Jump to content

TMD

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Greetings, Please help. The items on my desktop have vanished!?! I also have no item on the right side of the menu when I press the start button. I have attached dds logs and will await your next move. dds.txt attach.txt
  2. I picked up some Malware about 2 weeks ago, ran MBAM in safe mode and it seemed to clear it up. Windows XP F-Secure - Charter Security Suite
  3. I can not download windows updates from the Microsoft website. The automatic updates are turned on in my system but I keep getting a popup on my taskbar that says WU is off. Any help would be appreciated.
  4. LD, New CF log: ComboFix 11-02-08.02 - tmd 02/08/2011 21:09:14.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.848 [GMT -5:00] Running from: c:\documents and settings\tmd\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\tmd\Desktop\CFScript.txt AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} FILE :: "c:\program files\Yontoo Layers Client\YontooIEClient.dll" file zipped: c:\documents and settings\tmd\Application Data\Microsoft\gb_51203.bat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\tmd\Application Data\Microsoft\gb_51203.bat c:\program files\Yontoo Layers Client c:\program files\Yontoo Layers Client\YontooIEClient.dll . ((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 ))))))))))))))))))))))))))))))) . 2011-02-08 00:39 . 2011-02-08 00:39 -------- d-----w- c:\program files\ESET 2011-02-06 13:49 . 2011-02-06 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-04 21:41 . 2011-02-04 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-02-04 21:41 . 2011-02-06 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\pEkNnFp15400 2011-02-04 13:33 . 2011-02-04 13:33 -------- d-----w- c:\documents and settings\tmd\Application Data\Malwarebytes 2011-02-04 13:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-04 13:32 . 2011-02-04 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-04 13:32 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-04 13:32 . 2011-02-06 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-04 13:26 . 2011-02-04 13:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-04 13:04 . 2011-02-04 13:41 -------- d-s---w- c:\documents and settings\NetworkService\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-02 02:27 . 2011-01-02 02:27 1409 ----a-w- c:\windows\QTFont.for 2010-12-16 20:28 . 2010-08-09 02:01 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2010-12-15 13:06 . 2010-08-09 02:02 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys 2010-11-18 18:12 . 2010-08-08 23:53 81920 ----a-w- c:\windows\system32\isign32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\tmd\Start Menu\Programs\Startup\ eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/8/2010 9:02 PM 42664] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/8/2010 9:01 PM 82120] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [8/8/2010 9:01 PM 68064] R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [9/5/2010 4:13 PM 401920] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [8/8/2010 9:01 PM 130728] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [8/8/2010 9:01 PM 63992] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [8/8/2010 7:09 PM 69692] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [8/8/2010 9:01 PM 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [8/8/2010 9:01 PM 25184] --- Other Services/Drivers In Memory --- *NewlyCreated* - CFCATCHME *Deregistered* - CFcatchme . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc FF - ProfilePath - c:\documents and settings\tmd\Application Data\Mozilla\Firefox\Profiles\2q1d9hkn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.search.selectedengine - Bing FF - prefs.js: browser.startup.homepage - hxxp://home.iwon.com/iwon-homepage/home.jhtml FF - prefs.js: keyword.URL - hxxp://www.zstart.com/s/?site=Bing&src=FF-Address&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\Charter Security Suite\NRS\litmus-ff@f-secure.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Myibay Firefox extension: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com . - - - - ORPHANS REMOVED - - - - HKLM-Run-EfficientStickyNotes - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-08 21:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(516) c:\windows\system32\Ati2evxx.dll c:\program files\charter security suite\hips\fshook32.dll - - - - - - - > 'lsass.exe'(572) c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL c:\program files\charter security suite\hips\fshook32.dll . Completion time: 2011-02-08 21:22:34 ComboFix-quarantined-files.txt 2011-02-09 02:22 ComboFix2.txt 2011-02-09 00:38 Pre-Run: 140,306,980,864 bytes free Post-Run: 140,294,176,768 bytes free - - End Of File - - 8F5C30E2C9D399DDB13891EB9A277CF5 TMD
  5. LD, The Charter Suite no longer shows in the taskbar. The computer is quick with no excessive CPU noted. The intrusion captured some CC#'s and other personal data. Is there protection strong enough to avoid this scenario again? Let me know what to do next. TMD
  6. LD, The dll problem seems to be solved. The computer is running fast. I am going to reboot to see if the Charter Security shows in the task bar. Be bask soon!
