DDS (Ver_09-09-29.01) - NTFSx86
Run by v at 16:41:52.35 on Sun 10/04/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1535.1147 [GMT -4:00]
============== Running Processes ===============
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\v\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroCheck] c:\winnt\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238646850718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238646834468
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\v\applic~1\mozilla\firefox\profiles\jzbmtgoq.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\real_player_alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\real_player_alternative\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 74480]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2008-6-3 61712]
R3 FA311;Netgear FA311 NDIS 5.0 Miniport Driver;c:\winnt\system32\drivers\FA311ND5.SYS [2000-2-28 21728]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 esiasdrv;esiasdrv;\??\c:\docume~1\v\locals~1\temp\esiasdrv.sys --> c:\docume~1\v\locals~1\temp\esiasdrv.sys [?]
=============== Created Last 30 ================
2009-10-04 16:41 16,384 a------t c:\winnt\system32\Perflib_Perfdata_2fc.dat
2009-10-04 16:29 16,384 a------t c:\winnt\system32\Perflib_Perfdata_21c.dat
2009-10-02 15:32 <DIR> --d----- C:\Rooter$
2009-09-30 00:46 <DIR> --d----- c:\program files\Real_Player_Alternative
2009-09-28 16:42 <DIR> --d----- c:\program files\Trend Micro
2009-09-27 21:20 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1fc.dat
2009-09-25 21:50 924,964 ----h--- c:\winnt\ShellIconCache
2009-09-24 00:14 229,888 a------- c:\winnt\PEV.exe
2009-09-11 07:26 96,408 a------- c:\winnt\system32\drivers\epfwtdir.sys
2009-09-11 07:23 108,792 a------- c:\winnt\system32\drivers\ehdrv.sys
2009-09-11 07:17 116,008 a------- c:\winnt\system32\drivers\eamon.sys
==================== Find3M ====================
2009-09-10 14:54 38,224 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 18,520 a------- c:\winnt\system32\drivers\mbam.sys
2009-08-05 01:04 90,164 a------- c:\winnt\system32\atl.dll
2009-07-27 07:27 165,136 a------- c:\winnt\system32\t2embed.dll
2009-07-27 07:27 81,168 a------- c:\winnt\system32\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\winnt\system32\deploytk.dll
2009-07-13 09:13 78,608 a------- c:\winnt\system32\avifil32.dll
2009-07-10 12:49 601,088 a------- c:\winnt\system32\INETCOMM.DLL
2009-07-10 12:49 47,616 a------- c:\winnt\system32\INETRES.DLL
2009-07-10 12:49 229,376 a------- c:\winnt\system32\MSOEACCT.DLL
2009-07-10 12:49 91,136 a------- c:\winnt\system32\MSOERT2.DLL
2009-07-10 12:47 44,032 a------- c:\winnt\system32\MSIDENT.DLL
2008-06-03 21:13 271 ----h--- c:\program files\desktop.ini
2001-05-08 08:00 32,528 a------- c:\winnt\inf\wbfirdma.sys
============= FINISH: 16:42:06.15 ===============
________________________________________________________________________________
_______________________
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk0\Partition1
Install Date:
System Uptime: 10/4/2009 12:28:27 PM (4 hours ago)
Motherboard: Dell Computer Corp. | |
Processor: IntelŪ PentiumŪ 4 CPU 2.40GHz | Microprocessor | 2386/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 29.543 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 24.345 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_2443&SUBSYS_010D1028&REV_04\3&172E68DD&0&FB
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_2443&SUBSYS_010D1028&REV_04\3&172E68DD&0&FB
Service:
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
ACDSee 5.0 PowerPack
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Ahead Nero Burning ROM
AI RoboForm (All Users)
Apple Software Update
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera TWAIN Driver
Canon Camera TWAIN Driver 6.6
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ScanGear Toolbox CS 2.2
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner (remove only)
DirectX 9 Hotfix - KB839643
Diskeeper Professional Edition
ESET NOD32 Antivirus
ESET Online Scanner v3
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB947748)
hp LaserJet 2300 Uninstaller
Java 6 Update 15
Java 6 Update 6
Java 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
MovieEdit Task
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Windows 2000/XP Display Drivers
PhotoStitch
QuickTime
RAW Image Task 2.1
Real Alternative 1.9.0
Rosetta Stone Version 3
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for DirectX 9.0 (KB971633)
Security Update for DirectX 9.0b (KB961373)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 7.1 (KB936782)
Shipping Assistant 3.6
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.8.5
ViewSonic Monitor Drivers
WebFldrs
Windows 2000 Hotfix - KB833407
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941568
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950759
Windows 2000 Hotfix - KB950760
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB953838
Windows 2000 Hotfix - KB953839
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB956844
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958215
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958687
Windows 2000 Hotfix - KB958690
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960714
Windows 2000 Hotfix - KB960715
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961371
Windows 2000 Hotfix - KB961371-V2
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB963027
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB968537
Windows 2000 Hotfix - KB969897
Windows 2000 Hotfix - KB969898
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971557
Windows 2000 Hotfix - KB971961
Windows 2000 Hotfix - KB972260
Windows 2000 Hotfix - KB973346
Windows 2000 Hotfix - KB973354
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973869
Windows Installer 3.1 (KB893803)
Windows Media Player 7.1
Windows Media Player Hotfix [See Q828026 for more information]
WinRAR archiver
WinZip
==== End Of File ===========================
________________________________________________________________________________
_______________________
GMER 1.0.15.15125 -
http://www.gmer.net
Rootkit scan 2009-10-04 16:59:18
Windows 5.0.2195 Service Pack 4
Running: gmer.exe; Driver: C:\DOCUME~1\v\LOCALS~1\Temp\pfxiipob.sys
---- System - GMER 1.0.15 ----
SSDT 88BA08A0 ZwAssignProcessToJobObject
SSDT 88B9D9F0 ZwDeleteKey
SSDT 88B9D7B0 ZwDeleteValueKey
SSDT 88B9FCB0 ZwOpenProcess
SSDT 88BA00D0 ZwOpenThread
SSDT 88B9D8C0 ZwSetValueKey
SSDT 88BA04F0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xBEA630B0]
SSDT 88BA0310 ZwTerminateThread
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [8:112] 88B9E930
---- Services - GMER 1.0.15 ----
Service C:\WINNT\system32\clipsrv.exe? (*** hidden *** ) [MANUAL] ClipSrv <-- ROOTKIT !!!
Service C:\WINNT\system32\MSTask.exe? (*** hidden *** ) Schedule <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Edited by Step_By_Step, 04 October 2009 - 03:09 PM.