Google Redirecting....again.

**DatA1988** · 22-07-2010

I know this is a common problem, and I've tried to self-diagnose and fix the problem but I haven't had any luck.

The problems I'm having are: - Google links are redirected to spam sites

-Generic host for win 32 crashes but the computer still works... not too sure what's happening there.

Here's a log from Malwarebytes' Anti-Malware software if that helps any. Not sure what my next step should be...

Log ----------------------------------------

Malwarebytes' Anti-Malware 1.46

Database version: 4306

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

7/21/2010 9:01:53 PM
mbam-log-2010-07-21 (21-01-53).txt

Scan type: Quick scan
Objects scanned: 134951
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

Thanks in advance for any advice!

**broni** · 23-07-2010

Topic moved to appropriate forum.

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

================================================== ==========

Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

**DatA1988** · 23-07-2010

Thanks for the response! I truly appreciate it.

Here's what you asked for:

DDS LOG

DDS (Ver_10-03-17.01) - NTFSx86
Run by fefemama at 22:16:19.03 on Thu 07/22/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.148 [GMT -7:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Creative\SBLive\SurMix2\SurMix2.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Webteh\BSplayer\bsplayer.exe
C:\Documents and Settings\fefemama\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: UIHost=vistaui.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstan ce.dll
TB: {F4D76F09-7896-458a-890F-E1F05C46069F} - No File
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\fefemama\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [V0330Mon.exe] c:\windows\V0330Mon.exe
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Hqepug] rundll32.exe "c:\windows\agogihaji.dll",Startup
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab75406.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fefemama\applic~1\mozilla\firefox\prof iles\g8bi8ed7.default\
FF - plugin: c:\documents and settings\fefemama\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\fefemama\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\fefemama\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\fefemama\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dl l
FF - HiddenExtension: XULRunner: {E3E59ACF-C44B-46CD-A191-B8B16D7FDDF7} - c:\documents and settings\fefemama\local settings\application data\{E3E59ACF-C44B-46CD-A191-B8B16D7FDDF7}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-9 218592]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-2-1 353680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-9 112592]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-12-29 185183]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-11-25 105472]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-9 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-9 1142224]

=============== Created Last 30 ================

2010-07-20 21:25:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-18 03:31:07 0 d-----w- c:\docume~1\fefemama\applic~1\Toribash
2010-07-13 08:39:03 3375093 ----a-w- c:\windows\{00000002-00000000-00000004-00001102-00000002-80271102}.BAK
2010-07-13 00:18:25 0 d-----w- c:\program files\Yahoo!
2010-07-12 22:24:09 1184 --sha-r- c:\documents and settings\fefemama\ntuser.pol
2010-07-12 22:22:37 0 d--h--w- c:\windows\system32\GroupPolicy
2010-07-09 13

41 882 ----a-w- c:\windows\RegSDImport.xml
2010-07-09 13

41 879 ----a-w- c:\windows\RegISSImport.xml
2010-07-09 13

41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-09 13

41 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-09 13

41 131 ----a-w- c:\windows\IDB.zip
2010-07-09 13

40 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-09 13

40 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-09 13

40 1152444 ----a-w- c:\windows\UDB.zip
2010-07-09 13:55:36 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-07-09 13:55:36 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-09 13:55:21 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-09 13:55:21 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-07-09 13:55:21 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-07-09 13:55:21 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-09 13:55:12 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-07-09 13:55:12 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-09 13:55:04 0 d-----w- c:\program files\Spyware Doctor
2010-07-09 13:55:04 0 d-----w- c:\program files\common files\PC Tools
2010-07-09 13:55:04 0 d-----w- c:\docume~1\fefemama\applic~1\PC Tools
2010-07-09 13:55:04 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-07-09 13:48:09 5120 --sha-w- c:\documents and settings\fefemama\Thumbs.db
2010-07-09 11:50:09 0 ----a-w- c:\windows\Nbofafeboc.bin
2010-07-09 11:50:06 120 ----a-w- c:\windows\Ccecireyiluyir.dat
2010-07-09 10:43:13 0 d-----w- c:\docume~1\fefemama\applic~1\Malwarebytes
2010-07-09 10:42:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 10:42:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-09 10:42:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 10:42:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 09:50:45 125 ----a-w- c:\windows\wininit.ini
2010-07-09 07:16:16 88576 --sha-r- c:\windows\system32\wbdbasei.dll
2010-07-09 07:14:46 0 d-----w- c:\docume~1\fefemama\applic~1\AB77AD0CC27841734775 028641C96954
2010-07-06 09