  7. LD, New CF log: ComboFix 11-02-08.02 - tmd 02/08/2011 21:09:14.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.848 [GMT -5:00] Running from: c:\documents and settings\tmd\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\tmd\Desktop\CFScript.txt AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} FILE :: "c:\program files\Yontoo Layers Client\YontooIEClient.dll" file zipped: c:\documents and settings\tmd\Application Data\Microsoft\gb_51203.bat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\tmd\Application Data\Microsoft\gb_51203.bat c:\program files\Yontoo Layers Client c:\program files\Yontoo Layers Client\YontooIEClient.dll . ((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 ))))))))))))))))))))))))))))))) . 2011-02-08 00:39 . 2011-02-08 00:39 -------- d-----w- c:\program files\ESET 2011-02-06 13:49 . 2011-02-06 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-04 21:41 . 2011-02-04 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-02-04 21:41 . 2011-02-06 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\pEkNnFp15400 2011-02-04 13:33 . 2011-02-04 13:33 -------- d-----w- c:\documents and settings\tmd\Application Data\Malwarebytes 2011-02-04 13:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-04 13:32 . 2011-02-04 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-04 13:32 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-04 13:32 . 2011-02-06 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-04 13:26 . 2011-02-04 13:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-04 13:04 . 2011-02-04 13:41 -------- d-s---w- c:\documents and settings\NetworkService\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-02 02:27 . 2011-01-02 02:27 1409 ----a-w- c:\windows\QTFont.for 2010-12-16 20:28 . 2010-08-09 02:01 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2010-12-15 13:06 . 2010-08-09 02:02 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys 2010-11-18 18:12 . 2010-08-08 23:53 81920 ----a-w- c:\windows\system32\isign32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\tmd\Start Menu\Programs\Startup\ eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/8/2010 9:02 PM 42664] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/8/2010 9:01 PM 82120] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [8/8/2010 9:01 PM 68064] R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [9/5/2010 4:13 PM 401920] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [8/8/2010 9:01 PM 130728] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [8/8/2010 9:01 PM 63992] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [8/8/2010 7:09 PM 69692] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [8/8/2010 9:01 PM 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [8/8/2010 9:01 PM 25184] --- Other Services/Drivers In Memory --- *NewlyCreated* - CFCATCHME *Deregistered* - CFcatchme . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc FF - ProfilePath - c:\documents and settings\tmd\Application Data\Mozilla\Firefox\Profiles\2q1d9hkn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.search.selectedengine - Bing FF - prefs.js: browser.startup.homepage - hxxp://home.iwon.com/iwon-homepage/home.jhtml FF - prefs.js: keyword.URL - hxxp://www.zstart.com/s/?site=Bing&src=FF-Address&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\Charter Security Suite\NRS\litmus-ff@f-secure.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Myibay Firefox extension: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com . - - - - ORPHANS REMOVED - - - - HKLM-Run-EfficientStickyNotes - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-08 21:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(516) c:\windows\system32\Ati2evxx.dll c:\program files\charter security suite\hips\fshook32.dll - - - - - - - > 'lsass.exe'(572) c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL c:\program files\charter security suite\hips\fshook32.dll . Completion time: 2011-02-08 21:22:34 ComboFix-quarantined-files.txt 2011-02-09 02:22 ComboFix2.txt 2011-02-09 00:38 Pre-Run: 140,306,980,864 bytes free Post-Run: 140,294,176,768 bytes free - - End Of File - - 8F5C30E2C9D399DDB13891EB9A277CF5
  8. LD, The code your have has an http. Do you want this copied/pasted? http://forums.malwarebytes.org/index.php?showtopic=74711
