Plz Help Urgently !!! My computer sponatenously surfing porn and Adult sites.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Aizaz

Thread Starter
Joined
Dec 8, 2011
Messages
14
My computer got infected by a strange malware. . . It automatically starts surfing porn and adult dating sites if left idle for few hours. . . I am using Windows XP PRO with latest updates. . . Few days back I left my pc turned on for an overnight (torrent downloading) and the next day when i opened the browser it asked my to restore prev. Session. I did so and it was some porn sites (however, no one was in my room as it was locked). . . I did fellowing steps to eradicate the problem. . . But it didnt helped. 1. Installed and updated Malwarebytes and scaned full pc.
2. Scanned my pc with fully updated Kaspersky PURE and McAfee Antivirus plus.
3. Removed Google Chrome and set Firefox as default browser.
4. Formatted C: drive and re-installed OS.
After doing all still have the same problem. . . If I leave my Pc on for a few hours it spontanously loads porn. . . This is too annoying. . . Please help.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Can you post a screen shot of your partition layout, Select start > right click on "My Computer" > select "Manage" in the new window select > Disk Management.
You should now see your partiton layout. Maximise the screen. Select the following two keys together Ctrl and Prt Sc SysRq. Next open Paint from your Accessories folder, right click and select paste. Save the image as a jpeg, not bitmap

Kevin
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Thanks for the image, it rules out the new TDL4 re-booted infection. OK continue as follows:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin
 

Aizaz

Thread Starter
Joined
Dec 8, 2011
Messages
14
It detected 1 suspecious file. Here is report.