18 218 ----a-w- c:\documents and settings\fefemama\.recently-used.xbel

==================== Find3M ====================

2009-01-18 07

01 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\i ndex.dat
2009-01-18 07

01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-01-18 07:20:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011720090 118\index.dat
2009-01-18 07

01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 22:19:39.07 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/17/2009 11:18:06 PM
System Uptime: 7/22/2010 3:34:19 PM (7 hours ago)

Motherboard: http://www.abit.com.tw/ | | BH7/BH7-E (Intel i845PE-ICH4)
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Socket 478 | 2412/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 19 GiB total, 3.117 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 3.003 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 11.929 GiB free.
F: is FIXED (NTFS) - 20 GiB total, 4.609 GiB free.
G: is CDROM (CDFS)
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\A0042A2E309500
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\A0042A2E309500
Service: NIC1394

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
BitPim 1.0.7
Bonjour
Browser Defender 2.0.6.15
BS.Player FREE
Canon CanoScan Toolbox 4.1
CCleaner
Combined Community Codec Pack 2009-09-09
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
Creative WebCam Vista User's Guide (English)
Creative WebCam Vista/Live! Cam Chat Driver (1.02.02.00)
Critical Update for Windows Media Player 11 (KB959772)
DDXL
Digidesign Audio Drivers 7.0
DivX Web Player
DIY DataRecovery DiskPatch 3
foobar2000 v0.9.6
Foxit Reader
Fraps (remove only)
Google Talk Plugin
GTK+ Runtime 2.12.8 rev a (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
InterLok Driver Kit
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Last.fm 1.4.2.59470
LG USB Modem driver
Mad Catz Andretti Wheel
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Media Player
Mozilla Firefox (3.5.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Need For Speed High Stakes
Netflix Movie Viewer
NVIDIA Drivers
OpenAL
PDF Settings
PeerGuardian 2.0
Pidgin
Power Tab Editor 1.7
PowerISO
QuickTime
RoadRash
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skype™ 3.8
Software Update for Web Folders
Sound Blaster Live!
Sound Blaster Live! Web 2K/XP
Spybot - Search & Destroy
Spyware Doctor 7.0
Trials 2 Second Edition
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VLC media player 0.9.9
Windows Genuine Advantage Notifications (KB905474)
Windows Live installer
WinRAR archiver
Yahoo! Toolbar
ZoneAlarm Pro

==== Event Viewer Messages From Past Week ========

7/22/2010 6:18:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
7/22/2010 12:41:48 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/21/2010 9:07:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde sptd
7/20/2010 1:23:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
7/20/2010 1:22:27 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
7/20/2010 1:22:27 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/20/2010 1:22:27 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

GMER

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-23 00:01:05
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\fefemama\LOCALS~1\Temp\kwrdyaow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEB4388C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEB4356D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7655112]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEB438E80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEB43FC70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEB43FE80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEB443D80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEB438F70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEB435C60]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7655900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7655BB4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEB43F5F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xEB4323A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEB443260]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEB4432E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xEB444000]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEB435AC0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7653E12]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEB4414F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEB4412B0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7656020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEB443400]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEB4384E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEB4437F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEB438A90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEB435E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xEB432180]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF76553D2]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEB440570]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEB4403F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xEB4325C0]

