BleepingComputer.com: I had a rootkit and plenty trojans

I was told eset on line scanner would determine if I was infected. I went from plenty infected to clean on that scanner. Is there someplace else i should look to confirm I am clean? My computer does seem to run faster and "better'.
win xp home
2 gigs memory.

This post has been edited by blaumann: 01 December 2011 - 05:34 PM

Lets run a system inf tool and 2 scans.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• Report FF Proxy Settings
  
• Reset FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List Winsock Entries
  
• List last 10 Event Viewer log
  
• List Installed Programs
  
• List Users, Partitions and Memory size.
  
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.

Download Link 1
Download Link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply

Thanks. I will do this in the next few days. Can't do this right now.
I appreciate the answer and i will follow up.

I'll look back when you post again. No hurry.

I have logs from mini tool box and MBAM. I will try to post them

Malwarebytes'

Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8295

Windows 5.1.2600 Service

Pack 3
Internet Explorer

6.0.2900.5512

12/3/2011 3:48:13 AM
mbam-log-2011-12-03

(03-48-13).txt

Scan type: Quick scan
Objects scanned: 180844
Time elapsed: 9 minute(s),

13 second(s)

Memory Processes Infected:

0
Memory Modules Infected:

0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items

Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items

detected)

Memory Modules Infected:
(No malicious items

detected)

Registry Keys Infected:
(No malicious items

detected)

Registry Values Infected:
(No malicious items

detected)

Registry Data Items

Infected:
(No malicious items

detected)

Folders Infected:
(No malicious items

detected)

Files Infected:
(No malicious items

detected)


MiniToolBox by Farbar
Ran by Norman (administrator) on 03-12-2011 at 03:30:16
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Dynex DX-E102 PCI 10/100Mb Network Adapter = Local Area Connection 2 (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : norman-schmuck Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : westell.comEthernet adapter Local Area Connection 3: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller Physical Address. . . . . . . . . : 00-26-18-82-03-D4Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : westell.com Description . . . . . . . . . . . : Dynex DX-E102 PCI 10/100Mb Network Adapter #2 Physical Address. . . . . . . . . : 00-27-19-C2-8B-EA Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.45 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : Saturday, December 03, 2011 3:23:01 AM Lease Expires . . . . . . . . . . : Sunday, December 04, 2011 3:23:01 AMServer: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.104, 72.14.204.103, 72.14.204.147, 72.14.204.105
72.14.204.99

Pinging google.com [72.14.204.99] with 32 bytes of data:Reply from 72.14.204.99: bytes=32 time=37ms TTL=55Reply from 72.14.204.99: bytes=32 time=36ms TTL=55Ping statistics for 72.14.204.99: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 36ms, Maximum = 37ms, Average = 36msServer: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149

Pinging yahoo.com [98.139.180.149] with 32 bytes of data:Reply from 98.139.180.149: bytes=32 time=107ms TTL=49Reply from 98.139.180.149: bytes=32 time=141ms TTL=49Ping statistics for 98.139.180.149: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 107ms, Maximum = 141ms, Average = 124msServer: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 18 82 03 d4 ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller - Packet Scheduler Miniport
0x10004 ...00 27 19 c2 8b ea ...... Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.45 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.45 192.168.1.45 20
192.168.1.45 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.45 192.168.1.45 20
224.0.0.0 240.0.0.0 192.168.1.45 192.168.1.45 20
255.255.255.255 255.255.255.255 192.168.1.45 192.168.1.45 1
255.255.255.255 255.255.255.255 192.168.1.45 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/29/2011 05:02:14 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/29/2011 05:01:04 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/29/2011 03:47:57 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.

Error: (11/29/2011 03:46:25 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.

Error: (11/29/2011 03:45:56 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.

Error: (11/29/2011 03:40:58 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.

Error: (11/29/2011 03:40:16 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.

Error: (11/29/2011 03:36:24 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.

Error: (11/29/2011 03:35:52 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.

Error: (11/29/2011 03:34:22 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.


System errors:
=============
Error: (12/03/2011 03:24:37 AM) (Source: Service Control Manager) (User: )
Description: The Quinnware CDDA Driver (by InfinaDyne) service failed to start due to the following error:
%%3

Error: (12/03/2011 03:24:37 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (12/03/2011 03:24:37 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (12/03/2011 03:23:02 AM) (Source: Workstation) (User: )
Description: Could not load RDR device driver.