03:01:24.0843 0972 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
03:01:26.0062 0972 ============================================================
03:01:26.0062 0972 Current date / time: 2011/12/08 03:01:26.0062
03:01:26.0062 0972 SystemInfo:
03:01:26.0062 0972
03:01:26.0062 0972 OS Version: 5.1.2600 ServicePack: 3.0
03:01:26.0062 0972 Product type: Workstation
03:01:26.0062 0972 ComputerName: CT
03:01:26.0062 0972 UserName: Aizaz
03:01:26.0062 0972 Windows directory: C:\WINDOWS
03:01:26.0062 0972 System windows directory: C:\WINDOWS
03:01:26.0062 0972 Processor architecture: Intel x86
03:01:26.0062 0972 Number of processors: 1
03:01:26.0062 0972 Page size: 0x1000
03:01:26.0062 0972 Boot type: Normal boot
03:01:26.0062 0972 ============================================================
03:01:27.0453 0972 Initialize success
03:01:29.0046 2300 ============================================================
03:01:29.0046 2300 Scan started
03:01:29.0046 2300 Mode: Manual;
03:01:29.0046 2300 ============================================================
03:01:31.0250 2300 Abiosdsk - ok
03:01:31.0421 2300 abp480n5 - ok
03:01:31.0625 2300 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:01:31.0625 2300 ACPI - ok
03:01:31.0828 2300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:01:31.0828 2300 ACPIEC - ok
03:01:32.0046 2300 adpu160m - ok
03:01:32.0312 2300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:01:32.0312 2300 aec - ok
03:01:32.0546 2300 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:01:32.0578 2300 AFD - ok
03:01:32.0734 2300 Aha154x - ok
03:01:32.0906 2300 aic78u2 - ok
03:01:33.0062 2300 aic78xx - ok
03:01:33.0437 2300 ALCXWDM (34fc779e3ce6964546e02596acc8ff48) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
03:01:33.0609 2300 ALCXWDM - ok
03:01:33.0828 2300 AliIde - ok
03:01:34.0000 2300 amsint - ok
03:01:34.0843 2300 asc - ok
03:01:35.0265 2300 asc3350p - ok
03:01:35.0390 2300 asc3550 - ok
03:01:35.0531 2300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:01:35.0531 2300 AsyncMac - ok
03:01:35.0687 2300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:01:35.0687 2300 atapi - ok
03:01:35.0843 2300 Atdisk - ok
03:01:36.0015 2300 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:01:36.0015 2300 Atmarpc - ok
03:01:36.0890 2300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:01:36.0890 2300 audstub - ok
03:01:37.0062 2300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:01:37.0062 2300 Beep - ok
03:01:37.0218 2300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:01:37.0234 2300 cbidf2k - ok
03:01:37.0406 2300 cd20xrnt - ok
03:01:37.0562 2300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:01:37.0562 2300 Cdaudio - ok
03:01:37.0734 2300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:01:37.0734 2300 Cdfs - ok
03:01:37.0890 2300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:01:37.0890 2300 Cdrom - ok
03:01:38.0046 2300 Changer - ok
03:01:38.0203 2300 CmdIde - ok
03:01:38.0390 2300 Cpqarray - ok
03:01:38.0562 2300 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
03:01:38.0578 2300 CSCrySec - ok
03:01:38.0734 2300 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
03:01:38.0734 2300 CSVirtualDiskDrv - ok
03:01:38.0859 2300 dac2w2k - ok
03:01:39.0000 2300 dac960nt - ok
03:01:39.0140 2300 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:01:39.0140 2300 Disk - ok
03:01:39.0343 2300 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:01:39.0390 2300 dmboot - ok
03:01:39.0609 2300 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:01:39.0609 2300 dmio - ok
03:01:39.0781 2300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:01:39.0781 2300 dmload - ok
03:01:40.0359 2300 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:01:40.0359 2300 DMusic - ok
03:01:40.0515 2300 dpti2o - ok
03:01:41.0171 2300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:01:41.0171 2300 drmkaud - ok
03:01:41.0812 2300 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:01:41.0812 2300 Fastfat - ok
03:01:41.0968 2300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:01:41.0968 2300 Fdc - ok
03:01:42.0140 2300 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:01:42.0140 2300 Fips - ok
03:01:42.0296 2300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:01:42.0296 2300 Flpydisk - ok
03:01:42.0484 2300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:01:42.0484 2300 FltMgr - ok
03:01:42.0640 2300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:01:42.0656 2300 Fs_Rec - ok
03:01:42.0812 2300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:01:42.0828 2300 Ftdisk - ok
03:01:43.0343 2300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:01:43.0359 2300 Gpc - ok
03:01:43.0515 2300 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:01:43.0515 2300 hidusb - ok
03:01:43.0656 2300 hpn - ok
03:01:43.0828 2300 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:01:43.0828 2300 HTTP - ok
03:01:43.0984 2300 i2omgmt - ok
03:01:44.0109 2300 i2omp - ok
03:01:44.0281 2300 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:01:44.0281 2300 i8042prt - ok
03:01:44.0453 2300 IDMTDI (330a6a0baf4fd945bde14c7b1d88d9b9) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
03:01:44.0453 2300 IDMTDI - ok
03:01:44.0750 2300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:01:44.0750 2300 Imapi - ok
03:01:44.0890 2300 ini910u - ok
03:01:45.0031 2300 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
03:01:45.0031 2300 IntelIde - ok
03:01:45.0203 2300 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:01:45.0218 2300 intelppm - ok
03:01:45.0390 2300 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:01:45.0390 2300 Ip6Fw - ok
03:01:45.0578 2300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:01:45.0578 2300 IpFilterDriver - ok
03:01:45.0765 2300 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:01:45.0765 2300 IpInIp - ok
03:01:45.0937 2300 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:01:45.0937 2300 IpNat - ok
03:01:46.0843 2300 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:01:46.0859 2300 IPSec - ok
03:01:47.0015 2300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:01:47.0015 2300 IRENUM - ok
03:01:47.0171 2300 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:01:47.0171 2300 isapnp - ok
03:01:47.0390 2300 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:01:47.0390 2300 Kbdclass - ok
03:01:47.0671 2300 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
03:01:47.0671 2300 kl1 - ok
