Jump to content

Recommended Posts

Hello. I have tried to eliminate a trojan from my system without success using F-Secure and MBAM. Symptoms include:

1. If in Firefox, typing "malwarebytes.org" in Google search engine displays an apparent link to the site, but it is hijacked to display a false web page showing a false MBAM software download. However, typing in the URL in the address line will get me to the real MB home page.

2. In Google Chrome, it opened a new tab while I was looking at the real web page that advertises "Stopzilla" AV software.

3. Suspect this trojan works in background when first starting up Firefox because I noticed unusual activity on router and HDD when I was not browsing anything as a test. Physically disconnected my PC at that time to stop it before trying to run MBAM again without success. Latest log is below.

Neither F-Secure nor MBAM seem to find this one.

Any help would be much appreciated. Thank you.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6255

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/3/2011 7:10:59 AM

mbam-log-2011-04-03 (07-10-59).txt

Scan type: Full scan (C:\|)

Objects scanned: 267542

Time elapsed: 42 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello rabbit28! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

Hello Borislav. Thank you for helping me.

I was in Firefox and tried to download DDS. The virus locked up my computer as I tried to copy from the automatic download folder to the desktop. Had to reboot. Using Chrome now to read your post. Was able to copy DDS to desktop. When I tried to run DDS, the Charter Security Suite (f-secure DeepGuard) blocked it, so I had to go into that to permit it to run. Here are the log files.

As I finished copying these logs into this reply, a popup window showed saying: "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience ..." I still seem to be able to type, so hope this posts without a problem. Thanks.

DDS (Ver_11-03-05.01) - NTFSx86

Run by David Chang at 19:49:13.70 on Sun 04/03/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2352 [GMT -7:00]

.

AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Charter Security Suite 9.01 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE

C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE

C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\David Chang\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe

C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe

C:\Documents and Settings\David Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\MDM.EXE

C:\Documents and Settings\David Chang\Desktop\dds.scr

C:\Program Files\Charter High-Speed Security Suite\FSGUI\fscuif.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title = Windows Internet Explorer provided by Yahoo!

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://tw.download.yahoo.com/twsearch.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://tw.search.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter high-speed security suite\nrs\iescript\baselitmus.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter high-speed security suite\nrs\iescript\baselitmus.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sansaDispatch] c:\documents and settings\david chang\application data\sandisk\sansa updater\SansaDispatch.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

mRun: [F-Secure Manager] "c:\program files\charter high-speed security suite\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\charter high-speed security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: c:\program files\charter high-speed security suite\fsps\program\FSLSP.DLL

Trusted Zone: microsoft.com\office

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/27.38/uploader2.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab

DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} - hxxp://support.f-secure.com/ols3beta/fscax.cab

DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\davidc~1\applic~1\mozilla\firefox\profiles\pzzn3sst.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\documents and settings\david chang\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\david chang\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-5-19 9344]

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-1-22 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-2-28 82120]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter high-speed security suite\hips\drivers\fshs.sys [2009-1-22 68064]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter high-speed security suite\anti-virus\fsgk32st.exe [2008-2-28 215648]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter high-speed security suite\anti-virus\minifilter\fsgk.sys [2008-2-28 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter high-speed security suite\orsp client\fsorsp.exe [2009-1-22 63992]

S3 DivioUSBDCam;MC350 USB Camera;c:\windows\system32\drivers\pcam.sys --> c:\windows\system32\drivers\pcam.sys [?]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-3-5 39048]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter high-speed security suite\anti-virus\win2k\fsfilter.sys [2008-2-28 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter high-speed security suite\anti-virus\win2k\fsrec.sys [2008-2-28 25184]

.

=============== Created Last 30 ================

.