INT 0x20 srescan.sys F7526C80

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 8E, 43, EB, 70, FC, 43, ...] {OR BYTE [ESI-0x38f14bd], 0x43; JMP 0xffffffffffffff89; INC BYTE [EBX-0x15]}
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [A0, 23, 43, EB, 60, 32, 44, ...]
.text ntoskrnl.exe!_abnormal_termination + 465 804E2AC1 3 Bytes [25, 43, EB]
? srescan.sys The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\agp440.sys entry point in ".rsrc" section [0xF78A7814]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF59D0360, 0x37388D, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB9938F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory + 4 7C90DEBA 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[888] USER32.dll!GetCursorPos 7E41BD5E 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[888] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00A3000A
.text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1332] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [CD, 20] {INT 0x20}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EB43D400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EB43D210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EB43DB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EB43B770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EB43B770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EB43D400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EB43D210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EB43DB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EB43D400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EB43DB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EB43D210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EB43B770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EB43DB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EB43D210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EB43D400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EB4458A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EB43B770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EB43D400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EB43D210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EB43DB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EB43D400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EB43B770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EB43DB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EB43D210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [EB43D400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [EB43D210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [EB43B770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [EB43DB40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EB4363C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EB436310] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EB4364C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EB436030] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 876D7EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x31 0x67 0x87 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0xCA 0xB3 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0x8F 0xC1 0xA2 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x31 0x67 0x87 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0xCA 0xB3 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0xC1 0xA2 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x31 0x67 0x87 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0xCA 0xB3 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0xC1 0xA2 0xA6 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\agp440.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Thanks again!

**broni** · 23-07-2010

Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

**DatA1988** · 24-07-2010

I believe this is the log file

thanks again for the help!