03:01:47.0828 2300 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\DRIVERS\klbg.sys
03:01:47.0828 2300 KLBG - ok
03:01:48.0000 2300 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) C:\WINDOWS\system32\DRIVERS\klif.sys
03:01:48.0015 2300 KLIF - ok
03:01:48.0218 2300 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
03:01:48.0218 2300 klim5 - ok
03:01:48.0484 2300 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
03:01:48.0484 2300 klmouflt - ok
03:01:48.0703 2300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:01:48.0703 2300 kmixer - ok
03:01:48.0875 2300 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:01:48.0890 2300 KSecDD - ok
03:01:49.0046 2300 lbrtfdc - ok
03:01:49.0515 2300 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
03:01:49.0562 2300 ltmodem5 - ok
03:01:49.0734 2300 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
03:01:49.0750 2300 MBAMProtector - ok
03:01:50.0000 2300 MBAMSwissArmy - ok
03:01:50.0171 2300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:01:50.0171 2300 mnmdd - ok
03:01:50.0375 2300 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:01:50.0375 2300 Modem - ok
03:01:50.0578 2300 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
03:01:50.0578 2300 MODEMCSA - ok
03:01:50.0734 2300 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:01:50.0734 2300 Mouclass - ok
03:01:51.0000 2300 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:01:51.0000 2300 mouhid - ok
03:01:51.0218 2300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:01:51.0218 2300 MountMgr - ok
03:01:51.0390 2300 mraid35x - ok
03:01:51.0562 2300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:01:51.0562 2300 MRxDAV - ok
03:01:51.0765 2300 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:01:51.0796 2300 MRxSmb - ok
03:01:51.0984 2300 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:01:51.0984 2300 Msfs - ok
03:01:52.0218 2300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:01:52.0218 2300 MSKSSRV - ok
03:01:52.0406 2300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:01:52.0406 2300 MSPCLOCK - ok
03:01:52.0578 2300 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:01:52.0578 2300 MSPQM - ok
03:01:52.0781 2300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:01:52.0781 2300 mssmbios - ok
03:01:52.0968 2300 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:01:52.0984 2300 Mup - ok
03:01:53.0234 2300 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:01:53.0234 2300 NDIS - ok
03:01:53.0421 2300 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:01:53.0421 2300 NdisTapi - ok
03:01:53.0625 2300 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:01:53.0625 2300 Ndisuio - ok
03:01:53.0812 2300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:01:53.0812 2300 NdisWan - ok
03:01:54.0046 2300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:01:54.0046 2300 NDProxy - ok
03:01:54.0234 2300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:01:54.0234 2300 NetBIOS - ok
03:01:54.0468 2300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:01:54.0468 2300 NetBT - ok
03:01:54.0718 2300 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
03:01:54.0718 2300 nmwcd - ok
03:01:54.0875 2300 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
03:01:54.0875 2300 nmwcdc - ok
03:01:55.0093 2300 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:01:55.0093 2300 Npfs - ok
03:01:55.0562 2300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:01:55.0625 2300 Ntfs - ok
03:01:55.0953 2300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:01:55.0953 2300 Null - ok
03:01:56.0343 2300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:01:56.0343 2300 NwlnkFlt - ok
03:01:56.0546 2300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:01:56.0546 2300 NwlnkFwd - ok
03:01:56.0703 2300 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
03:01:56.0703 2300 Parport - ok
03:01:56.0890 2300 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:01:56.0890 2300 PartMgr - ok
03:01:57.0062 2300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:01:57.0062 2300 ParVdm - ok
03:01:57.0218 2300 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
03:01:57.0234 2300 pccsmcfd - ok
03:01:57.0406 2300 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:01:57.0406 2300 PCI - ok
03:01:57.0593 2300 PCIDump - ok
03:01:57.0765 2300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
03:01:57.0765 2300 PCIIde - ok
03:01:57.0953 2300 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:01:57.0968 2300 Pcmcia - ok
03:01:58.0109 2300 PDCOMP - ok
03:01:58.0234 2300 PDFRAME - ok
03:01:58.0375 2300 PDRELI - ok
03:01:58.0531 2300 PDRFRAME - ok
03:01:58.0656 2300 perc2 - ok
03:01:58.0796 2300 perc2hib - ok
03:01:59.0015 2300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:01:59.0015 2300 PptpMiniport - ok
03:01:59.0187 2300 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:01:59.0203 2300 PSched - ok
03:01:59.0390 2300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:01:59.0406 2300 Ptilink - ok
03:01:59.0890 2300 ql1080 - ok
03:02:00.0093 2300 Ql10wnt - ok
03:02:00.0218 2300 ql12160 - ok
03:02:00.0359 2300 ql1240 - ok
03:02:00.0515 2300 ql1280 - ok
03:02:00.0703 2300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:02:00.0703 2300 RasAcd - ok
03:02:00.0890 2300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:02:00.0890 2300 Rasl2tp - ok
03:02:01.0296 2300 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:02:01.0296 2300 RasPppoe - ok
03:02:01.0515 2300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:02:01.0515 2300 Raspti - ok
03:02:01.0687 2300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:02:01.0687 2300 Rdbss - ok
03:02:01.0953 2300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:02:01.0968 2300 RDPCDD - ok
03:02:02.0265 2300 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:02:02.0265 2300 rdpdr - ok
03:02:02.0453 2300 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
03:02:02.0468 2300 RDPWD - ok
03:02:02.0625 2300 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:02:02.0640 2300 redbook - ok
03:02:02.0828 2300 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
03:02:02.0828 2300 rtl8139 - ok
03:02:03.0015 2300 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:02:03.0031 2300 Secdrv - ok
03:02:03.0203 2300 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:02:03.0203 2300 serenum - ok
03:02:03.0390 2300 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:02:03.0390 2300 Serial - ok
