Jump to content

Blocked Access to a Potentially Malicious website..


PJP

Recommended Posts

MBAM keeps showing the "Blocked Access to a Potentially Malicious website.." message even after a scan removed a couple of threats. Below are logs taken after running Defogger. MBAM and DDS logs:

Also, GMER (ark.txt) and attach.txt from DDS have been zipped and attached.

==================================

MBAM LOG

==================================

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7529

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/21/2011 3:12:55 PM

mbam-log-2011-08-21 (15-12-55).txt

Scan type: Quick scan

Objects scanned: 176598

Time elapsed: 11 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

==================================

DDS LOG

==================================

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Pranav Parekh at 14:31:52 on 2011-08-21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.354 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Pranav Parekh\Desktop\Defogger.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled

IE: &Google Search

IE: &Translate English Word

IE: &Yahoo! Search

IE: Backward Links

IE: Cached Snapshot of Page

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Similar Pages

IE: Translate Page into English

IE: Yahoo! &Dictionary

IE: Yahoo! &Maps

IE: Yahoo! &SMS

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B1A315A3-26BD-4A6F-ADB7-50FC78636140} : DhcpNameServer = 192.168.0.1

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\pranav parekh\application data\mozilla\firefox\profiles\3glaz6xt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\pranav parekh\application data\mozilla\firefox\profiles\3glaz6xt.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll

FF - plugin: c:\documents and settings\pranav parekh\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]

R1 MpKsl8b7ffe29;MpKsl8b7ffe29;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6a65607f-b6f7-4347-91c7-1f265588403d}\MpKsl8b7ffe29.sys [2011-8-21 28752]

R1 MpKsle2324f69;MpKsle2324f69;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c59b2ae-c40e-4f75-a7a4-c9ab7c0a4df1}\mpksle2324f69.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c59b2ae-c40e-4f75-a7a4-c9ab7c0a4df1}\MpKsle2324f69.sys [?]

R1 NEOFLTR_530_11159;Juniper Networks TDI Filter Driver (NEOFLTR_530_11159);c:\windows\system32\drivers\NEOFLTR_530_11159.sys [2006-9-14 57063]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-17 116608]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-18 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-18 22712]

S1 MpKsl01aa2fcf;MpKsl01aa2fcf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1394b490-cc01-4a88-8568-be06f5db99f3}\mpksl01aa2fcf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1394b490-cc01-4a88-8568-be06f5db99f3}\MpKsl01aa2fcf.sys [?]

S1 MpKsl0abc0d2b;MpKsl0abc0d2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b4f24dc-6e95-400d-891d-1221ae507618}\mpksl0abc0d2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b4f24dc-6e95-400d-891d-1221ae507618}\MpKsl0abc0d2b.sys [?]

S1 MpKsl147c3589;MpKsl147c3589;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bdf8388d-1a66-4201-8de5-d8d380046302}\mpksl147c3589.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bdf8388d-1a66-4201-8de5-d8d380046302}\MpKsl147c3589.sys [?]

S1 MpKsl1a139f07;MpKsl1a139f07;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{977744b0-600f-42ed-b295-33627b4da0d4}\mpksl1a139f07.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{977744b0-600f-42ed-b295-33627b4da0d4}\MpKsl1a139f07.sys [?]

S1 MpKsl444bb28b;MpKsl444bb28b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{355b471d-6c3f-4364-a5d0-e5bd17d903ee}\mpksl444bb28b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{355b471d-6c3f-4364-a5d0-e5bd17d903ee}\MpKsl444bb28b.sys [?]

S1 MpKsl4cebc158;MpKsl4cebc158;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{365a778c-9f52-4cfb-8deb-2614009853fa}\mpksl4cebc158.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{365a778c-9f52-4cfb-8deb-2614009853fa}\MpKsl4cebc158.sys [?]

S1 MpKsl80eb23ff;MpKsl80eb23ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c59b2ae-c40e-4f75-a7a4-c9ab7c0a4df1}\mpksl80eb23ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c59b2ae-c40e-4f75-a7a4-c9ab7c0a4df1}\MpKsl80eb23ff.sys [?]

S1 MpKsl94e5c9a8;MpKsl94e5c9a8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{394b04b5-3f77-4d04-a557-aea38608344e}\mpksl94e5c9a8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{394b04b5-3f77-4d04-a557-aea38608344e}\MpKsl94e5c9a8.sys [?]