  9. LD, CF log: ComboFix 11-02-08.02 - tmd 02/08/2011 19:20:26.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.916 [GMT -5:00] Running from: c:\documents and settings\tmd\Desktop\ComboFix.exe AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\tmd\delme.bat c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbar.dll c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 ))))))))))))))))))))))))))))))) . 2011-02-08 00:39 . 2011-02-08 00:39 -------- d-----w- c:\program files\ESET 2011-02-06 13:49 . 2011-02-06 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-05 02:49 . 2011-02-05 02:49 159 ----a-w- c:\documents and settings\tmd\Application Data\Microsoft\gb_51203.bat 2011-02-04 21:41 . 2011-02-04 21:41 -------- d-----w- c:\program files\Yontoo Layers Client 2011-02-04 21:41 . 2011-02-04 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-02-04 21:41 . 2011-02-06 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\pEkNnFp15400 2011-02-04 13:33 . 2011-02-04 13:33 -------- d-----w- c:\documents and settings\tmd\Application Data\Malwarebytes 2011-02-04 13:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-04 13:32 . 2011-02-04 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-04 13:32 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-04 13:32 . 2011-02-06 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-04 13:26 . 2011-02-04 13:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-04 13:04 . 2011-02-04 13:41 -------- d-s---w- c:\documents and settings\NetworkService\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-02 02:27 . 2011-01-02 02:27 1409 ----a-w- c:\windows\QTFont.for 2010-12-16 20:28 . 2010-08-09 02:01 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2010-12-15 13:06 . 2010-08-09 02:02 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys 2010-11-18 18:12 . 2010-08-08 23:53 81920 ----a-w- c:\windows\system32\isign32.dll . <pre> c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray .exe c:\program files\Charter Security Suite\Common\FSM32 .exe c:\program files\Charter Security Suite\FSGUI\TNBUtil .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\CyberLink\PowerDVD\PDVDServ .exe c:\program files\eFax Messenger 4.4\J2GDllCmd .exe c:\program files\HP\HP Software Update\HPWuSchd2 .exe c:\program files\Microsoft Office\Office12\GrooveMonitor .exe c:\program files\QuickTime\qttask .exe c:\windows\SMINST\RECGUARD .exe c:\windows\system32\rundll32 .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872] "EfficientStickyNotes"="" [N/A] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\tmd\Start Menu\Programs\Startup\ eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/8/2010 9:02 PM 42664] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/8/2010 9:01 PM 82120] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [8/8/2010 9:01 PM 68064] R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [9/5/2010 4:13 PM 401920] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [8/8/2010 9:01 PM 130728] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [8/8/2010 9:01 PM 63992] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [8/8/2010 7:09 PM 69692] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [8/8/2010 9:01 PM 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [8/8/2010 9:01 PM 25184] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc FF - ProfilePath - c:\documents and settings\tmd\Application Data\Mozilla\Firefox\Profiles\2q1d9hkn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.search.selectedengine - Bing FF - prefs.js: browser.startup.homepage - hxxp://home.iwon.com/iwon-homepage/home.jhtml FF - prefs.js: keyword.URL - hxxp://www.zstart.com/s/?site=Bing&src=FF-Address&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program files\Charter Security Suite\NRS\litmus-ff@f-secure.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Myibay Firefox extension: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com . - - - - ORPHANS REMOVED - - - - AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-08 19:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(516) c:\windows\system32\Ati2evxx.dll c:\program files\charter security suite\hips\fshook32.dll - - - - - - - > 'lsass.exe'(572) c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL c:\program files\charter security suite\hips\fshook32.dll - - - - - - - > 'explorer.exe'(564) c:\program files\charter security suite\hips\fshook32.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe c:\program files\Charter Security Suite\Common\FSMA32.EXE c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE c:\program files\Charter Security Suite\Common\FSHDLL32.EXE c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\msiexec.exe c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system32\HPZinw12.exe . ************************************************************************** . Completion time: 2011-02-08 19:38:34 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-09 00:38 Pre-Run: 140,186,632,192 bytes free Post-Run: 140,320,841,728 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 7FADE09D1997AA58701DC50C04EDAF58
  10. I have not run the ComboFix due to the inability to disable the Charter Security Suite. The HP issue is only at startup TMD
  11. LD, I have encountered my first problems. - When I get to the desktop, my HP Product Assistant attempts to load from a TEMP file. The load is unsuccessful and I have to cancel it at least 10x - I cannot find how to disable my Charter Security Suite. The taskbar icon has disappeared. - I also get an error message when I attempt to open the Add/Remove Programs task. The error message is as follows: Windows cannot find rundll32.exe. I await your advice.