03:02:03.0578 2300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:02:03.0578 2300 Sfloppy - ok
03:02:03.0718 2300 Simbad - ok
03:02:03.0890 2300 Sparrow - ok
03:02:04.0031 2300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:02:04.0031 2300 splitter - ok
03:02:04.0609 2300 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:02:04.0609 2300 sr - ok
03:02:05.0500 2300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:02:05.0640 2300 Srv - ok
03:02:06.0218 2300 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:02:06.0281 2300 swenum - ok
03:02:07.0218 2300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:02:07.0250 2300 swmidi - ok
03:02:07.0593 2300 symc810 - ok
03:02:07.0921 2300 symc8xx - ok
03:02:08.0171 2300 sym_hi - ok
03:02:08.0593 2300 sym_u3 - ok
03:02:09.0093 2300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:02:09.0156 2300 sysaudio - ok
03:02:09.0593 2300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:02:09.0750 2300 Tcpip - ok
03:02:10.0250 2300 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:02:10.0328 2300 TDPIPE - ok
03:02:10.0593 2300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:02:10.0718 2300 TDTCP - ok
03:02:10.0953 2300 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:02:11.0031 2300 TermDD - ok
03:02:11.0500 2300 TosIde - ok
03:02:12.0234 2300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:02:12.0343 2300 Udfs - ok
03:02:12.0875 2300 ultra - ok
03:02:13.0562 2300 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:02:13.0890 2300 Update - ok
03:02:14.0453 2300 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
03:02:14.0562 2300 upperdev - ok
03:02:15.0500 2300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:02:15.0609 2300 usbehci - ok
03:02:15.0953 2300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:02:16.0062 2300 usbhub - ok
03:02:16.0703 2300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:02:16.0890 2300 usbscan - ok
03:02:17.0203 2300 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
03:02:17.0234 2300 usbser - ok
03:02:17.0578 2300 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
03:02:17.0593 2300 UsbserFilt - ok
03:02:17.0859 2300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:02:17.0937 2300 USBSTOR - ok
03:02:18.0218 2300 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:02:18.0265 2300 usbuhci - ok
03:02:18.0734 2300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:02:18.0765 2300 VgaSave - ok
03:02:18.0906 2300 ViaIde - ok
03:02:19.0109 2300 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:02:19.0156 2300 VolSnap - ok
03:02:19.0359 2300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:02:19.0421 2300 Wanarp - ok
03:02:19.0609 2300 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
03:02:19.0671 2300 Wdf01000 - ok
03:02:19.0890 2300 WDICA - ok
03:02:20.0109 2300 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:02:20.0171 2300 wdmaud - ok
03:02:20.0578 2300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:02:20.0750 2300 \Device\Harddisk0\DR0 - ok
03:02:20.0796 2300 Boot (0x1200) (51658841ac408ef597134c5ed9156187) \Device\Harddisk0\DR0\Partition0
03:02:20.0796 2300 \Device\Harddisk0\DR0\Partition0 - ok
03:02:20.0828 2300 Boot (0x1200) (69083752f7deed30df8b707b3dee0cf0) \Device\Harddisk0\DR0\Partition1
03:02:20.0828 2300 \Device\Harddisk0\DR0\Partition1 - ok
03:02:20.0890 2300 Boot (0x1200) (7995ce1697dfc30719b5d0ec226c9be5) \Device\Harddisk0\DR0\Partition2
03:02:20.0890 2300 \Device\Harddisk0\DR0\Partition2 - ok
03:02:20.0890 2300 ============================================================
03:02:20.0890 2300 Scan finished
03:02:20.0906 2300 ============================================================
03:02:20.0984 4008 Detected object count: 0
03:02:20.0984 4008 Actual detected object count: 0
03:03:05.0250 2596 ============================================================
03:03:05.0250 2596 Scan started
03:03:05.0250 2596 Mode: Manual; SigCheck; TDLFS;
03:03:05.0250 2596 ============================================================
03:03:06.0500 2596 Abiosdsk - ok
03:03:06.0640 2596 abp480n5 - ok
03:03:06.0953 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:03:09.0968 2596 ACPI - ok
03:03:10.0312 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:03:10.0625 2596 ACPIEC - ok
03:03:10.0796 2596 adpu160m - ok
03:03:11.0000 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:03:11.0343 2596 aec - ok
03:03:12.0062 2596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:03:12.0187 2596 AFD - ok
03:03:12.0328 2596 Aha154x - ok
03:03:12.0453 2596 aic78u2 - ok
03:03:12.0593 2596 aic78xx - ok
03:03:12.0875 2596 ALCXWDM (34fc779e3ce6964546e02596acc8ff48) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
03:03:13.0156 2596 ALCXWDM - ok
03:03:13.0296 2596 AliIde - ok
03:03:13.0718 2596 amsint - ok
03:03:13.0921 2596 asc - ok
03:03:14.0062 2596 asc3350p - ok
03:03:14.0406 2596 asc3550 - ok
03:03:14.0546 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:03:14.0937 2596 AsyncMac - ok
03:03:15.0109 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:03:15.0515 2596 atapi - ok
03:03:15.0656 2596 Atdisk - ok
03:03:15.0828 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:03:16.0343 2596 Atmarpc - ok
03:03:16.0515 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:03:16.0859 2596 audstub - ok
03:03:17.0031 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:03:17.0531 2596 Beep - ok
03:03:17.0750 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:03:18.0187 2596 cbidf2k - ok
03:03:18.0328 2596 cd20xrnt - ok
03:03:18.0500 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:03:18.0890 2596 Cdaudio - ok
03:03:19.0078 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:03:19.0375 2596 Cdfs - ok
03:03:19.0562 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:03:19.0875 2596 Cdrom - ok
03:03:20.0062 2596 Changer - ok
03:03:20.0281 2596 CmdIde - ok
03:03:20.0546 2596 Cpqarray - ok
03:03:20.0734 2596 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
03:03:21.0250 2596 CSCrySec - ok
03:03:21.0484 2596 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
03:03:21.0750 2596 CSVirtualDiskDrv - ok
03:03:21.0906 2596 dac2w2k - ok
03:03:22.0062 2596 dac960nt - ok
03:03:22.0265 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:03:22.0546 2596 Disk - ok
03:03:22.0828 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:03:23.0171 2596 dmboot - ok
03:03:23.0343 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:03:23.0671 2596 dmio - ok
03:03:23.0890 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:03:24.0203 2596 dmload - ok