S1 MpKslac52a3a8;MpKslac52a3a8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c129459f-4312-4f59-bcee-e089940e374a}\mpkslac52a3a8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c129459f-4312-4f59-bcee-e089940e374a}\MpKslac52a3a8.sys [?]

S1 MpKslb9ba9219;MpKslb9ba9219;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{796a4442-815e-462c-ab96-67336c38efc4}\mpkslb9ba9219.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{796a4442-815e-462c-ab96-67336c38efc4}\MpKslb9ba9219.sys [?]

S1 MpKslcad17419;MpKslcad17419;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{94c496df-21e8-48ed-a507-29f7335bebba}\mpkslcad17419.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{94c496df-21e8-48ed-a507-29f7335bebba}\MpKslcad17419.sys [?]

S1 MpKsldff65709;MpKsldff65709;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{329b98f2-617d-4208-be8a-2ef5b0645d7b}\mpksldff65709.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{329b98f2-617d-4208-be8a-2ef5b0645d7b}\MpKsldff65709.sys [?]

S1 MpKsle7735c4f;MpKsle7735c4f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33ea2f77-63a0-4311-85d7-b84dee82885d}\mpksle7735c4f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33ea2f77-63a0-4311-85d7-b84dee82885d}\MpKsle7735c4f.sys [?]

S1 MpKslee5d6a56;MpKslee5d6a56;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{efa1c8da-4ebb-463e-b4e5-f5677dab20aa}\mpkslee5d6a56.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{efa1c8da-4ebb-463e-b4e5-f5677dab20aa}\MpKslee5d6a56.sys [?]

S2 srv8B0;srv8B0;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]

.

=============== Created Last 30 ================

.

2011-08-21 20:20:42 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6a65607f-b6f7-4347-91c7-1f265588403d}\MpKsl8b7ffe29.sys

2011-08-21 20:15:19 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6a65607f-b6f7-4347-91c7-1f265588403d}\mpengine.dll

2011-08-16 02:56:22 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-08-12 06:42:47 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-12 06:41:23 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-07 22:38:18 -------- d-----w- c:\documents and settings\pranav parekh\local settings\application data\SCE

2011-08-07 22:32:57 -------- d-----w- c:\program files\Sony Online Entertainment

2011-08-07 22:32:45 -------- d-----w- c:\documents and settings\pranav parekh\application data\Sony Online Entertainment

2011-08-01 05:43:56 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK1032GSX rev.AS022D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8698B4C0]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x869928a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x86992730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86D88AB8]

3 CLASSPNP[0xF764DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86525F18]

\Driver\atapi[0x86C70B10] -> IRP_MJ_CREATE -> 0x8698B4C0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8698B2E0

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 14:34:47.93 ===============

Please let me know what other information I need to provide.

Cheers,

PJ

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

LATEST LOGS BELOW

==================================

MBAM LOG

==================================

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7587

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/27/2011 10:56:57 AM

mbam-log-2011-08-27 (10-56-57).txt

Scan type: Quick scan

Objects scanned: 181774

Time elapsed: 56 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\pranav parekh\local settings\Temp\12.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

==================================

COMBOFIX LOG

==================================

ComboFix 11-08-27.01 - Pranav Parekh 08/27/2011 11:24:05.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.286 [GMT -7:00]

Running from: c:\documents and settings\Pranav Parekh\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Pranav Parekh\GoToAssistDownloadHelper.exe

c:\program files\Shared

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\drivers\etc\lmhosts

.

.

((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))

.

.

2011-08-27 18:01 . 2011-08-27 18:01 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4E4F021-6228-4305-8C9C-291E85C411B9}\MpKsl68bced05.sys

2011-08-27 17:06 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4E4F021-6228-4305-8C9C-291E85C411B9}\mpengine.dll

2011-08-21 23:04 . 2011-08-21 23:23 -------- d-----w- c:\documents and settings\Pranav Parekh\Application Data\Wireshark

2011-08-21 22:54 . 2011-08-21 22:54 -------- d-----w- c:\program files\WinPcap

2011-08-17 22:18 . 2011-08-17 22:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-08-16 02:56 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-12 06:42 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-12 06:41 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-07 22:38 . 2011-08-07 22:38 -------- d-----w- c:\documents and settings\Pranav Parekh\Local Settings\Application Data\SCE

2011-08-07 22:32 . 2011-08-07 22:32 -------- d-----w- c:\program files\Sony Online Entertainment