2010/07/23 16:46:18.0265 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/23 16:46:18.0265 ================================================== ==============================
2010/07/23 16:46:18.0265 SystemInfo:
2010/07/23 16:46:18.0265
2010/07/23 16:46:18.0265 OS Version: 5.1.2600 ServicePack: 2.0
2010/07/23 16:46:18.0265 Product type: Workstation
2010/07/23 16:46:18.0265 ComputerName: PEPESCARPET
2010/07/23 16:46:18.0265 UserName: fefemama
2010/07/23 16:46:18.0265 Windows directory: C:\WINDOWS
2010/07/23 16:46:18.0265 System windows directory: C:\WINDOWS
2010/07/23 16:46:18.0281 Processor architecture: Intel x86
2010/07/23 16:46:18.0281 Number of processors: 1
2010/07/23 16:46:18.0281 Page size: 0x1000
2010/07/23 16:46:18.0281 Boot type: Normal boot
2010/07/23 16:46:18.0281 ================================================== ==============================
2010/07/23 16:46:18.0687 Initialize success
2010/07/23 16:46:20.0000 ================================================== ==============================
2010/07/23 16:46:20.0000 Scan started
2010/07/23 16:46:20.0000 Mode: Manual;
2010/07/23 16:46:20.0000 ================================================== ==============================
2010/07/23 16:46:21.0000 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/23 16:46:21.0078 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/23 16:46:21.0156 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/07/23 16:46:21.0203 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/07/23 16:46:21.0265 agp440 (5f41c0d7830b89da06dda16102554d49) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/23 16:46:21.0265 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\agp440.sys. Real md5: 5f41c0d7830b89da06dda16102554d49, Fake md5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb
2010/07/23 16:46:21.0265 agp440 - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/07/23 16:46:21.0406 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/07/23 16:46:21.0531 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/23 16:46:21.0562 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/23 16:46:21.0625 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/23 16:46:21.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/23 16:46:21.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/23 16:46:21.0750 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/23 16:46:21.0812 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/23 16:46:21.0890 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/23 16:46:21.0921 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/23 16:46:21.0968 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/23 16:46:22.0125 ctac32k (8fb9ff97fe44175fecbd127b03589ad6) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/07/23 16:46:22.0187 ctaud2k (dab38c407db5b0737b583fe3ac4a6939) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/07/23 16:46:22.0265 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/07/23 16:46:22.0296 ctprxy2k (0614cfa185c5979d36169e525d3327c0) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/07/23 16:46:22.0328 ctsfm2k (d53222d9e951efca8111aba2b9382b5e) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/07/23 16:46:22.0437 dalwdmservice (3074ff8ed88d84b3240281702bc796ba) C:\WINDOWS\system32\drivers\dalwdm.sys
2010/07/23 16:46:22.0484 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/23 16:46:22.0562 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/23 16:46:22.0640 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/07/23 16:46:22.0671 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/23 16:46:22.0734 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/23 16:46:22.0843 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/23 16:46:22.0890 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/07/23 16:46:22.0937 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/07/23 16:46:22.0984 emupia (f5f6f897c6b39a1e2aac696412264c83) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/07/23 16:46:23.0015 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/23 16:46:23.0093 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/23 16:46:23.0125 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/23 16:46:23.0171 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/23 16:46:23.0218 FltMgr (6cc5181f718820861eeadae38f764b75) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/07/23 16:46:23.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/23 16:46:23.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/23 16:46:23.0421 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/07/23 16:46:23.0609 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/23 16:46:23.0859 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/23 16:46:24.0031 ha10kx2k (2f3c7e8209305cba775ac57a173cfe86) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/07/23 16:46:24.0109 hap16v2k (c0aff14e3096f749c79210dc0491a35e) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/07/23 16:46:24.0187 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
2010/07/23 16:46:24.0250 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/23 16:46:24.0390 HTTP (909d110c9634b0f1487eaaea837317d9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/23 16:46:24.0593 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/23 16:46:24.0671 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/23 16:46:24.0765 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/07/23 16:46:24.0828 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/23 16:46:24.0906 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/07/23 16:46:24.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/23 16:46:25.0015 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/23 16:46:25.0093 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/23 16:46:25.0171 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/23 16:46:25.0234 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/23 16:46:25.0328 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/23 16:46:25.0421 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/23 16:46:25.0515 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/23 16:46:25.0593 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/23 16:46:25.0671 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/23 16:46:25.0781 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/23 16:46:25.0921 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