03:03:24.0421 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:03:24.0890 2596 DMusic - ok
03:03:25.0078 2596 dpti2o - ok
03:03:25.0250 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:03:25.0609 2596 drmkaud - ok
03:03:26.0140 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:03:26.0406 2596 Fastfat - ok
03:03:26.0578 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:03:26.0890 2596 Fdc - ok
03:03:27.0078 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:03:27.0343 2596 Fips - ok
03:03:27.0500 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:03:27.0796 2596 Flpydisk - ok
03:03:27.0968 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:03:28.0296 2596 FltMgr - ok
03:03:28.0453 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:03:28.0734 2596 Fs_Rec - ok
03:03:29.0546 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:03:30.0234 2596 Ftdisk - ok
03:03:30.0406 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:03:31.0062 2596 Gpc - ok
03:03:31.0375 2596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:03:31.0671 2596 hidusb - ok
03:03:31.0812 2596 hpn - ok
03:03:31.0968 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:03:32.0062 2596 HTTP - ok
03:03:32.0203 2596 i2omgmt - ok
03:03:32.0359 2596 i2omp - ok
03:03:32.0500 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:03:32.0750 2596 i8042prt - ok
03:03:32.0921 2596 IDMTDI (330a6a0baf4fd945bde14c7b1d88d9b9) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
03:03:33.0046 2596 IDMTDI - ok
03:03:33.0218 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:03:33.0718 2596 Imapi - ok
03:03:33.0859 2596 ini910u - ok
03:03:34.0000 2596 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
03:03:34.0250 2596 IntelIde - ok
03:03:34.0421 2596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:03:34.0671 2596 intelppm - ok
03:03:34.0828 2596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:03:35.0125 2596 Ip6Fw - ok
03:03:35.0281 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:03:35.0546 2596 IpFilterDriver - ok
03:03:35.0718 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:03:36.0265 2596 IpInIp - ok
03:03:36.0421 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:03:37.0859 2596 IpNat - ok
03:03:38.0031 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:03:38.0312 2596 IPSec - ok
03:03:38.0484 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:03:38.0781 2596 IRENUM - ok
03:03:38.0937 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:03:39.0218 2596 isapnp - ok
03:03:39.0390 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:03:39.0671 2596 Kbdclass - ok
03:03:39.0890 2596 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
03:03:39.0953 2596 kl1 - ok
03:03:40.0687 2596 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\DRIVERS\klbg.sys
03:03:41.0265 2596 KLBG - ok
03:03:41.0437 2596 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) C:\WINDOWS\system32\DRIVERS\klif.sys
03:03:41.0546 2596 KLIF - ok
03:03:41.0703 2596 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
03:03:41.0812 2596 klim5 - ok
03:03:41.0984 2596 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
03:03:42.0234 2596 klmouflt - ok
03:03:43.0234 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:03:43.0515 2596 kmixer - ok
03:03:43.0671 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:03:43.0781 2596 KSecDD - ok
03:03:43.0937 2596 lbrtfdc - ok
03:03:44.0140 2596 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
03:03:44.0453 2596 ltmodem5 - ok
03:03:44.0656 2596 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
03:03:44.0734 2596 MBAMProtector - ok
03:03:44.0859 2596 MBAMSwissArmy - ok
03:03:45.0031 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:03:45.0468 2596 mnmdd - ok
03:03:46.0031 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:03:46.0968 2596 Modem - ok
03:03:47.0171 2596 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
03:03:47.0453 2596 MODEMCSA - ok
03:03:47.0609 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:03:47.0906 2596 Mouclass - ok
03:03:48.0187 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:03:48.0468 2596 mouhid - ok
03:03:48.0625 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:03:48.0906 2596 MountMgr - ok
03:03:49.0046 2596 mraid35x - ok
03:03:49.0218 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:03:49.0515 2596 MRxDAV - ok
03:03:49.0718 2596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:03:49.0828 2596 MRxSmb - ok
03:03:50.0000 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:03:50.0468 2596 Msfs - ok
03:03:50.0656 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:03:50.0953 2596 MSKSSRV - ok
03:03:51.0109 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:03:51.0515 2596 MSPCLOCK - ok
03:03:51.0671 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:03:52.0109 2596 MSPQM - ok
03:03:52.0296 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:03:52.0687 2596 mssmbios - ok
03:03:52.0906 2596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:03:53.0015 2596 Mup - ok
03:03:53.0250 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:03:53.0578 2596 NDIS - ok
03:03:53.0781 2596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:03:53.0859 2596 NdisTapi - ok
03:03:54.0031 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:03:54.0312 2596 Ndisuio - ok
03:03:54.0515 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:03:54.0812 2596 NdisWan - ok
03:03:55.0031 2596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:03:55.0140 2596 NDProxy - ok
03:03:55.0375 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:03:55.0656 2596 NetBIOS - ok
03:03:55.0859 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:03:56.0328 2596 NetBT - ok
03:03:56.0515 2596 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
03:03:56.0906 2596 nmwcd - ok
03:03:57.0062 2596 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
03:03:57.0296 2596 nmwcdc - ok
03:03:57.0468 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:03:57.0843 2596 Npfs - ok
03:03:58.0031 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:03:58.0328 2596 Ntfs - ok
03:03:58.0500 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:03:58.0796 2596 Null - ok
03:03:58.0953 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:03:59.0250 2596 NwlnkFlt - ok
03:03:59.0421 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:03:59.0734 2596 NwlnkFwd - ok
03:03:59.0906 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