2011-08-07 22:32 . 2011-08-07 22:38 -------- d-----w- c:\documents and settings\Pranav Parekh\Application Data\Sony Online Entertainment

2011-08-01 05:43 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-15 13:29 . 2004-08-11 22:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-08-11 22:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52 . 2010-01-19 06:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2010-01-19 06:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2004-08-11 22:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2004-08-11 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-19 23:04 . 2011-05-26 03:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-21 4603264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk.disabled [2009-7-14 1757]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-13 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv8B0]

@="service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShutterflyStudio]

2008-05-07 00:50 2500096 ----a-w- c:\program files\Shutterfly\Studio\Bin\SFlyStudio.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

"DellSupport"="c:\progra~1\DELLSU~1\DSAgnt.exe" /startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QBReminderFlash"="c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"

"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"

"ECenter"="c:\dell\E-Center\gtb.exe"

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"<NO NAME>"=

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Server

.

R1 MpKsl68bced05;MpKsl68bced05;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4E4F021-6228-4305-8C9C-291E85C411B9}\MpKsl68bced05.sys [8/27/2011 11:01 AM 28752]

R1 NEOFLTR_530_11159;Juniper Networks TDI Filter Driver (NEOFLTR_530_11159);c:\windows\system32\drivers\NEOFLTR_530_11159.sys [9/14/2006 10:10 PM 57063]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/17/2010 1:11 PM 116608]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/18/2010 11:37 PM 366640]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:07 AM 35088]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/18/2010 11:37 PM 22712]

S1 MpKsl01aa2fcf;MpKsl01aa2fcf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1394B490-CC01-4A88-8568-BE06F5DB99F3}\MpKsl01aa2fcf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1394B490-CC01-4A88-8568-BE06F5DB99F3}\MpKsl01aa2fcf.sys [?]

S1 MpKsl0abc0d2b;MpKsl0abc0d2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B4F24DC-6E95-400D-891D-1221AE507618}\MpKsl0abc0d2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B4F24DC-6E95-400D-891D-1221AE507618}\MpKsl0abc0d2b.sys [?]

S1 MpKsl147c3589;MpKsl147c3589;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDF8388D-1A66-4201-8DE5-D8D380046302}\MpKsl147c3589.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDF8388D-1A66-4201-8DE5-D8D380046302}\MpKsl147c3589.sys [?]

S1 MpKsl1a139f07;MpKsl1a139f07;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{977744B0-600F-42ED-B295-33627B4DA0D4}\MpKsl1a139f07.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{977744B0-600F-42ED-B295-33627B4DA0D4}\MpKsl1a139f07.sys [?]

S1 MpKsl444bb28b;MpKsl444bb28b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{355B471D-6C3F-4364-A5D0-E5BD17D903EE}\MpKsl444bb28b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{355B471D-6C3F-4364-A5D0-E5BD17D903EE}\MpKsl444bb28b.sys [?]

S1 MpKsl4cebc158;MpKsl4cebc158;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{365A778C-9F52-4CFB-8DEB-2614009853FA}\MpKsl4cebc158.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{365A778C-9F52-4CFB-8DEB-2614009853FA}\MpKsl4cebc158.sys [?]

S1 MpKsl80eb23ff;MpKsl80eb23ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C59B2AE-C40E-4F75-A7A4-C9AB7C0A4DF1}\MpKsl80eb23ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C59B2AE-C40E-4F75-A7A4-C9AB7C0A4DF1}\MpKsl80eb23ff.sys [?]

S1 MpKsl94e5c9a8;MpKsl94e5c9a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{394B04B5-3F77-4D04-A557-AEA38608344E}\MpKsl94e5c9a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{394B04B5-3F77-4D04-A557-AEA38608344E}\MpKsl94e5c9a8.sys [?]

S1 MpKslac52a3a8;MpKslac52a3a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C129459F-4312-4F59-BCEE-E089940E374A}\MpKslac52a3a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C129459F-4312-4F59-BCEE-E089940E374A}\MpKslac52a3a8.sys [?]

S1 MpKslb9ba9219;MpKslb9ba9219;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{796A4442-815E-462C-AB96-67336C38EFC4}\MpKslb9ba9219.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{796A4442-815E-462C-AB96-67336C38EFC4}\MpKslb9ba9219.sys [?]

S1 MpKslcad17419;MpKslcad17419;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94C496DF-21E8-48ED-A507-29F7335BEBBA}\MpKslcad17419.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94C496DF-21E8-48ED-A507-29F7335BEBBA}\MpKslcad17419.sys [?]