2010/07/23 16:46:25.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/23 16:46:26.0093 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/23 16:46:26.0171 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/23 16:46:26.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/23 16:46:26.0312 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/23 16:46:26.0390 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/23 16:46:26.0531 MRxSmb (d07da410091143336dae419a921aae2b) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/23 16:46:26.0593 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/23 16:46:26.0656 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/23 16:46:26.0718 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/23 16:46:26.0812 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/23 16:46:26.0875 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/23 16:46:26.0953 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/23 16:46:27.0031 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/23 16:46:27.0078 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/23 16:46:27.0156 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/23 16:46:27.0234 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/23 16:46:27.0328 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/23 16:46:27.0437 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/23 16:46:27.0500 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/23 16:46:27.0546 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/23 16:46:27.0625 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/23 16:46:27.0703 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/23 16:46:27.0796 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/07/23 16:46:27.0890 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/23 16:46:28.0093 Ntfs (7179ac3f4258aec9627590a842fda1d6) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/23 16:46:28.0187 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/23 16:46:29.0515 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/23 16:46:31.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/23 16:46:31.0765 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/23 16:46:31.0859 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/07/23 16:46:31.0937 ossrv (262a62bfcece230e6b08c9c7c319d821) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/07/23 16:46:32.0015 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/23 16:46:32.0109 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/23 16:46:32.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/23 16:46:32.0234 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/23 16:46:32.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/07/23 16:46:32.0406 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/23 16:46:32.0609 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/07/23 16:46:32.0968 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/07/23 16:46:33.0078 pgfilter (79bad6756154335d5304f0fe39961f5b) C:\Program Files\PeerGuardian2\pgfilter.sys
2010/07/23 16:46:33.0125 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/23 16:46:33.0171 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/23 16:46:33.0265 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/23 16:46:33.0421 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/23 16:46:33.0515 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/23 16:46:33.0578 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/23 16:46:33.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/23 16:46:33.0734 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/23 16:46:33.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/23 16:46:33.0921 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/23 16:46:33.0984 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/23 16:46:34.0046 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/23 16:46:34.0140 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/07/23 16:46:34.0203 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/07/23 16:46:34.0281 SCDEmu (a73ae2510014103a44a5a58845219dcb) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/07/23 16:46:34.0390 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/23 16:46:34.0484 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/07/23 16:46:34.0593 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/23 16:46:34.0656 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/07/23 16:46:34.0765 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/23 16:46:34.0859 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/23 16:46:34.0953 sptd (4e3c4ffcb2c95c2ec1fa04a6f4531533) C:\WINDOWS\system32\Drivers\sptd.sys
2010/07/23 16:46:35.0078 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/23 16:46:35.0203 srescan (44f8645bcffbd1fbda6c3766f6ec61e2) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2010/07/23 16:46:35.0328 Srv (6bfa2b79451f961d4a3dd896659193df) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/23 16:46:35.0406 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/23 16:46:35.0468 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/23 16:46:35.0578 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/23 16:46:35.0781 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/23 16:46:35.0859 Tcpip (e6b15bcc470953e600ef7aded3cab142) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/23 16:46:35.0968 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/23 16:46:36.0015 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/23 16:46:36.0125 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/23 16:46:36.0250 TPkd (465dc203ad69d56f290480dae756a9f9) C:\WINDOWS\system32\drivers\TPkd.sys
2010/07/23 16:46:36.0343 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/23 16:46:36.0515 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/23 16:46:36.0625 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/07/23 16:46:36.0671 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/07/23 16:46:36.0765 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/23 16:46:36.0859 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/07/23 16:46:36.0937 usbehci (4a84dd272df62be5739394b3f90f8ae2) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/23 16:46:37.0031 usbhub (a874d1629762019ceaf824ad8a8c5660) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/23 16:46:37.0078 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/07/23 16:46:37.0156 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/23 16:46:37.0218 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/23 16:46:37.0296 usbuhci (654c19d5ca14483be3c2384cddc09468) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/23 16:46:37.0390 V0330VID (3069ad16f9d328bff0e7c87606940fd9) C:\WINDOWS\system32\DRIVERS\V0330Vid.sys
2010/07/23 16:46:37.0484 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/07/23 16:46:37.0578 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/23 16:46:37.0687 vsdatant (129744a30f0cf34d2f97629a9f3145e9) C:\WINDOWS\system32\vsdatant.sys
2010/07/23 16:46:37.0859 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/23 16:46:37.0984 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/23 16:46:38.0078 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/07/23 16:46:38.0140 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/07/23 16:46:38.0203 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/23 16:46:38.0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/23 16:46:38.0359 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/23 16:46:38.0421 ================================================== ==============================
2010/07/23 16:46:38.0421 Scan finished
2010/07/23 16:46:38.0421 ================================================== ==============================
2010/07/23 16:46:38.0484 Detected object count: 1
2010/07/23 16:46:45.0718 agp440 (5f41c0d7830b89da06dda16102554d49) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/23 16:46:45.0718 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\agp440.sys. Real md5: 5f41c0d7830b89da06dda16102554d49, Fake md5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb
2010/07/23 16:46:48.0500 Backup copy found, using it..
2010/07/23 16:46:48.0546 C:\WINDOWS\system32\DRIVERS\agp440.sys - will be cured after reboot
2010/07/23 16:46:48.0546 Rootkit.Win32.TDSS.tdl3(agp440) - User select action: Cure
2010/07/23 16:46:55.0343 Deinitialize success