  12. LD, Here is the Eset log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=00015232905e1d4998a67d860bb7761a # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-08 01:35:59 # local_time=2011-02-07 08:35:59 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=2304 16777175 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=84941 # found=9 # cleaned=9 # scan_time=3214 C:\Documents and Settings\tmd\My Documents\Downloads\media.player.codec.pack.v3.9.6.setup.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C C:\Program Files\Charter Security Suite\Common\FSM32.EXE Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Common Files\Java\Java Update\jusched.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\QuickTime\qttask.exe Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\SMINST\RECGUARD.EXE Win32/TrojanDownloader.Unruy.BN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  13. Ran the TDSS Killer again. No infection found.
  14. LD, The computer is running much quicker. The CPU usage is now between 0 - 13% and the all search engines work as they should. Here are the logs of the scans: GooredFix by jpshortstuff (03.07.10.1) Log created at 17:59 on 07/02/2011 (tmd) Firefox version 3.6.13 (en-US) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [23:55 08/08/2010] {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [00:50 23/10/2010] C:\Documents and Settings\tmd\Application Data\Mozilla\Firefox\Profiles\2q1d9hkn.default\extensions\ firefox1@myibay.com [00:26 27/08/2010] plugin@yontoo.com [21:41 04/02/2011] searchtoolbar@zugo.com [21:41 04/02/2011] {20a82645-c095-46ed-80e3-08825760534b} [19:41 15/08/2010] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "litmus-ff@f-secure.com"="C:\Program Files\Charter Security Suite\NRS\litmus-ff@f-secure.com" [02:01 09/08/2010] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [02:33 10/08/2010] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:50 23/10/2010] -=E.O.F=- 2011/02/07 18:02:23.0859 2888 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/07 18:02:24.0218 2888 ================================================================================ 2011/02/07 18:02:24.0218 2888 SystemInfo: 2011/02/07 18:02:24.0218 2888 2011/02/07 18:02:24.0218 2888 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/07 18:02:24.0218 2888 Product type: Workstation 2011/02/07 18:02:24.0218 2888 ComputerName: TDPC 2011/02/07 18:02:24.0218 2888 UserName: tmd 2011/02/07 18:02:24.0218 2888 Windows directory: C:\WINDOWS 2011/02/07 18:02:24.0218 2888 System windows directory: C:\WINDOWS 2011/02/07 18:02:24.0218 2888 Processor architecture: Intel x86 2011/02/07 18:02:24.0218 2888 Number of processors: 1 2011/02/07 18:02:24.0218 2888 Page size: 0x1000 2011/02/07 18:02:24.0218 2888 Boot type: Normal boot 2011/02/07 18:02:24.0218 2888 ================================================================================ 2011/02/07 18:02:24.0500 2888 Initialize success 2011/02/07 18:02:38.0062 3380 ================================================================================ 2011/02/07 18:02:38.0062 3380 Scan started 2011/02/07 18:02:38.0062 3380 Mode: Manual; 2011/02/07 18:02:38.0062 3380 ================================================================================ 2011/02/07 18:02:40.0015 3380 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/07 18:02:40.0093 3380 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/07 18:02:40.0125 3380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/02/07 18:02:40.0171 3380 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/07 18:02:40.0234 3380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/07 18:02:40.0328 3380 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/07 18:02:40.0546 3380 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/02/07 18:02:40.0843 3380 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/07 18:02:40.0859 3380 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/07 18:02:40.0921 3380 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/07 18:02:40.0968 3380 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/07 18:02:41.0000 3380 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/07 18:02:41.0046 3380 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/07 18:02:41.0078 3380 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/07 18:02:41.0125 3380 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/07 18:02:41.0156 3380 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/07 18:02:41.0203 3380 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/07 18:02:41.0328 3380 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/07 18:02:41.0343 3380 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/07 18:02:41.0375 3380 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/07 18:02:41.0468 3380 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/02/07 18:02:41.0578 3380 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/07 18:02:41.0625 3380 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/07 18:02:41.0843 3380 ati2mtag (1caba9ea8adc5e9a5eba3882f6a90f9b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/02/07 18:02:41.0953 3380 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/07 18:02:42.0046 3380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/07 18:02:42.0171 3380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/07 18:02:42.0218 3380 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/07 18:02:42.0265 3380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/07 18:02:42.0296 3380 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/07 18:02:42.0328 3380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/07 18:02:42.0375 3380 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/07 18:02:42.0437 3380 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 2011/02/07 18:02:42.0500 3380 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys 2011/02/07 18:02:42.0656 3380 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/07 18:02:42.0796 3380 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/02/07 