S1 MpKsldff65709;MpKsldff65709;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{329B98F2-617D-4208-BE8A-2EF5B0645D7B}\MpKsldff65709.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{329B98F2-617D-4208-BE8A-2EF5B0645D7B}\MpKsldff65709.sys [?]

S1 MpKsle7735c4f;MpKsle7735c4f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33EA2F77-63A0-4311-85D7-B84DEE82885D}\MpKsle7735c4f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33EA2F77-63A0-4311-85D7-B84DEE82885D}\MpKsle7735c4f.sys [?]

S1 MpKslee5d6a56;MpKslee5d6a56;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFA1C8DA-4EBB-463E-B4E5-F5677DAB20AA}\MpKslee5d6a56.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFA1C8DA-4EBB-463E-B4E5-F5677DAB20AA}\MpKslee5d6a56.sys [?]

S2 srv8B0;srv8B0;c:\windows\system32\svchost.exe -k netsvcs [8/11/2004 3:00 PM 14336]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/18/2010 11:37 PM 41272]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL68BCED05

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srv8B0

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-08-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

2011-08-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]

.

2011-01-05 c:\windows\Tasks\switchShakeIcon.job

- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-01-02 04:28]

.

2011-08-27 c:\windows\Tasks\User_Feed_Synchronization-{0913316D-E894-4671-BB15-68EE2829991D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uInternet Settings,ProxyOverride = <local>;*.local

IE: &Google Search

IE: &Translate English Word

IE: &Yahoo! Search

IE: Backward Links

IE: Cached Snapshot of Page

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages

IE: Translate Page into English

IE: Yahoo! &Dictionary

IE: Yahoo! &Maps

IE: Yahoo! &SMS

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Pranav Parekh\Application Data\Mozilla\Firefox\Profiles\3glaz6xt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-27 11:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK1032GSX rev.AS022D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8699F2E0

user & kernel MBR OK

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv8B0]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8B0.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-202150914-3117396412-1238869592-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(680)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2011-08-27 11:34:34

ComboFix-quarantined-files.txt 2011-08-27 18:34

.

Pre-Run: 1,612,492,800 bytes free

Post-Run: 2,512,826,368 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - A05CC59BF84ADD6B98725EC64C8CF304

==================================

DDS LOG

==================================

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Pranav Parekh at 11:55:26 on 2011-08-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.185 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled

IE: &Google Search

IE: &Translate English Word

IE: &Yahoo! Search

IE: Backward Links

IE: Cached Snapshot of Page

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Similar Pages

IE: Translate Page into English

IE: Yahoo! &Dictionary

IE: Yahoo! &Maps

IE: Yahoo! &SMS

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B1A315A3-26BD-4A6F-ADB7-50FC78636140} : DhcpNameServer = 192.168.0.1

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\pranav parekh\application data\mozilla\firefox\profiles\3glaz6xt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\pranav parekh\application data\mozilla\firefox\profiles\3glaz6xt.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll

FF - plugin: c:\documents and settings\pranav parekh\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]

R1 MpKsl619d7b91;MpKsl619d7b91;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7f08106-f229-4c25-bcfb-97f665754311}\MpKsl619d7b91.sys [2011-8-27 28752]

R1 NEOFLTR_530_11159;Juniper Networks TDI Filter Driver (NEOFLTR_530_11159);c:\windows\system32\drivers\NEOFLTR_530_11159.sys [2006-9-14 57063]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67664]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-18 22712]

S1 MpKsl01aa2fcf;MpKsl01aa2fcf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1394b490-cc01-4a88-8568-be06f5db99f3}\mpksl01aa2fcf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1394b490-cc01-4a88-8568-be06f5db99f3}\MpKsl01aa2fcf.sys [?]

S1 MpKsl0abc0d2b;MpKsl0abc0d2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b4f24dc-6e95-400d-891d-1221ae507618}\mpksl0abc0d2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6b4f24dc-6e95-400d-891d-1221ae507618}\MpKsl0abc0d2b.sys [?]

S1 MpKsl147c3589;MpKsl147c3589;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bdf8388d-1a66-4201-8de5-d8d380046302}\mpksl147c3589.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bdf8388d-1a66-4201-8de5-d8d380046302}\MpKsl147c3589.sys [?]