2011-03-31 13:41:41 -------- d-----w- c:\docume~1\davidc~1\applic~1\Malwarebytes

2011-03-31 13:41:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-31 13:41:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-31 13:41:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-31 09:16:22 -------- dc-h--w- c:\windows\ie8

2011-03-31 09:12:03 -------- d-----w- C:\ea7b3762e8fe65d2f630ca

2011-03-11 04:49:45 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS

2011-03-11 04:48:37 -------- d-----w- C:\Netgear

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-03 05:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 03:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2007-08-20 22:01:22 2538078 ----a-w- c:\program files\MagicDVDRipper51.exe

2007-01-19 12:14:05 4964776 ----a-w- c:\program files\Windows-KB890830-V1.24.exe

2006-05-11 08:14:52 1552461 ----a-w- c:\program files\VobBlanker.exe

1997-09-11 06:52:20 391680 ----a-w- c:\program files\reciter.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6Y120M0 rev.YAR51EW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll >>UNKNOWN [0x8AEB2439]<<

c:\windows\system32\drivers\iomdisk.sys Iomega Corporation Microsoft® Windows NT® Operating System

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aeb87d0]; MOV EAX, [0x8aeb884c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8AEDAAB8]

3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8AEDBD78]

5 iomdisk[0xF771FBC3] -> nt!IofCallDriver[0x804E13B9] -> [0x8AEDCD98]

\Driver\atapi[0x8AED3A08] -> IRP_MJ_CREATE -> 0x8AEB2439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskMaxtor_6Y120M0__________________________YAR51EW0#3359534d5831454e202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8AEB227F

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 19:54:25.64 ===============

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 5/17/2004 9:59:50 PM

System Uptime: 4/3/2011 7:36:38 PM (0 hours ago)

.

Motherboard: Dell Computer Corp. | | 0W2562

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 68.329 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Sansa Media Converter

2600

2600_Help

2600Trb

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Advertising Center

AiO_Scan

AiOSoftware

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Control Panel

ATI Display Driver

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

Banctec Service Agreement

Bonjour

BufferChm

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Support Core Library

Canon Camera WIA Driver

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

Canon Camera Window for ZoomBrowser EX

Canon EOS Kiss_N REBEL_XT 350D WIA Driver

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 1.6.1

Canon Utilities EOS Capture 1.3

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

Charter Pipeline Professor

Charter Security Suite

Charter Solution Controls Installation

Conexant D850 56K V.92 DFVc Modem

Creative MediaSource

Critical Update for Windows Media Player 11 (KB959772)

Cucusoft MPEG/MOV/RM/DivX/AVI to VCD/DVD/SVCD Converter Lite 7.

Dell Networking Guide

Dell ResourceCD

Destinations

Digital Line Detect

Digital Voice Editor 3

Director

DolbyFiles

DVD Shrink 3.2

DVDSentry

EOS Capture 1.3

F-Secure PSC Prerequisites

Facebook Plug-In

FarmVille Tools V2.4

Fax

Fundamentals of Engineering

Google Chrome

Help and Support Customization

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

hp deskjet 970c series

hp deskjet 970c series (Remove only)

HP Image Zone 4.7

HP Image Zone Express

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Software Update

HPSystemDiagnostics

ImagXpress

Intel® PRO Network Connections Drivers

Intel® PROSet

Internet Explorer Default Page

Java 2 Runtime Environment, SE v1.4.2

Java Auto Updater

Java 6 Update 20

Java 6 Update 24

LightScribe System Software

Magic DVD Copier Version 5.0.0

Magic DVD Ripper V5.5.0

Malwarebytes' Anti-Malware

MC350 USB Camera

Menu Templates - Starter Kit

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft IntelliPoint 6.2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Professional

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Modem Helper

Move Networks Media Player for Internet Explorer

Movie Templates - Starter Kit

Mozilla Firefox 4.0 (x86 en-US)

Mozilla Thunderbird (2.0.0.24)

MSN Music Assistant

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

Nero Vision

Nero Vision Help

NeroExpress

NeroMIX

NeroVision Express 2

neroxml

Octoshape add-in for Adobe Flash Player

OpenOffice.org 3.2

PHOTOfunSTUDIO 5.0

PhotoStitch

Picasa 2

PrimoPDF

ProductContext

QFolder

Quicken 2005

QuickTime

RAW Image Task 2.0

Readme

RealPlayer

RemoteCapture Task 1.1

Rhapsody Player Engine

Sansa Updater

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shockwave

Skins

Skype

Link to post
Share on other sites

It's fine, thanks! :)

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

In your next reply, please post the following logs:

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hello Borislav! Here are the log files from TDSSKiller and a new DDS scan. The killer program did find a rootkit virus. I didn't do anything with the computer again after rebooting and getting these logs. Had to run to work. Will be a few more hours until I can respond further. Thanks!