**broni** · 24-07-2010

Did you restart computer?
If you didn't, do so...
Then...
Delete your GMER file, download fresh copy and post new log.

**DatA1988** · 25-07-2010

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-25 13:16:21
Windows 5.1.2600 Service Pack 2
Running: dp4zhxem.exe; Driver: C:\DOCUME~1\fefemama\LOCALS~1\Temp\kwrdyaow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF57518C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF574E6D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7655112]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF5751E80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF5758C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF5758E80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF575CD80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF5751F70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF574EC60]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7655900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7655BB4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF57585F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xF574B3A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF575C260]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF575C2E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xF575D000]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF574EAC0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7653E12]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF575A4F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF575A2B0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7656020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF575C400]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF57514E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF575C7F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF5751A90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF574EE90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xF574B180]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF76553D2]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF5759570]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF57593F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xF574B5C0]

INT 0x20 srescan.sys F7526C80

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 1E, 75, F5, 70, 8C, 75, ...]
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [A0, B3, 74, F5, 60, C2, 75, ...] {MOV AL, [0x60f574b3]; RET 0xf575; LOOPNZ 0xffffffffffffffcc; JNZ 0x1}
.text ntoskrnl.exe!_abnormal_termination + 21C 804E2878 4 Bytes JMP 5137F574
.text ntoskrnl.exe!_abnormal_termination + 465 804E2AC1 3 Bytes [B5, 74, F5] {MOV CH, 0x74; CMC }
? srescan.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6E7C360, 0x37388D, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB9EBEF00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1332] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [CD, 20] {INT 0x20}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F5756400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F5756210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F5756B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F5754770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F5754770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F5756400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F5756210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F5756B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F5756400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F5756B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F5756210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F5754770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5756B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5756210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F5756400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F575E8A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F5754770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F5756400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F5756210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F5756B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F5756400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F5754770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5756B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5756210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [F5756400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [F5756210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [F5754770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [F5756B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F574F3C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F574F310] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F574F4C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F574F030] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x31 0x67 0x87 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0xCA 0xB3 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0x8F 0xC1 0xA2 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x31 0x67 0x87 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0xCA 0xB3 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0xC1 0xA2 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x31 0x67 0x87 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0xCA 0xB3 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0xC1 0xA2 0xA6 ...

---- EOF - GMER 1.0.15 ----

**broni** · 25-07-2010

How is redirection?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**DatA1988** · 26-07-2010