03:04:00.0203 2596 Parport - ok
03:04:00.0421 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:04:00.0687 2596 PartMgr - ok
03:04:00.0859 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:04:01.0281 2596 ParVdm - ok
03:04:01.0468 2596 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
03:04:01.0562 2596 pccsmcfd - ok
03:04:01.0718 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:04:02.0000 2596 PCI - ok
03:04:02.0156 2596 PCIDump - ok
03:04:02.0328 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
03:04:02.0609 2596 PCIIde - ok
03:04:02.0765 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:04:03.0078 2596 Pcmcia - ok
03:04:03.0187 2596 PDCOMP - ok
03:04:03.0343 2596 PDFRAME - ok
03:04:03.0484 2596 PDRELI - ok
03:04:03.0656 2596 PDRFRAME - ok
03:04:03.0781 2596 perc2 - ok
03:04:03.0906 2596 perc2hib - ok
03:04:04.0140 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:04:04.0437 2596 PptpMiniport - ok
03:04:04.0796 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:04:05.0078 2596 PSched - ok
03:04:05.0296 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:04:05.0656 2596 Ptilink - ok
03:04:05.0796 2596 ql1080 - ok
03:04:05.0921 2596 Ql10wnt - ok
03:04:06.0046 2596 ql12160 - ok
03:04:06.0203 2596 ql1240 - ok
03:04:06.0359 2596 ql1280 - ok
03:04:06.0500 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:04:06.0984 2596 RasAcd - ok
03:04:07.0187 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:04:07.0546 2596 Rasl2tp - ok
03:04:07.0734 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:04:08.0078 2596 RasPppoe - ok
03:04:08.0265 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:04:08.0546 2596 Raspti - ok
03:04:08.0750 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:04:09.0062 2596 Rdbss - ok
03:04:09.0250 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:04:09.0531 2596 RDPCDD - ok
03:04:09.0734 2596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:04:10.0250 2596 rdpdr - ok
03:04:10.0437 2596 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
03:04:10.0515 2596 RDPWD - ok
03:04:10.0718 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:04:11.0296 2596 redbook - ok
03:04:11.0546 2596 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
03:04:11.0812 2596 rtl8139 - ok
03:04:12.0046 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:04:12.0437 2596 Secdrv - ok
03:04:12.0656 2596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:04:12.0953 2596 serenum - ok
03:04:13.0140 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:04:13.0453 2596 Serial - ok
03:04:13.0656 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:04:14.0015 2596 Sfloppy - ok
03:04:14.0203 2596 Simbad - ok
03:04:14.0390 2596 Sparrow - ok
03:04:14.0562 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:04:14.0859 2596 splitter - ok
03:04:15.0062 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:04:15.0406 2596 sr - ok
03:04:15.0625 2596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:04:15.0734 2596 Srv - ok
03:04:16.0015 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:04:16.0546 2596 swenum - ok
03:04:17.0343 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:04:17.0671 2596 swmidi - ok
03:04:17.0812 2596 symc810 - ok
03:04:17.0937 2596 symc8xx - ok
03:04:18.0093 2596 sym_hi - ok
03:04:18.0218 2596 sym_u3 - ok
03:04:18.0390 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:04:18.0671 2596 sysaudio - ok
03:04:18.0875 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:04:19.0000 2596 Tcpip - ok
03:04:19.0171 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:04:19.0468 2596 TDPIPE - ok
03:04:19.0640 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:04:20.0203 2596 TDTCP - ok
03:04:20.0484 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:04:20.0734 2596 TermDD - ok
03:04:20.0890 2596 TosIde - ok
03:04:21.0078 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:04:21.0609 2596 Udfs - ok
03:04:21.0750 2596 ultra - ok
03:04:21.0953 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:04:22.0312 2596 Update - ok
03:04:22.0500 2596 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
03:04:22.0687 2596 upperdev - ok
03:04:22.0875 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:04:23.0156 2596 usbehci - ok
03:04:23.0359 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:04:23.0687 2596 usbhub - ok
03:04:23.0906 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:04:24.0156 2596 usbscan - ok
03:04:24.0328 2596 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
03:04:24.0593 2596 usbser - ok
03:04:24.0796 2596 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
03:04:24.0984 2596 UsbserFilt - ok
03:04:25.0187 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:04:25.0468 2596 USBSTOR - ok
03:04:25.0656 2596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:04:25.0890 2596 usbuhci - ok
03:04:26.0265 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:04:26.0531 2596 VgaSave - ok
03:04:26.0687 2596 ViaIde - ok
03:04:26.0859 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:04:27.0109 2596 VolSnap - ok
03:04:27.0359 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:04:27.0609 2596 Wanarp - ok
03:04:27.0828 2596 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
03:04:27.0921 2596 Wdf01000 - ok
03:04:28.0109 2596 WDICA - ok
03:04:28.0296 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:04:28.0546 2596 wdmaud - ok
03:04:28.0921 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:04:29.0093 2596 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
03:04:29.0093 2596 \Device\Harddisk0\DR0 - detected TDSS File System (1)
03:04:29.0156 2596 Boot (0x1200) (51658841ac408ef597134c5ed9156187) \Device\Harddisk0\DR0\Partition0
03:04:29.0156 2596 \Device\Harddisk0\DR0\Partition0 - ok
03:04:29.0187 2596 Boot (0x1200) (69083752f7deed30df8b707b3dee0cf0) \Device\Harddisk0\DR0\Partition1
03:04:29.0187 2596 \Device\Harddisk0\DR0\Partition1 - ok
03:04:29.0250 2596 Boot (0x1200) (7995ce1697dfc30719b5d0ec226c9be5) \Device\Harddisk0\DR0\Partition2
03:04:29.0250 2596 \Device\Harddisk0\DR0\Partition2 - ok
03:04:29.0250 2596 ============================================================
03:04:29.0250 2596 Scan finished
03:04:29.0250 2596 ============================================================
03:04:29.0437 0212 Detected object count: 1
03:04:29.0437 0212 Actual detected object count: 1
03:04:53.0359 0212 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
03:04:53.0359 0212 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Download aswMBR from Here