S1 MpKsl1a139f07;MpKsl1a139f07;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{977744b0-600f-42ed-b295-33627b4da0d4}\mpksl1a139f07.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{977744b0-600f-42ed-b295-33627b4da0d4}\MpKsl1a139f07.sys [?]

S1 MpKsl444bb28b;MpKsl444bb28b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{355b471d-6c3f-4364-a5d0-e5bd17d903ee}\mpksl444bb28b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{355b471d-6c3f-4364-a5d0-e5bd17d903ee}\MpKsl444bb28b.sys [?]

S1 MpKsl4cebc158;MpKsl4cebc158;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{365a778c-9f52-4cfb-8deb-2614009853fa}\mpksl4cebc158.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{365a778c-9f52-4cfb-8deb-2614009853fa}\MpKsl4cebc158.sys [?]

S1 MpKsl80eb23ff;MpKsl80eb23ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c59b2ae-c40e-4f75-a7a4-c9ab7c0a4df1}\mpksl80eb23ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c59b2ae-c40e-4f75-a7a4-c9ab7c0a4df1}\MpKsl80eb23ff.sys [?]

S1 MpKsl94e5c9a8;MpKsl94e5c9a8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{394b04b5-3f77-4d04-a557-aea38608344e}\mpksl94e5c9a8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{394b04b5-3f77-4d04-a557-aea38608344e}\MpKsl94e5c9a8.sys [?]

S1 MpKslac52a3a8;MpKslac52a3a8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c129459f-4312-4f59-bcee-e089940e374a}\mpkslac52a3a8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c129459f-4312-4f59-bcee-e089940e374a}\MpKslac52a3a8.sys [?]

S1 MpKslb9ba9219;MpKslb9ba9219;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{796a4442-815e-462c-ab96-67336c38efc4}\mpkslb9ba9219.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{796a4442-815e-462c-ab96-67336c38efc4}\MpKslb9ba9219.sys [?]

S1 MpKslcad17419;MpKslcad17419;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{94c496df-21e8-48ed-a507-29f7335bebba}\mpkslcad17419.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{94c496df-21e8-48ed-a507-29f7335bebba}\MpKslcad17419.sys [?]

S1 MpKsldff65709;MpKsldff65709;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{329b98f2-617d-4208-be8a-2ef5b0645d7b}\mpksldff65709.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{329b98f2-617d-4208-be8a-2ef5b0645d7b}\MpKsldff65709.sys [?]

S1 MpKsle7735c4f;MpKsle7735c4f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33ea2f77-63a0-4311-85d7-b84dee82885d}\mpksle7735c4f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33ea2f77-63a0-4311-85d7-b84dee82885d}\MpKsle7735c4f.sys [?]

S1 MpKslee5d6a56;MpKslee5d6a56;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{efa1c8da-4ebb-463e-b4e5-f5677dab20aa}\mpkslee5d6a56.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{efa1c8da-4ebb-463e-b4e5-f5677dab20aa}\MpKslee5d6a56.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-18 41272]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]

.

=============== Created Last 30 ================

.

2011-08-27 18:41:13 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7f08106-f229-4c25-bcfb-97f665754311}\MpKsl619d7b91.sys

2011-08-27 18:36:19 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7f08106-f229-4c25-bcfb-97f665754311}\mpengine.dll

2011-08-27 18:22:08 -------- d-sha-r- C:\cmdcons

2011-08-27 18:18:43 98816 ----a-w- c:\windows\sed.exe

2011-08-27 18:18:43 518144 ----a-w- c:\windows\SWREG.exe

2011-08-27 18:18:43 256000 ----a-w- c:\windows\PEV.exe

2011-08-27 18:18:43 208896 ----a-w- c:\windows\MBR.exe

2011-08-27 18:16:07 -------- d-----w- C:\ComboFix

2011-08-21 23:04:02 -------- d-----w- c:\documents and settings\pranav parekh\application data\Wireshark

2011-08-21 22:54:48 -------- d-----w- c:\program files\WinPcap

2011-08-16 02:56:22 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-08-12 06:42:47 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-12 06:41:23 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-07 22:38:18 -------- d-----w- c:\documents and settings\pranav parekh\local settings\application data\SCE

2011-08-07 22:32:57 -------- d-----w- c:\program files\Sony Online Entertainment

2011-08-07 22:32:45 -------- d-----w- c:\documents and settings\pranav parekh\application data\Sony Online Entertainment

2011-08-01 05:43:56 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK1032GSX rev.AS022D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x869B64C0]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x869bd8a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x869bd730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86D85AB8]