ComboFix 10-07-24.04 - fefemama 07/25/2010 17:23:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.655 [GMT -7:00]
Running from: c:\documents and settings\fefemama\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\fefemama\Application Data\AB77AD0CC27841734775028641C96954
c:\documents and settings\fefemama\Application Data\AB77AD0CC27841734775028641C96954\enemies-names.txt
c:\documents and settings\fefemama\Application Data\AB77AD0CC27841734775028641C96954\local.ini
c:\documents and settings\fefemama\Local Settings\Application Data\{E3E59ACF-C44B-46CD-A191-B8B16D7FDDF7}
c:\documents and settings\fefemama\Local Settings\Application Data\{E3E59ACF-C44B-46CD-A191-B8B16D7FDDF7}\chrome.manifest
c:\documents and settings\fefemama\Local Settings\Application Data\{E3E59ACF-C44B-46CD-A191-B8B16D7FDDF7}\chrome\content\_cfg.js
c:\documents and settings\fefemama\Local Settings\Application Data\{E3E59ACF-C44B-46CD-A191-B8B16D7FDDF7}\chrome\content\overlay.xul
c:\documents and settings\fefemama\Local Settings\Application Data\{E3E59ACF-C44B-46CD-A191-B8B16D7FDDF7}\install.rdf
c:\windows\agogihaji.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-20 21:25 . 2010-07-20 21:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-18 03:31 . 2010-07-18 03:31 -------- d-----w- c:\documents and settings\fefemama\Application Data\Toribash
2010-07-13 00:18 . 2010-07-13 00:18 -------- d-----w- c:\documents and settings\fefemama\Application Data\Yahoo!
2010-07-13 00:18 . 2010-07-13 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-13 00:18 . 2010-07-13 00:18 -------- d-----w- c:\program files\Yahoo!
2010-07-12 22:22 . 2010-07-12 22:22 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-09 13:56 . 2010-01-22 16:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-09 13:56 . 2010-01-22 16:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-09 13:56 . 2008-11-26 19:08 131 ----a-w- c:\windows\IDB.zip
2010-07-09 13:56 . 2010-01-22 16:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-09 13:56 . 2010-01-22 16:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-09 13:56 . 2009-10-28 08:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-09 13:55 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-09 13:55 . 2010-03-29 17:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-09 13:55 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-09 13:55 . 2010-04-08 21:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-09 13:55 . 2010-07-12 23:11 -------- d-----w- c:\program files\Spyware Doctor
2010-07-09 13:55 . 2010-07-09 13:56 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-09 13:55 . 2010-07-09 13:55 -------- d-----w- c:\documents and settings\fefemama\Application Data\PC Tools
2010-07-09 13:55 . 2010-07-09 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-09 13:47 . 2010-07-09 13:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-07-09 11:50 . 2010-07-25 20:26 0 ----a-w- c:\windows\Nbofafeboc.bin
2010-07-09 11:50 . 2010-07-14 10:04 120 ----a-w- c:\windows\Ccecireyiluyir.dat
2010-07-09 10:43 . 2010-07-09 10:43 -------- d-----w- c:\documents and settings\fefemama\Application Data\Malwarebytes
2010-07-09 10:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 10:42 . 2010-07-09 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-09 10:42 . 2010-07-09 10:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 10:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 07:16 . 2010-07-09 07:16 88576 --sha-r- c:\windows\system32\wbdbasei.dll
2010-07-09 07:15 . 2010-07-09 09:50 -------- d-----w- c:\documents and settings\fefemama\Local Settings\Application Data\ifrwjdmpt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-26 00:19 . 2008-02-12 05:10 -------- d-----w- c:\documents and settings\fefemama\Application Data\.purple
2010-07-25 17:18 . 2008-02-12 03:44 -------- d-----w- c:\program files\PeerGuardian2
2010-07-25 17:05 . 2008-07-09 23:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-25 10:15 . 2010-03-14 10:14 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000002-80271102}.dat
2010-07-25 10:15 . 2010-03-14 10:14 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000002-80271102}.dat
2010-07-25 09:39 . 2008-12-21 00:03 -------- d-----w- c:\documents and settings\fefemama\Application Data\foobar2000
2010-07-25 03:07 . 2008-02-25 05:10 -------- d-----w- c:\documents and settings\fefemama\Application Data\uTorrent
2010-07-23 23:48 . 2008-02-11 16:51 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2010-07-23 04:59 . 2008-02-15 06:33 -------- d-----w- c:\documents and settings\fefemama\Application Data\gtk-2.0
2010-07-22 07:12 . 2010-07-22 07:14 27136 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-07-22 05:02 . 2010-07-22 05:04 39936 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-07-21 23:55 . 2010-07-21 23:57 105472 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-07-18 21:40 . 2010-07-18 21:42 44544 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-07-18 05:32 . 2010-07-18 05:34 50688 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-07-16 22:17 . 2010-07-16 22:19 632320 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-07-15 08:15 . 2008-02-12 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-13 00:19 . 2010-01-16 02:34 -------- d-----w- c:\documents and settings\fefemama\Application Data\Media Player Classic
2010-07-13 00:18 . 2010-01-16 04:55 -------- d-----w- c:\program files\CCleaner
2010-07-10 17:12 . 2010-07-10 17:12 2865298 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-09 07:55 . 2008-02-12 04:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-09 07:17 . 2010-07-09 07:17 146352 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_07_09_00_15_13_small.dmp.zip
2010-07-09 07:16 . 2010-07-09 07:17 2390528 ----a-w- c:\windows\Internet Logs\xDB183.tmp
2010-06-15 17:43 . 2008-12-23 04:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 23:51 . 2010-06-11 23:51 3055600 ----a-w- c:\documents and settings\fefemama\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 23:36 . 2010-06-11 23:36 275952 ----a-w- c:\documents and settings\fefemama\Application Data\Mozilla\plugins\npgoogletalk.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a 78495f397efb821e37bf356\explorer.exe
[-] 2007-07-22 . C0F6FE6885CD3DC40DEB5866939D5138 . 1423360 . . [6.00.2900.3111] . . c:\windows\explorer.exe
[7] 2007-07-22 . DF3F40C1C0C4EA6BFD4CFACD4CB18BF1 . 1033216 . . [6.00.2900.3111] . . c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-19 1421824]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Google Update"="c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"WINDVDPatch"="CTHELPER.EXE" [2003-08-28 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-02 148888]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-02-26 32768]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-14 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-16 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-22 981904]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.e xe" [2004-08-04 44544]
"IE7-10"="advpack.dll" [2008-12-20 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,0 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=diomidi.dll
"wave1"=Digi32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^fefemama^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\fefemama\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-07 06:11 133104 ----atw- c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-20 09:27 65536 ----a-w- c:\program files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 18:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-19 00:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
2008-11-14 18:33 69632 ----a-w- c:\program files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar]
2008-11-15 05:57 131778 ----a-w- c:\program files\Vista Rainbar\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
2008-11-12 19:28 602112 ----a-w- c:\program files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
2007-04-25 17:45 956928 ----a-w- c:\program files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\fefemama\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\fefemama\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/9/2010 6:55 AM 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/9/2010 6:56 AM 112592]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [12/29/2008 6:41 PM 185183]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/3/2008 3:33 PM 639224]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [11/25/2008 7:04 PM 105472]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/9/2010 6:55 AM 366840]