18:02:42.0875 3380 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/07 18:02:43.0031 3380 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/02/07 18:02:43.0078 3380 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/07 18:02:43.0125 3380 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/07 18:02:43.0156 3380 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/07 18:02:43.0218 3380 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/07 18:02:43.0343 3380 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/07 18:02:43.0468 3380 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/07 18:02:43.0546 3380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/07 18:02:43.0625 3380 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/07 18:02:43.0671 3380 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/07 18:02:43.0734 3380 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/07 18:02:43.0843 3380 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys 2011/02/07 18:02:44.0015 3380 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys 2011/02/07 18:02:44.0171 3380 F-Secure Gatekeeper (ba3a72b0d43954f8a92c6d896183017d) C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys 2011/02/07 18:02:44.0328 3380 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys 2011/02/07 18:02:44.0406 3380 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys 2011/02/07 18:02:44.0562 3380 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/07 18:02:44.0656 3380 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/02/07 18:02:44.0687 3380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/07 18:02:44.0875 3380 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/02/07 18:02:44.0921 3380 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/07 18:02:44.0968 3380 fsbts (0e3e5d0486c4e2128b9f0e1c2fd410c4) C:\WINDOWS\system32\Drivers\fsbts.sys 2011/02/07 18:02:45.0046 3380 FSFW (aca3910a53a057b8c3a6ebf4ef788c7c) C:\WINDOWS\system32\drivers\fsdfw.sys 2011/02/07 18:02:45.0234 3380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/07 18:02:45.0281 3380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/07 18:02:45.0359 3380 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/07 18:02:45.0406 3380 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/07 18:02:45.0500 3380 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/07 18:02:45.0640 3380 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/07 18:02:45.0796 3380 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/07 18:02:45.0984 3380 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/07 18:02:46.0031 3380 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/07 18:02:46.0078 3380 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/07 18:02:46.0156 3380 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS 2011/02/07 18:02:46.0234 3380 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/07 18:02:46.0328 3380 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/07 18:02:46.0625 3380 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/02/07 18:02:46.0968 3380 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/07 18:02:47.0015 3380 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/07 18:02:47.0109 3380 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/07 18:02:47.0187 3380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/07 18:02:47.0375 3380 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/07 18:02:47.0421 3380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/07 18:02:47.0468 3380 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/07 18:02:47.0531 3380 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/07 18:02:47.0609 3380 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/07 18:02:47.0671 3380 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/07 18:02:47.0968 3380 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/07 18:02:48.0046 3380 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/07 18:02:48.0187 3380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/07 18:02:48.0281 3380 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/07 18:02:48.0328 3380 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/07 18:02:48.0406 3380 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/07 18:02:48.0468 3380 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/07 18:02:48.0562 3380 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/07 18:02:48.0640 3380 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/07 18:02:48.0750 3380 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/07 18:02:48.0828 3380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/07 18:02:48.0890 3380 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/07 18:02:48.0953 3380 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/07 18:02:49.0000 3380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/07 18:02:49.0125 3380 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/07 18:02:49.0171 3380 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/07 18:02:49.0250 3380 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/07 18:02:49.0296 3380 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/07 18:02:49.0421 3380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/07 18:02:49.0468 3380 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/07 18:02:49.0531 3380 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/07 18:02:49.0671 3380 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/07 18:02:49.0812 3380 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/07 18:02:49.0921 3380 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/07 18:02:49.0984 3380 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/07 18:02:50.0031 3380 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/07 18:02:50.0156 3380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/07 18:02:50.0250 3380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/07 18:02:50.0296 3380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/07 18:02:50.0421 