emily\local settings\application data\{572FBE01-02C6-4A99-B7F7-FC9C8FE7E6E3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-1 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-1 301528]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-5-12 18816]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/04/01 17:58:25];c:\program files\cyberlink\powerdvd9\000.fcl [2009-5-7 87536]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10754\AGCoreService.exe [2011-4-3 20480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-1 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-1 42184]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\a.tmp --> c:\windows\system32\A.tmp [?]
.
=============== Created Last 30 ================
.
2011-05-13 01:25:36 625664 ----a-w- C:\dds.scr
2011-05-13 00:46:25 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-05-13 00:04:40 -------- d-----w- c:\program files\Sophos
2011-05-13 00:00:46 1376832 ----a-w- C:\sar_15_sfx.exe
2011-05-12 09:42:43 -------- d-----w- C:\gmer
2011-05-12 08:35:00 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-12 08:29:55 388096 ----a-r- c:\docume~1\emily\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-12 08:29:53 -------- d-----w- c:\program files\HiJack
2011-05-10 01:58:15 -------- d-----w- c:\program files\CyberDefender
2011-05-07 07:58:33 0 ----a-w- c:\windows\Ycoqetekolasihik.bin
2011-05-07 07:58:21 -------- d-----w- c:\docume~1\emily\locals~1\applic~1\{572FBE01-02C6-4A99-B7F7-FC9C8FE7E6E3}
2011-04-20 09:05:58 -------- d-----w- c:\docume~1\emily\locals~1\applic~1\HP
2011-04-20 08:28:20 -------- d-----w- c:\program files\common files\HP
2011-04-20 08:28:01 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-04-20 08:22:28 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-04-20 08:22:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-04-20 08:18:12 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
2011-04-20 08:18:10 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2011-04-20 08:18:06 271704 ----a-r- c:\windows\system32\hpzids01.dll
2011-04-20 08:17:23 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-04-20 08:16:21 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2011-04-20 08:16:21 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-04-20 08:16:21 294912 ----a-r- c:\windows\system32\hpovst11.dll
2011-04-20 08:16:20 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2011-04-20 08:16:20 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2011-04-20 04:43:20 1373528 ----a-r- c:\windows\hpzshl01.exe
2011-04-20 04:43:20 1140056 ----a-r- c:\windows\hpzmsi01.exe
2011-04-20 04:43:19 -------- d-----w- c:\windows\yellowtail
2011-04-20 04:42:56 -------- d-----w- c:\program files\HP
2011-04-20 04:42:47 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-20 04:42:47 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-20 04:42:40 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-04-20 04:42:40 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-04-13 07:28:21 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-04-13 07:27:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
.
==================== Find3M ====================
.
2011-04-02 01:53:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 01:53:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-04-02 01:08:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-04-02 01:08:05 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-02 01:08:05 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-02 00:42:24 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP0822N rev.WA100-31 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867046F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8670aa10]; MOV EAX, [0x8670aa8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86740AB8]
3 CLASSPNP[0xF786EFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000059[0x86794F18]
5 ACPI[0xF77E5620] -> nt!IofCallDriver[0x804E37D5] -> [0x86782D98]
\Driver\atapi[0x86746030] -> IRP_MJ_CREATE -> 0x867046F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8670453B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:07:56.57 ===============