2011/04/04 06:25:06.0484 3224 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/04 06:25:08.0078 3224 ================================================================================

2011/04/04 06:25:08.0078 3224 SystemInfo:

2011/04/04 06:25:08.0078 3224

2011/04/04 06:25:08.0078 3224 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/04 06:25:08.0078 3224 Product type: Workstation

2011/04/04 06:25:08.0078 3224 ComputerName: DAVID

2011/04/04 06:25:08.0078 3224 UserName: David Chang

2011/04/04 06:25:08.0078 3224 Windows directory: C:\WINDOWS

2011/04/04 06:25:08.0078 3224 System windows directory: C:\WINDOWS

2011/04/04 06:25:08.0078 3224 Processor architecture: Intel x86

2011/04/04 06:25:08.0078 3224 Number of processors: 2

2011/04/04 06:25:08.0078 3224 Page size: 0x1000

2011/04/04 06:25:08.0078 3224 Boot type: Normal boot

2011/04/04 06:25:08.0078 3224 ================================================================================

2011/04/04 06:25:08.0781 3224 Initialize success

2011/04/04 06:25:12.0937 2832 ================================================================================

2011/04/04 06:25:12.0937 2832 Scan started

2011/04/04 06:25:12.0937 2832 Mode: Manual;

2011/04/04 06:25:12.0937 2832 ================================================================================

2011/04/04 06:25:22.0000 2832 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2011/04/04 06:25:22.0062 2832 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/04 06:25:22.0125 2832 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/04 06:25:22.0171 2832 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2011/04/04 06:25:22.0234 2832 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/04 06:25:22.0281 2832 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/04/04 06:25:22.0421 2832 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/04/04 06:25:22.0468 2832 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2011/04/04 06:25:22.0546 2832 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2011/04/04 06:25:22.0593 2832 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2011/04/04 06:25:22.0625 2832 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2011/04/04 06:25:22.0703 2832 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2011/04/04 06:25:22.0765 2832 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2011/04/04 06:25:22.0812 2832 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2011/04/04 06:25:22.0875 2832 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2011/04/04 06:25:22.0937 2832 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/04/04 06:25:22.0984 2832 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2011/04/04 06:25:23.0031 2832 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2011/04/04 06:25:23.0078 2832 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2011/04/04 06:25:23.0203 2832 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/04 06:25:23.0281 2832 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/04 06:25:23.0500 2832 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/04/04 06:25:23.0593 2832 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/04 06:25:23.0656 2832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/04 06:25:23.0718 2832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/04 06:25:23.0859 2832 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\drivers\BsStor.sys

2011/04/04 06:25:24.0093 2832 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

2011/04/04 06:25:24.0187 2832 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2011/04/04 06:25:24.0250 2832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/04 06:25:24.0328 2832 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/04 06:25:24.0359 2832 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2011/04/04 06:25:24.0421 2832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/04 06:25:24.0468 2832 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/04 06:25:24.0531 2832 cdrbsvsd (5f7cc1b40a0f2145d231d07e5d1e65e3) C:\WINDOWS\system32\drivers\cdrbsvsd.sys

2011/04/04 06:25:24.0750 2832 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/04 06:25:24.0890 2832 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2011/04/04 06:25:25.0015 2832 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2011/04/04 06:25:25.0109 2832 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys

2011/04/04 06:25:25.0171 2832 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys

2011/04/04 06:25:25.0218 2832 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys

2011/04/04 06:25:25.0281 2832 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2011/04/04 06:25:25.0328 2832 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2011/04/04 06:25:25.0390 2832 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2011/04/04 06:25:25.0437 2832 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2011/04/04 06:25:25.0546 2832 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/04 06:25:25.0703 2832 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/04 06:25:25.0781 2832 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/04/04 06:25:25.0890 2832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/04 06:25:25.0953 2832 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/04 06:25:26.0031 2832 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2011/04/04 06:25:26.0218 2832 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/04 06:25:26.0343 2832 E100B (5e72c8fbba5e949995ceb4d25656f904) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/04/04 06:25:26.0406 2832 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2011/04/04 06:25:26.0484 2832 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys

2011/04/04 06:25:26.0578 2832 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys

2011/04/04 06:25:26.0765 2832 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys

2011/04/04 06:25:27.0000 2832 F-Secure Gatekeeper (ba3a72b0d43954f8a92c6d896183017d) C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys

2011/04/04 06:25:27.0109 2832 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys

2011/04/04 06:25:27.0187 2832 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys

2011/04/04 06:25:27.0359 2832 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/04 06:25:27.0468 2832 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/04/04 06:25:27.0546 2832 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/04 06:25:27.0609 2832 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/04/04 06:25:27.0687 2832 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/04/04 06:25:27.0812 2832 fsbts (0e3e5d0486c4e2128b9f0e1c2fd410c4) C:\WINDOWS\system32\Drivers\fsbts.sys

2011/04/04 06:25:27.0906 2832 FSFW (aca3910a53a057b8c3a6ebf4ef788c7c) C:\WINDOWS\system32\drivers\fsdfw.sys

2011/04/04 06:25:28.0046 2832 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys

2011/04/04 06:25:28.0109 2832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/04 06:25:28.0187 2832 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/04 06:25:28.0328 2832 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/04 06:25:28.0390 2832 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys

2011/04/04 06:25:28.0468 2832 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys

2011/04/04 06:25:28.0546 2832 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/04 06:25:28.0625 2832 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2011/04/04 06:25:28.0687 2832 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/04/04 06:25:28.0781 2832 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/04/04 06:25:28.0953 2832 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/04/04 06:25:29.0015 2832 HSFHWBS2 (e51b7370d35e0006edf0e12b610c3489) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/04/04 06:25:29.0125 2832 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/04/04 06:25:29.0281 2832 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/04/04 06:25:29.0359 2832 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/04 06:25:29.0437 2832 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/04/04 06:25:29.0484 2832 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2011/04/04 06:25:29.0562 2832 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/04 06:25:29.0640 2832 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/04/04 06:25:29.0718 2832 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/04/04 06:25:29.0781 2832 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/04/04 06:25:29.0859 2832 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/04/04 06:25:29.0937 2832 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/04/04 06:25:30.0046 2832 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/04/04 06:25:30.0125 2832 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/04/04 06:25:30.0187 2832 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/04/04 06:25:30.0296 2832 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/04/04 06:25:30.0343 2832 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/04/04 06:25:30.0421 2832 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys

2011/04/04 06:25:30.0656 2832 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/04 06:25:30.0750 2832 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2011/04/04 06:25:30.0812 2832 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2011/04/04 06:25:30.0875 2832 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/04 06:25:30.0968 2832 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys

2011/04/04 06:25:31.0109 2832 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/04/04 06:25:31.0156 2832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/04 06:25:31.0203 2832 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/04 06:25:31.0265 2832 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/04 06:25:31.0312 2832 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/04 06:25:31.0359 2832 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/04 06:25:31.0437 2832 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/04 06:25:31.0531 2832 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/04 06:25:31.0593 2832 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/04/04 06:25:31.0640 2832 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/04 06:25:31.0703 2832 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/04 06:25:31.0953 2832 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/04/04 06:25:32.0031 2832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/04 06:25:32.0093 2832 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/04 06:25:32.0140 2832 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/04/04 06:25:32.0203 2832 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/04 06:25:32.0546 2832 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/04 06:25:32.0750 2832 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/04 06:25:33.0156 2832 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2011/04/04 06:25:33.0312 2832 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/04 06:25:33.0390 2832 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/04 06:25:33.0484 2832 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/04 06:25:33.0546 2832 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/04 06:25:33.0593 2832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/04 06:25:33.0640 2832 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/04 06:25:33.0703 2832 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/04 06:25:33.0765 2832 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/04 06:25:33.0828 2832 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/04 06:25:33.0875 2832 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/04 06:25:34.0000 2832 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/04 06:25:34.0078 2832 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/04 06:25:34.0125 2832 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/04 06:25:34.0171 2832 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/04 06:25:34.0234 2832 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/04 06:25:34.0296 2832 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/04 06:25:34.0375 2832 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/04 06:25:34.0437 2832 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/04 06:25:34.0578 2832 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/04/04 06:25:34.0656 2832 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/04 06:25:34.0734 2832 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/04 06:25:34.0828 2832 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/04/04 06:25:34.0890 2832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/04 06:25:35.0046 2832 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/04/04 06:25:35.0156 2832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/04 06:25:35.0203 2832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/04 06:25:35.0250 2832 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/04/04 06:25:35.0281 2832 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/04/04 06:25:35.0390 2832 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys

2011/04/04 06:25:35.0421 2832 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/04/04 06:25:35.0468 2832 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/04 06:25:35.0593 2832 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/04 06:25:35.0671 2832 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/04 06:25:35.0765 2832 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/04 06:25:35.0890 2832 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/04 06:25:35.0968 2832 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/04 06:25:36.0031 2832 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys

2011/04/04 06:25:36.0359 2832 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2011/04/04 06:25:36.0406 2832 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2011/04/04 06:25:36.0562 2832 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys

2011/04/04 06:25:36.0703 2832 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/04/04 06:25:36.0796 2832 ppa3 (c740d0cb238670629af1b740414a8f3c) C:\WINDOWS\system32\DRIVERS\ppa3.sys

2011/04/04 06:25:36.0859 2832 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/04 06:25:36.0937 2832 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/04/04 06:25:37.0000 2832 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/04 06:25:37.0062 2832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/04 06:25:37.0125 2832 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/04/04 06:25:37.0187 2832 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2011/04/04 06:25:37.0250 2832 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2011/04/04 06:25:37.0312 2832 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2011/04/04 06:25:37.0359 2832 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2011/04/04 06:25:37.0406 2832 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2011/04/04 06:25:37.0515 2832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/04 06:25:37.0609 2832 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/04 06:25:37.0656 2832 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/04 06:25:37.0734 2832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/04 06:25:37.0796 2832 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/04 06:25:37.0859 2832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/04 06:25:37.0953 2832 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/04 06:25:38.0046 2832 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/04 06:25:38.0140 2832 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/04 06:25:38.0312 2832 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

2011/04/04 06:25:38.0437 2832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/04 06:25:38.0515 2832 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/04 06:25:38.0578 2832 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/04 06:25:38.0718 2832 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/04 06:25:38.0828 2832 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2011/04/04 06:25:38.0921 2832 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/04 06:25:39.0015 2832 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2011/04/04 06:25:39.0062 2832 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/04 06:25:39.0140 2832 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys

2011/04/04 06:25:39.0234 2832 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/04 06:25:39.0328 2832 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/04/04 06:25:39.0406 2832 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/04 06:25:39.0468 2832 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/04 06:25:39.0546 2832 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/04 06:25:39.0765 2832 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2011/04/04 06:25:39.0890 2832 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2011/04/04 06:25:40.0015 2832 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2011/04/04 06:25:40.0062 2832 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2011/04/04 06:25:40.0140 2832 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/04 06:25:40.0281 2832 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/04 06:25:40.0328 2832 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/04 06:25:40.0390 2832 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/04 06:25:40.0453 2832 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/04 06:25:40.0593 2832 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

2011/04/04 06:25:40.0671 2832 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/04 06:25:40.0750 2832 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2011/04/04 06:25:40.0828 2832 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/04 06:25:40.0921 2832 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/04 06:25:40.0968 2832 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/04 06:25:41.0015 2832 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/04 06:25:41.0078 2832 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/04 06:25:41.0140 2832 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/04/04 06:25:41.0203 2832 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/04 06:25:41.0250 2832 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/04 06:25:41.0312 2832 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/04 06:25:41.0375 2832 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/04 06:25:41.0437 2832 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2011/04/04 06:25:41.0500 2832 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

2011/04/04 06:25:41.0578 2832 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/04 06:25:41.0734 2832 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/04 06:25:41.0875 2832 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/04/04 06:25:42.0062 2832 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/04 06:25:42.0171 2832 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/04/04 06:25:42.0484 2832 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/04/04 06:25:42.0562 2832 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/04/04 06:25:42.0640 2832 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/04 06:25:42.0718 2832 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/04 06:25:42.0781 2832 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/04 06:25:42.0937 2832 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/04/04 06:25:42.0953 2832 ================================================================================

2011/04/04 06:25:42.0953 2832 Scan finished

2011/04/04 06:25:42.0953 2832 ================================================================================

2011/04/04 06:25:42.0984 0384 Detected object count: 1

2011/04/04 06:26:35.0578 0384 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/04/04 06:26:35.0578 0384 \HardDisk0 - ok

2011/04/04 06:26:35.0578 0384 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/04/04 06:28:09.0484 2876 Deinitialize success

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by David Chang at 6:58:22.40 on Mon 04/04/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2745 [GMT -7:00]

.

AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Charter Security Suite 9.01 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE

C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE

C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\David Chang\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe

C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe

C:\Documents and Settings\David Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Chang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\David Chang\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title = Windows Internet Explorer provided by Yahoo!

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://tw.download.yahoo.com/twsearch.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://tw.search.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter high-speed security suite\nrs\iescript\baselitmus.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter high-speed security suite\nrs\iescript\baselitmus.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sansaDispatch] c:\documents and settings\david chang\application data\sandisk\sansa updater\SansaDispatch.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

mRun: [F-Secure Manager] "c:\program files\charter high-speed security suite\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\charter high-speed security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: c:\program files\charter high-speed security suite\fsps\program\FSLSP.DLL

Trusted Zone: microsoft.com\office

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/27.38/uploader2.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab

DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} - hxxp://support.f-secure.com/ols3beta/fscax.cab

DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\davidc~1\applic~1\mozilla\firefox\profiles\pzzn3sst.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\documents and settings\david chang\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\david chang\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-5-19 9344]

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-1-22 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-2-28 82120]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter high-speed security suite\hips\drivers\fshs.sys [2009-1-22 68064]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter high-speed security suite\anti-virus\fsgk32st.exe [2008-2-28 215648]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter high-speed security suite\anti-virus\minifilter\fsgk.sys [2008-2-28 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter high-speed security suite\orsp client\fsorsp.exe [2009-1-22 63992]

S3 DivioUSBDCam;MC350 USB Camera;c:\windows\system32\drivers\pcam.sys --> c:\windows\system32\drivers\pcam.sys [?]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-3-5 39048]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter high-speed security suite\anti-virus\win2k\fsfilter.sys [2008-2-28 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter high-speed security suite\anti-virus\win2k\fsrec.sys [2008-2-28 25184]

.

=============== Created Last 30 ================

.

2011-03-31 13:41:41 -------- d-----w- c:\docume~1\davidc~1\applic~1\Malwarebytes

2011-03-31 13:41:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-31 13:41:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-31 13:41:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-31 09:16:22 -------- dc-h--w- c:\windows\ie8

2011-03-31 09:12:03 -------- d-----w- C:\ea7b3762e8fe65d2f630ca

2011-03-11 04:49:45 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS

2011-03-11 04:48:37 -------- d-----w- C:\Netgear

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-03 05:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 03:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2007-08-20 22:01:22 2538078 ----a-w- c:\program files\MagicDVDRipper51.exe

2007-01-19 12:14:05 4964776 ----a-w- c:\program files\Windows-KB890830-V1.24.exe

2006-05-11 08:14:52 1552461 ----a-w- c:\program files\VobBlanker.exe

1997-09-11 06:52:20 391680 ----a-w- c:\program files\reciter.exe

.

============= FINISH: 7:01:36.06 ===============

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**


  1. If you are using Firefox, make sure that your download settings are as follows:

    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif-

CFAF8-download_rename.gif

[gBd-It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

----------------------------------------------------------


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------



  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hello Borislav. Thanks for your post. Three questions before I try this to make sure I understand:

1. While reading BleepingComputer's page on ComboFix, I noticed it will set a system restore point. I currently have system restore off (had thought it may retain the virus), so do I need to set that back "on" in system properties tab to let this work correctly?

2. I think I only have F-secure real time protection through the Charter suite. (Currently using MBAM manual scan mode only because I wasn't sure if MBAM real time protection is compatible with F-secure at same time.) To disable the F-secure RTP, I'm not sure which to choose:

a. "unload and continue with current firewall profile"

b. "unload and allow all network traffic"

c. go into settings and uncheck "real time scanning" in the AV module and uncheck "DeepGuard"

3. I'm not sure what might be "script blocking" programs that I have.

I will have the ComboFix saved to desktop and renamed per your instructions above, awaiting further clarification of these questions before continuing.