If aswMBR prompts to update during its routine, please allow it..

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below



    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop.


  • Copy and paste the contents of aswMBR.txt back here for review
  • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Kevin
 

Aizaz

Thread Starter
Joined
Dec 8, 2011
Messages
14
Thanks for help. . . Here is "aswMBR.txt" content. . . MBR.dat is also attached below.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-08 05:58:41
-----------------------------
05:58:41.093 OS Version: Windows 5.1.2600 Service Pack 3
05:58:41.093 Number of processors: 1 586 0x409
05:58:41.093 ComputerName: CT UserName:
05:58:50.796 Initialize success
06:43:54.812 AVAST engine defs: 11120800
06:46:07.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:46:07.125 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
06:46:09.171 Disk 0 MBR read successfully
06:46:09.203 Disk 0 MBR scan
06:46:09.328 Disk 0 Windows XP default MBR code
06:46:09.359 Disk 0 scanning sectors +156280320
06:46:09.515 Disk 0 scanning C:\WINDOWS\system32\drivers
06:46:32.171 Service scanning
06:46:34.625 Modules scanning
06:46:52.343 Disk 0 trace - called modules:
06:46:52.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
06:46:52.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x897ffab8]
06:46:52.375 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005e[0x89843f18]
06:46:52.375 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8980e940]
06:46:52.906 AVAST engine scan C:\WINDOWS
06:47:08.265 AVAST engine scan C:\WINDOWS\system32
06:50:27.875 AVAST engine scan C:\WINDOWS\system32\drivers
06:51:02.234 AVAST engine scan C:\Documents and Settings\Aizaz
06:52:34.031 AVAST engine scan C:\Documents and Settings\All Users
06:56:45.656 Scan finished successfully
08:19:55.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aizaz\Desktop\MBR.dat"
08:19:56.046 The log file has been saved successfully to "C:\Documents and Settings\Aizaz\Desktop\aswMBR.txt"
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Still nothing definite, OK do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

Aizaz

Thread Starter
Joined
Dec 8, 2011
Messages
14
Here is the log. . . Sorry for late reply as I am too busy in my studies.

ComboFix 11-12-09.02 - Aizaz 12/09/2011 8:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1263.787 [GMT -8:00]
Running from: c:\documents and settings\Aizaz\Desktop\ComboFix.exe
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\alcrmv.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\WindowsUpdate.log
d:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
e:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-01 17:02 . 2011-12-01 17:02 -------- d-----w- C:\Rbackup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 07:06 . 2004-08-03 20:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 19:41 . 2011-09-26 19:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 19:41 . 2001-08-23 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 19:41 . 2001-08-23 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-21 04:21 . 2011-12-01 17:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-06 02:04 . 2011-12-02 15:26 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 06:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"="c:\program files\RunMe\VisualTaskTips\VisualTaskTips.exe" [2007-09-06 36352]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-11-30 642424]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]
.
c:\documents and settings\Aizaz\Start Menu\Programs\Startup\
UberIcon.lnk - c:\program files\Materx\UberIcon\UberIcon Manager.exe [2011-11-30 180224]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [12/6/2011 1:58 AM 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [12/6/2011 1:59 AM 39352]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/14/2011 5:39 AM 101616]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [12/21/2009 5:34 PM 743992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/1/2011 6:27 AM 366152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/1/2011 6:27 AM 22216]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=GRchr999&ptb=rEILvRdHwYobowOTH_PFIA&si=´B~#C~
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Aizaz\Application Data\Mozilla\Firefox\Profiles\dghwpcm3.default\
FF - prefs.js: browser.search.selectedEngine - Google COM
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-09 07:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0c,5d,3b,3c,8e,5a,ce,8a,2e,50,5c,7d,c4,8a,10,13,7a,7c,dd,15,00,
3f,e0,21,8d,84,77,90,b2,c8,f7,dd,ef,ac,01,53,98,db,53,a0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a1dd409e-157c-41a0-97c1-85761f628ade}]
@Denied: (Full) (Everyone)
"Model"=dword:00000156
"Therad"=dword:00000009
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3444)
c:\program files\Materx\UberIcon\UberIcon.dll
c:\program files\RunMe\VisualTaskTips\VttHooks.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-09 07:42:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-09 15:42
.
Pre-Run: 12,566,405,120 bytes free
Post-Run: 12,905,119,744 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6341DDC005C588C1BD9E8BCAAF0E6B25
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Please refrain from posting the logs in code or quote boxes, it make it very hard to read them. Do the following:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
DDS::
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=GRchr999&ptb=rEILvRdHwYobowOTH_PFIA&si=´B~#C ~
ClearJavaCache::
Killall::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a1dd409e-157c-41a0-97c1-85761f628ade}]
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Post those two logs and give update current issues,