3 CLASSPNP[0xF763DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86AED888]

\Driver\atapi[0x86C764B0] -> IRP_MJ_CREATE -> 0x869B64C0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x869B62E0

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 12:01:09.64 ===============

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Here is the TDSS Log:

=================================

2011/08/30 19:26:18.0444 0968 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/08/30 19:26:19.0163 0968 ================================================================================

2011/08/30 19:26:19.0163 0968 SystemInfo:

2011/08/30 19:26:19.0163 0968

2011/08/30 19:26:19.0163 0968 OS Version: 5.1.2600 ServicePack: 3.0

2011/08/30 19:26:19.0163 0968 Product type: Workstation

2011/08/30 19:26:19.0163 0968 ComputerName: OFFICE_LAPTOP

2011/08/30 19:26:19.0163 0968 UserName: Pranav Parekh

2011/08/30 19:26:19.0163 0968 Windows directory: C:\WINDOWS

2011/08/30 19:26:19.0163 0968 System windows directory: C:\WINDOWS

2011/08/30 19:26:19.0163 0968 Processor architecture: Intel x86

2011/08/30 19:26:19.0163 0968 Number of processors: 2

2011/08/30 19:26:19.0163 0968 Page size: 0x1000

2011/08/30 19:26:19.0163 0968 Boot type: Normal boot

2011/08/30 19:26:19.0163 0968 ================================================================================

2011/08/30 19:26:22.0507 0968 Initialize success

2011/08/30 19:26:31.0773 2904 ================================================================================

2011/08/30 19:26:31.0773 2904 Scan started

2011/08/30 19:26:31.0773 2904 Mode: Manual;

2011/08/30 19:26:31.0773 2904 ================================================================================

2011/08/30 19:26:35.0038 2904 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/08/30 19:26:35.0273 2904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/30 19:26:35.0694 2904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/08/30 19:26:35.0819 2904 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/08/30 19:26:35.0913 2904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/08/30 19:26:36.0007 2904 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/08/30 19:26:36.0241 2904 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/08/30 19:26:36.0335 2904 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/08/30 19:26:36.0523 2904 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/08/30 19:26:36.0648 2904 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/08/30 19:26:36.0694 2904 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/08/30 19:26:36.0741 2904 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/08/30 19:26:36.0804 2904 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/08/30 19:26:36.0835 2904 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/08/30 19:26:36.0882 2904 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/08/30 19:26:37.0069 2904 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/08/30 19:26:37.0241 2904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/08/30 19:26:37.0366 2904 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/08/30 19:26:37.0413 2904 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/08/30 19:26:37.0460 2904 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/08/30 19:26:37.0507 2904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/30 19:26:37.0554 2904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/30 19:26:37.0648 2904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/30 19:26:37.0710 2904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/30 19:26:37.0757 2904 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/08/30 19:26:37.0788 2904 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/08/30 19:26:37.0819 2904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/08/30 19:26:37.0960 2904 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/08/30 19:26:38.0085 2904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/30 19:26:38.0132 2904 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/08/30 19:26:38.0694 2904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/30 19:26:39.0288 2904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/30 19:26:39.0882 2904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/30 19:26:40.0476 2904 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/08/30 19:26:40.0694 2904 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/08/30 19:26:40.0741 2904 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/08/30 19:26:40.0788 2904 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/08/30 19:26:41.0038 2904 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/08/30 19:26:41.0085 2904 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/08/30 19:26:41.0398 2904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/30 19:26:41.0491 2904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/08/30 19:26:41.0663 2904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/08/30 19:26:41.0710 2904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/08/30 19:26:41.0741 2904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/08/30 19:26:41.0788 2904 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2011/08/30 19:26:41.0835 2904 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2011/08/30 19:26:41.0882 2904 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

2011/08/30 19:26:41.0960 2904 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

2011/08/30 19:26:42.0007 2904 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/08/30 19:26:42.0116 2904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/30 19:26:42.0335 2904 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/08/30 19:26:42.0569 2904 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/08/30 19:26:43.0413 2904 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2011/08/30 19:26:43.0710 2904 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