Thanks for your patience with these questions and helping. Rabbit28

Link to post
Share on other sites

1. While reading BleepingComputer's page on ComboFix, I noticed it will set a system restore point. I currently have system restore off (had thought it may retain the virus), so do I need to set that back "on" in system properties tab to let this work correctly?

Yes, please.

(Currently using MBAM manual scan mode only because I wasn't sure if MBAM real time protection is compatible with F-secure at same time.)

Yes, it is.

c. go into settings and uncheck "real time scanning" in the AV module and uncheck "DeepGuard"

This is the right answer.

3. I'm not sure what might be "script blocking" programs that I have.

In your case I don't see any.

Link to post
Share on other sites

Here is the Combo-Fix.txt log. Didn't have any problems running it. Awaiting further instructions. Thank you. :) Rabbit28

ComboFix 11-04-06.01 - David Chang 04/06/2011 12:47:41.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2806 [GMT -7:00]

Running from: c:\documents and settings\David Chang\Desktop\Combo-Fix.exe

AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\David Chang\Application Data\inst.exe

c:\documents and settings\David Chang\Recent\Thumbs.db

c:\documents and settings\David Chang\WINDOWS

c:\farmvilletools\FarmVilleTools.exe

C:\tmp.tmp

c:\windows\system32\comrepl.exe

c:\windows\system32\regobj.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_VGADOWN

.

.

((((((((((((((((((((((((( Files Created from 2011-03-06 to 2011-04-06 )))))))))))))))))))))))))))))))

.

.

2011-03-31 13:41 . 2011-03-31 13:41 -------- d-----w- c:\documents and settings\David Chang\Application Data\Malwarebytes

2011-03-31 13:41 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-31 13:41 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-31 13:41 . 2011-04-03 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-31 09:16 . 2011-03-31 09:18 -------- dc-h--w- c:\windows\ie8

2011-03-31 09:12 . 2011-03-31 09:18 -------- d-----w- C:\ea7b3762e8fe65d2f630ca

2011-03-30 05:46 . 2011-03-30 05:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-03-29 06:50 . 2011-03-31 06:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Thunderbird

2011-03-29 06:50 . 2011-03-29 06:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Thunderbird

2011-03-11 04:49 . 2010-06-30 08:27 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS

2011-03-11 04:48 . 2011-03-11 04:57 -------- d-----w- C:\Netgear

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2002-11-26 22:15 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-09 13:53 . 2002-11-26 22:15 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-03 05:40 . 2010-05-14 08:43 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 03:19 . 2009-06-13 07:59 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2002-08-29 10:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2002-08-29 10:00 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2002-08-29 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2002-08-29 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2007-08-20 22:01 . 2007-08-20 22:01 2538078 ----a-w- c:\program files\MagicDVDRipper51.exe

2007-01-19 12:14 . 2007-01-19 12:13 4964776 ----a-w- c:\program files\Windows-KB890830-V1.24.exe

2006-05-11 08:14 . 2006-05-11 08:14 1552461 ----a-w- c:\program files\VobBlanker.exe

1997-09-11 06:52 . 2005-11-17 07:29 391680 ----a-w- c:\program files\reciter.exe

2011-03-18 17:53 . 2011-03-30 06:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SansaDispatch"="c:\documents and settings\David Chang\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-07-11 79872]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-13 21741864]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-07-06 176128]

"F-Secure Manager"="c:\program files\Charter High-Speed Security Suite\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2011-04-04 53248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoThumbnailCache"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

backup=c:\windows\pss\Billminder.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orite.lnk]

backup=c:\windows\pss\Orite.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk

backup=c:\windows\pss\PHOTOfunSTUDIO 5.0.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]

backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^David Chang^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\David Chang\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^David Chang^Start Menu^Programs^Startup^Webshots.lnk]

backup=c:\windows\pss\Webshots.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^David Chang^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]

backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]

2003-02-20 22:27 110592 ----a-w- c:\windows\SYSTEM32\CTASIO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]

2002-09-30 08:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2003-02-20 22:45 28672 ----a-w- c:\windows\SYSTEM32\CTHELPER.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

2002-10-29 16:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-04-19 18:39 136176 ----atw- c:\documents and settings\David Chang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-09-13 23:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-10-16 20:51 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