Error: (12/03/2011 03:22:10 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/03/2011 03:01:27 AM) (Source: DCOM) (User: Norman)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/03/2011 03:01:22 AM) (Source: DCOM) (User: Norman)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/03/2011 03:01:21 AM) (Source: DCOM) (User: Norman)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/03/2011 02:03:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
Fips
intelppm
RapportKELL
SASDIFSV
SASKUTIL

Error: (12/03/2011 02:03:44 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066


Microsoft Office Sessions:
=========================
Error: (11/29/2011 05:02:14 PM) (Source: Application Hang)(User: )
Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (11/29/2011 05:01:04 PM) (Source: Application Hang)(User: )
Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (11/29/2011 03:47:57 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/29/2011 03:46:25 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/29/2011 03:45:56 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/29/2011 03:40:58 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/29/2011 03:40:16 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/29/2011 03:36:24 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/29/2011 03:35:52 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/29/2011 03:34:22 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Acer System Information (Version: 1.0.0)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Advanced SystemCare 4 (Version: 4.1.0)
Apple Application Support (Version: 1.5.1)
Apple Software Update (Version: 2.1.1.116)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.39)
AVG 2012 (Version: 12.0.1873)
AVG 2012 (Version: 12.0.2102)
AVG 2012 (Version: 2012.0.1873)
Bonjour (Version: 2.0.4.0)
CCleaner (Version: 3.13)
Defraggler
Dynex DX-E102 PCI 10/100Mb Network Adapter (Version: 1.00.0000)
Epson Copy Utility 3.5 (Version: 3.5.0.0)
Epson Event Manager (Version: 2.30.01)
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
ESET Online Scanner v3
FaxTools (Version: 5.10)
FileZilla Client 3.5.1 (Version: 3.5.1)
GIMP 2.6.11 (Version: 2.6.11)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
Hitman Pro 3.5 (Version: 3.5.9.131)
IHA_MessageCenter (Version: 1.5.7)
Intel® Graphics Media Accelerator Driver
IObit Malware Fighter (Version: 1.0)
ioIsland.com ClearTweak
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Junk Mail filter update (Version: 14.0.8089.726)
Lexmark 3100 Series
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office Live Meeting SDK May 2006 (Version: 3.0.5778.0)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2531.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 2000 (Version: 1.0.0.0000)
MozBackup 1.4.10
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSN Toolbar Platform (Version: 4.0.0379.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Neat Image v6 Demo (with plug-in)
NetWaiting (Version: 2.5.5)
NetZero Internet (Version: 8.9.2.0)
PageBreeze Free HTML Editor
Photo Pos Pro (Version: 1.86)
Platform (Version: 1.34)
QuickTime (Version: 7.70.80.34)
Rapport (Version: 3.5.1108.52)
Recuva (Version: 1.40)
Secunia PSI (2.0.0.3003)
Segoe UI (Version: 14.0.4327.805)
Serif WebPlus Starter Edition (Version: 2.0.1.011)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Soft Voice SoftRing Modem with SmartSP
Sophos Anti-Rootkit 1.5.20 (Version: 1.5.20)
Speccy (Version: 1.12)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SUPERAntiSpyware (Version: 4.50.1002)
V92 PCI Voice Faxmodem
Verizon High Speed Internet
VIA Platform Device Manager (Version: 1.34)
VLC media player 1.1.11 (Version: 1.1.11)
VuePrint
Vz In Home Agent (Version: 8.03.25)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows Media Player 11
Xvid Video Codec (Version: 1.3.1)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 2038.11 MB
Available physical RAM: 1457.29 MB
Total Pagefile: 3931.2 MB
Available Pagefile: 3369.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.64 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:268 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Guest HelpAssistant
Norman SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

I will make another post about a new problem i am having.

When i use internet explorer, if I go directly to Ebay I am sent to http://ebay.ad31.net/?srt=1
If I use MSN search or google in IE I go to the real ebay site, my user account is recognized.
I have not had any other sites give me a problem in IE.
Using firefox and chrome, i go to ebay just fine.

I think I see evidence of a rootkit.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

I ran it. Nothing was found. i can't see how to post the report. I can't cut and paste it.

I tried again, i can not cut and paste this report. Once again, it found no threats.

Please explain to me how to post this report.

That is odd, But at least no infection.
How are you connected? Wired,wireless,thru a router?

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

NOTE: In some instances if no malware is found there will be no log produced.

When you do to C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

I dont know if it matters but you said Cut and paste.

How do i mcopy and paste???
I will use eset, it has been coming up clean for a while. I will do it again.

I click report with Kapersky. I then highlight the text. i right click. I get NOTHING. No copy nothing. What am i doing wrong???

Its only the YDSS report you cannot copy corrrect?