--- Other Services/Drivers In Memory ---

*Deregistered* - kwrdyaow
.
Contents of the 'Scheduled Tasks' folder

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-725345543-1801674531-1003Core.job
- c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-07 06:11]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-725345543-1801674531-1003UA.job
- c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-07 06:11]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\fefemama\Application Data\Mozilla\Firefox\Profiles\g8bi8ed7.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\fefemama\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\fefemama\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\fefemama\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Hqepug - c:\windows\agogihaji.dll
SafeBoot-klmdb.sys
MSConfigStartUp-070700Setup - c:\documents and settings\fefemama\Application Data\AB77AD0CC27841734775028641C96954\070700Setup. exe
MSConfigStartUp-Hqepug - c:\windows\ehexizod.dll
MSConfigStartUp-hsef87ehf3jishfs87fhuishfsgggfdgs4g - c:\docume~1\fefemama\LOCALS~1\Temp\k9i7d61j.exe
MSConfigStartUp-mcexecwin - c:\docume~1\fefemama\LOCALS~1\Temp\lqueeudaau.dll
MSConfigStartUp-sdr8gdrgdrgke49orkgsjkjfjhsd - c:\docume~1\fefemama\LOCALS~1\Temp\cmd.exe
AddRemove-Mad Catz Andretti Wheel - c:\program files\Mad Catz
AddRemove-Need For Speed High Stakes - d:\program files\ea\Uninst.isu

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-25 17:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\cscui.dll
.
Completion time: 2010-07-25 17:42:19
ComboFix-quarantined-files.txt 2010-07-26 00:42

Pre-Run: 2,410,475,520 bytes free
Post-Run: 2,531,086,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 94F4C51A6CD797651BBF7D0AC97BDEFC

**broni** · 26-07-2010

You didn't say how is redirection....

Google Redirecting....again.

Google Redirecting....again.

Similar Threads

Google redirecting

google links redirecting me

google redirecting :(

Google always redirecting

Google Redirecting