3380 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/07 18:02:50.0484 3380 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/07 18:02:50.0546 3380 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/07 18:02:50.0625 3380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/07 18:02:50.0703 3380 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/07 18:02:50.0765 3380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/07 18:02:50.0828 3380 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/02/07 18:02:51.0046 3380 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/07 18:02:51.0093 3380 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/07 18:02:51.0265 3380 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/07 18:02:51.0312 3380 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/07 18:02:51.0359 3380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/07 18:02:51.0437 3380 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/07 18:02:51.0468 3380 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/07 18:02:51.0500 3380 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/07 18:02:51.0531 3380 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/07 18:02:51.0578 3380 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/07 18:02:51.0609 3380 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/07 18:02:51.0640 3380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/07 18:02:51.0671 3380 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/07 18:02:51.0718 3380 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/07 18:02:51.0750 3380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/07 18:02:51.0796 3380 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/07 18:02:51.0890 3380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/07 18:02:51.0937 3380 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/07 18:02:52.0031 3380 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/07 18:02:52.0078 3380 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/07 18:02:52.0171 3380 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/02/07 18:02:52.0265 3380 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/02/07 18:02:52.0468 3380 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/02/07 18:02:52.0562 3380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/07 18:02:52.0609 3380 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/07 18:02:52.0750 3380 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/07 18:02:52.0921 3380 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/07 18:02:53.0046 3380 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/07 18:02:53.0234 3380 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/07 18:02:53.0328 3380 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/07 18:02:53.0515 3380 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/07 18:02:53.0687 3380 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/07 18:02:53.0906 3380 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 2011/02/07 18:02:53.0968 3380 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/07 18:02:54.0062 3380 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/07 18:02:54.0203 3380 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/07 18:02:54.0281 3380 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/07 18:02:54.0328 3380 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/07 18:02:54.0359 3380 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/07 18:02:54.0421 3380 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/07 18:02:54.0578 3380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/07 18:02:54.0750 3380 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/07 18:02:54.0812 3380 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/07 18:02:54.0859 3380 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/07 18:02:54.0953 3380 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/07 18:02:55.0015 3380 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/07 18:02:55.0078 3380 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/07 18:02:55.0171 3380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/07 18:02:55.0390 3380 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/07 18:02:55.0515 3380 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/07 18:02:55.0562 3380 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/07 18:02:55.0593 3380 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/02/07 18:02:55.0656 3380 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/07 18:02:55.0750 3380 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/07 18:02:55.0812 3380 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/07 18:02:55.0906 3380 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/07 18:02:56.0015 3380 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/07 18:02:56.0078 3380 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/07 18:02:56.0125 3380 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/07 18:02:56.0187 3380 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/07 18:02:56.0250 3380 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/02/07 18:02:56.0375 3380 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/07 18:02:56.0562 3380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/07 18:02:56.0593 3380 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/07 18:02:56.0671 3380 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/07 18:02:56.0687 3380 ================================================================================ 2011/02/07 18:02:56.0687 3380 Scan finished 2011/02/07 18:02:56.0687 3380 ================================================================================ 2011/02/07 18:02:56.0703 1188 Detected object count: 1 2011/02/07 18:03:22.0125 1188 \HardDisk0 - will be cured after reboot 2011/02/07 18:03:22.0125 1188 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/07 18:03:26.0312 2900 Deinitialize success Let me know what to do next
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.