2011/08/30 19:26:43.0976 2904 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/08/30 19:26:44.0523 2904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/30 19:26:44.0679 2904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/08/30 19:26:45.0038 2904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/08/30 19:26:45.0351 2904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/08/30 19:26:45.0710 2904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/08/30 19:26:45.0913 2904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/30 19:26:46.0163 2904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/30 19:26:46.0554 2904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/08/30 19:26:46.0726 2904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/30 19:26:47.0007 2904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/08/30 19:26:47.0429 2904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/08/30 19:26:47.0601 2904 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/08/30 19:26:47.0913 2904 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/08/30 19:26:48.0382 2904 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/08/30 19:26:48.0804 2904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/30 19:26:49.0023 2904 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/08/30 19:26:49.0132 2904 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/08/30 19:26:49.0444 2904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/30 19:26:49.0944 2904 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/08/30 19:26:50.0554 2904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/30 19:26:50.0757 2904 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/08/30 19:26:51.0319 2904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/08/30 19:26:51.0694 2904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/30 19:26:51.0976 2904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/08/30 19:26:52.0179 2904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/30 19:26:52.0413 2904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/30 19:26:52.0648 2904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/30 19:26:52.0882 2904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/30 19:26:53.0273 2904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/30 19:26:53.0444 2904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/30 19:26:53.0616 2904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/30 19:26:53.0960 2904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/08/30 19:26:54.0616 2904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/30 19:26:55.0226 2904 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys

2011/08/30 19:26:55.0413 2904 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/08/30 19:26:55.0616 2904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/30 19:26:55.0913 2904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/08/30 19:26:56.0101 2904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/30 19:26:56.0491 2904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/08/30 19:26:56.0882 2904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/30 19:26:57.0085 2904 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/08/30 19:26:57.0960 2904 MpKsl77ef328e (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88FDD577-1A0F-4F42-BE58-8E8FCEB3648D}\MpKsl77ef328e.sys

2011/08/30 19:26:59.0132 2904 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/08/30 19:26:59.0366 2904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/30 19:26:59.0898 2904 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/30 19:27:00.0413 2904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/08/30 19:27:00.0944 2904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/30 19:27:01.0288 2904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/30 19:27:01.0616 2904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/30 19:27:01.0741 2904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/30 19:27:01.0804 2904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/08/30 19:27:01.0913 2904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/08/30 19:27:01.0976 2904 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/30 19:27:02.0023 2904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/30 19:27:02.0069 2904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/30 19:27:02.0148 2904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/30 19:27:02.0226 2904 NEOFLTR_530_11159 (0ce8d4c2298c36042481258ca76c97c7) C:\WINDOWS\system32\Drivers\NEOFLTR_530_11159.SYS

2011/08/30 19:27:02.0444 2904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/30 19:27:02.0726 2904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/30 19:27:02.0882 2904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/08/30 19:27:03.0054 2904 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys

2011/08/30 19:27:07.0569 2904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/08/30 19:27:07.0616 2904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/30 19:27:07.0710 2904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/08/30 19:27:08.0069 2904 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/08/30 19:27:08.0444 2904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/30 19:27:08.0538 2904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/30 19:27:08.0632 2904 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/08/30 19:27:08.0726 2904 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/08/30 19:27:08.0882 2904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/08/30 19:27:08.0976 2904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/30 19:27:09.0257 2904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/30 19:27:09.0632 2904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/30 19:27:09.0944 2904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/30 19:27:09.0991 2904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/08/30 19:27:10.0241 2904 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/08/30 19:27:10.0304 2904 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/08/30 19:27:10.0382 2904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/30 19:27:10.0413 2904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/30 19:27:10.0444 2904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/30 19:27:10.0507 2904 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/08/30 19:27:10.0538 2904 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/08/30 19:27:10.0585 2904 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/08/30 19:27:10.0616 2904 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/08/30 19:27:10.0663 2904 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/08/30 19:27:10.0694 2904 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/08/30 19:27:10.0726 2904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/30 19:27:10.0773 2904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/30 19:27:10.0804 2904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/30 19:27:10.0835 2904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/30 19:27:10.0882 2904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/30 19:27:10.0898 2904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/30 19:27:10.0944 2904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/30 19:27:11.0007 2904 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/30 19:27:11.0069 2904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/30 19:27:11.0132 2904 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/08/30 19:27:11.0163 2904 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/08/30 19:27:11.0226 2904 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/08/30 19:27:11.0444 2904 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/08/30 19:27:11.0585 2904 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2011/08/30 19:27:11.0601 2904 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