Kevin
 

Aizaz

Thread Starter
Joined
Dec 8, 2011
Messages
14
Step one log:
ComboFix 11-12-10.01 - Aizaz 12/10/2011 1:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1263.972 [GMT -8:00]
Running from: c:\documents and settings\Aizaz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aizaz\Desktop\CFScript.txt
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-01 17:02 . 2011-12-01 17:02 -------- d-----w- C:\Rbackup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 07:06 . 2004-08-03 20:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 19:41 . 2011-09-26 19:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 19:41 . 2001-08-23 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 19:41 . 2001-08-23 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-21 04:21 . 2011-12-01 17:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-06 02:04 . 2011-12-02 15:26 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( [email protected]_15.38.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 10:00 . 2011-12-06 13:22 40196 c:\windows\system32\perfc009.dat
+ 2001-08-23 10:00 . 2011-12-09 15:41 40196 c:\windows\system32\perfc009.dat
+ 2001-08-23 10:00 . 2011-12-09 15:41 311934 c:\windows\system32\perfh009.dat
- 2001-08-23 10:00 . 2011-12-06 13:22 311934 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 06:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"="c:\program files\RunMe\VisualTaskTips\VisualTaskTips.exe" [2007-09-06 36352]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-11-30 642424]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]
.
c:\documents and settings\Aizaz\Start Menu\Programs\Startup\
UberIcon.lnk - c:\program files\Materx\UberIcon\UberIcon Manager.exe [2011-11-30 180224]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [12/6/2011 1:58 AM 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [12/6/2011 1:59 AM 39352]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/14/2011 5:39 AM 101616]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [12/21/2009 5:34 PM 743992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/1/2011 6:27 AM 366152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/1/2011 6:27 AM 22216]
.
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Aizaz\Application Data\Mozilla\Firefox\Profiles\dghwpcm3.default\
FF - prefs.js: browser.search.selectedEngine - Google COM
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 01:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2208)
c:\program files\Materx\UberIcon\UberIcon.dll
c:\program files\RunMe\VisualTaskTips\VttHooks.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2011-12-10 01:59:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 09:59
ComboFix2.txt 2011-12-09 15:42
.
Pre-Run: 12,813,627,392 bytes free
Post-Run: 12,804,800,512 bytes free
.
- - End Of File - - A591C66112BC6D6F9BD013CA49390880
 

Aizaz

Thread Starter
Joined
Dec 8, 2011
Messages
14
ESET Log

C:\Documents and Settings\Aizaz\My Documents\Downloads\BestUninstallTool_Setup.exe a variant of Win32/PerfectUninstaller application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000029.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000030.DLL Win32/Adware.FunWeb application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000031.DLL Win32/Adware.FunWeb application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000032.DLL Win32/Toolbar.MyWebSearch.G application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000033.DLL Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000034.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000035.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000036.DLL Win32/Adware.FunWeb application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000037.SCR Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000038.DLL Win32/Toolbar.MyWebSearch.G application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000039.DLL Win32/Toolbar.MyWebSearch.D application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000040.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000041.EXE Win32/Adware.FunWeb application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000042.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000043.DLL Win32/FunWeb application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000044.DLL Win32/Toolbar.MyWebSearch.H application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000045.DLL Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000047.DLL Win32/Toolbar.MyWebSearch.F application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000048.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000049.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000050.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000052.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000053.DLL Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000054.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000055.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000056.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000057.EXE Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000058.DLL Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000059.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000060.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000061.DLL Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000062.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000063.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{280BC8C5-1E07-435D-BF7A-01A9E5A20C46}\RP1\A0000072.scr Win32/Toolbar.MyWebSearch application
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Continue as follows please, dont worry about the Qoobox entries, they are safe and will be dealt with when we uninstall Combofix.

Step 1

Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Aizaz\My Documents\Downloads\BestUninstallTool_Setup.exe
    :Commands
    [ClearAllRestorePoints]
    [EmptyTemp]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Let me see the following in your reply :-

  • Log from OTM
  • DDS.txt
  • Attach.txt

Also give update on current issues/concerns...

Kevin
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Apologies, got my threads mixed up. Fix is the same I just missed start of OTM off... as follows please:

Step 1

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------
    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Aizaz\My Documents\Downloads\BestUninstallTool_Setup.exe
    :Commands
    [ClearAllRestorePoints]
    [EmptyTemp]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Step 2

Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Let me see the following in your reply :-

  • Log from OTM
  • DDS.txt
  • Attach.txt

Also give update on current issues/concerns...

Kevin
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top