2003-05-14 10:21 1847296 ----a-w- c:\program files\Support.com\bin\tgcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2004-05-21 19:49 2498560 ----a-w- c:\program files\Yahoo!\Messenger\YPager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Softfoundry IPTV WebSystem\\Softfoundry IPTV WebViewer.exe"=

"c:\\Program Files\\Softfoundry IPTV WebSystem\\sp-sc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\SYSTEM32\DRIVERS\BsStor.sys [5/19/2004 3:48 AM 9344]

R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [1/22/2009 10:01 PM 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [2/28/2008 5:53 PM 82120]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys [1/22/2009 9:55 PM 68064]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2/28/2008 5:51 PM 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe [1/22/2009 9:55 PM 63992]

S3 DivioUSBDCam;MC350 USB Camera;c:\windows\system32\DRIVERS\pcam.sys --> c:\windows\system32\DRIVERS\pcam.sys [?]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\SYSTEM32\DRIVERS\IcdUsb2.sys [3/5/2008 1:28 PM 39048]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 3:00 AM 14336]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsfilter.sys [2/28/2008 5:51 PM 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsrec.sys [2/28/2008 5:51 PM 25184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-10-16 20:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522855530-1843626050-1744744352-1006Core.job

- c:\documents and settings\David Chang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-19 18:39]

.

2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522855530-1843626050-1744744352-1006UA.job

- c:\documents and settings\David Chang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-19 18:39]

.

2011-04-06 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2008-02-29 15:56]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://tw.search.yahoo.com

LSP: c:\program files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL

Trusted Zone: microsoft.com\office

FF - ProfilePath - c:\documents and settings\David Chang\Application Data\Mozilla\Firefox\Profiles\pzzn3sst.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: network.proxy.type - 1

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe

MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe

MSConfigStartUp-PerfectOptimizer - c:\program files\Perfect Optimizer\PerfectOptimizer.exe

MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-06 12:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\documents and settings\David Chang\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe??c?t?i?o?n?.?.?.?<?/?t?d?>?<?t?d?>?<?d?i?v? ?a?l?i?g?n?=?"?r?i?g?h?t?"?>?<?i?m?g? ?s?r?c?=?"?c

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]

"ImagePath"="\"\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1522855530-1843626050-1744744352-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(748)

c:\program files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL

.

- - - - - - - > 'explorer.exe'(3128)

c:\windows\system32\WININET.dll

c:\program files\Charter High-Speed Security Suite\Spam Control\fsscoepl.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\CTsvcCDA.exe

c:\program files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe

c:\program files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE

c:\program files\Charter High-Speed Security Suite\Common\FSMA32.EXE

c:\program files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE

c:\progra~1\Iomega\System32\AppServices.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

c:\program files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe

c:\program files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe

c:\program files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2011-04-06 13:02:51 - machine was rebooted

ComboFix-quarantined-files.txt 2011-04-06 20:02

.

Pre-Run: 73,099,677,696 bytes free

Post-Run: 74,834,845,696 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 0B39907642299D5C36F36DCA74DDB5DA

Link to post
Share on other sites

Tried all three browsers (IE8, Firefox, Chrome) without apparent losses in speed as seen before or hijackings. System seems stable (haven't had to use Task Manager) or locked up. I haven't tried any further scans by MBAM or F-Secure yet pending your instructions.

Rabbit28

Link to post
Share on other sites

Awesome! :)

Last steps:

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS and TDSSKiller.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Sorry, it still doesn't work (this is what I meant when I tried it with the hyphen). The popup says: "Windows cannot find 'Combo-Fix'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

It is still on my desktop, and the Search does find it.

Is it ok to try the Windows XP Add/Remove programs method?

If this is all I have to deal with, it's a big load off my mind. Thanks for helping take me from :angry: and :unsure: ... to :D .

Rabbit28

Link to post
Share on other sites

It's strange, because CF name is Combo-Fix.exe , so this command:

Combo-Fix /uninstall

should work.

Is it ok to try the Windows XP Add/Remove programs method?

Realistically, ComboFix does not install an individual application, so it will not work.

Let's try this way: Download OTL to your desktop. Run it and click on CleanUp button. This way should delete OTL itself and ComboFix too. Let me know.

Glad I can you help you. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.