2011/08/30 19:27:11.0788 2904 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/08/30 19:27:11.0913 2904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/30 19:27:12.0023 2904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/08/30 19:27:12.0054 2904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/08/30 19:27:12.0101 2904 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2011/08/30 19:27:12.0148 2904 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2011/08/30 19:27:12.0194 2904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/08/30 19:27:12.0257 2904 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/08/30 19:27:12.0304 2904 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/08/30 19:27:12.0335 2904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/08/30 19:27:12.0413 2904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/08/30 19:27:12.0632 2904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/30 19:27:12.0944 2904 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/08/30 19:27:13.0148 2904 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/08/30 19:27:13.0444 2904 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys

2011/08/30 19:27:13.0585 2904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/30 19:27:13.0632 2904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/08/30 19:27:13.0694 2904 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/08/30 19:27:13.0726 2904 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/08/30 19:27:13.0773 2904 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/08/30 19:27:13.0804 2904 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/08/30 19:27:13.0882 2904 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/08/30 19:27:13.0913 2904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/30 19:27:13.0991 2904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/30 19:27:14.0038 2904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/30 19:27:14.0085 2904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/30 19:27:14.0163 2904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/30 19:27:14.0241 2904 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/08/30 19:27:14.0335 2904 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/08/30 19:27:14.0460 2904 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/08/30 19:27:14.0507 2904 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

2011/08/30 19:27:14.0569 2904 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/08/30 19:27:14.0679 2904 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/08/30 19:27:14.0726 2904 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/08/30 19:27:14.0757 2904 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/08/30 19:27:14.0835 2904 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/08/30 19:27:14.0929 2904 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/08/30 19:27:14.0991 2904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/08/30 19:27:15.0023 2904 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/08/30 19:27:15.0101 2904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/08/30 19:27:15.0194 2904 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/08/30 19:27:15.0257 2904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/30 19:27:15.0304 2904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/30 19:27:15.0351 2904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/30 19:27:15.0429 2904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/08/30 19:27:15.0538 2904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/30 19:27:15.0554 2904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/30 19:27:15.0601 2904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/08/30 19:27:15.0648 2904 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/08/30 19:27:15.0679 2904 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/08/30 19:27:15.0741 2904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/30 19:27:15.0788 2904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/30 19:27:15.0866 2904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/30 19:27:15.0960 2904 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/08/30 19:27:16.0069 2904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/30 19:27:16.0148 2904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/08/30 19:27:16.0179 2904 MBR (0x1B8) (9a33e998f01c9c93be804d4f1127a829) \Device\Harddisk0\DR0

2011/08/30 19:27:16.0194 2904 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)

2011/08/30 19:27:16.0226 2904 Boot (0x1200) (19c2530419b36184fe2a6eb75574f277) \Device\Harddisk0\DR0\Partition0

2011/08/30 19:27:16.0257 2904 Boot (0x1200) (2df8eac322e1bd9a4a1b2f3eb76724bd) \Device\Harddisk0\DR0\Partition1

2011/08/30 19:27:16.0257 2904 ================================================================================

2011/08/30 19:27:16.0257 2904 Scan finished

2011/08/30 19:27:16.0257 2904 ================================================================================

2011/08/30 19:27:16.0273 3180 Detected object count: 1

2011/08/30 19:27:16.0273 3180 Actual detected object count: 1

2011/08/30 19:27:34.0538 3180 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot

2011/08/30 19:27:34.0538 3180 \Device\Harddisk0\DR0 - ok

2011/08/30 19:27:34.0538 3180 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure

2011/08/30 19:27:38.0085 3708 Deinitialize success

=================================

Haven't seen blocked access messages since running TDSS. Interested in next steps to verify that computer is completely disinfected.

Cheers,

PJ

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

=============

ESET Log

=============

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=37665ff3ae8add41b10a3e03916bf1fd

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-09-03 08:18:02

# local_time=2011-09-03 01:18:02 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776533 42 87 0 11831899 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=80156

# found=0

# cleaned=0

# scan_time=4855

=============

Security Log

=============

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Dr Watson for Microsoft Windows OneCare Live v1.0.0971.20

Microsoft Security Essentials

Antivirus out of date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 26

Java 2 Runtime Environment, SE v1.4.2_03

Adobe Flash Player 10.3.183.7

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

=============

1. No more messages related to "blocked access to a potentially malicious website.." from MBAM

2. No other threats being detected currently by MBAM, MSE, SpyBot, or SuperAntiSpyware

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Reader 7.0

Java 2 Runtime Environment, SE v1.4.2_03

Restart your computer.

Get the latest version of Adobe Reader.

Update and enable your antivirus.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi,

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.