Jump to content

Recommended Posts

Anyone come across this: http://partner12.mydomainadvisor.com/search.php

When using google chrome for the past 3 days I get an error message saying google can't be found, and I am redirected to this particular website. It happens when I'm on youtube as well, and sporadically going through other sites as well. Any ideas on what to do?

Bumping this thread so it doesn't get lost in the shuffle

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Thanks for your reply:

This is what I have for as per request:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4842

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

5/15/2011 1:44:34 PM

mbam-log-2011-05-15 (13-44-34).txt

Scan type: Quick scan

Objects scanned: 141676

Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Jon at 13:45:45.22 on Sun 05/15/2011

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24

Microsoft

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

When you bump your topic, you go to the bottom of my reply list. Your repeated bumping made me miss your response multiple times. Please don't bump in the future.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Thanks again for getting back to me. Much appreciated. I did as you suggested.

First log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Seems kind of a small log to me, did I do something wrong?

Results of screen317's Security Check version 0.99.11

Windows Vista (UAC is enabled)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

McAfee Security Scan

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 24

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.0.45.2

Adobe Reader X (10.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSASCui.exe

Windows Defender MSASCui.exe

TRENDM~1 INTERN~1 PccGuide.exe

``````````End of Log````````````

Link to post
Share on other sites

I am still infected with this redirect virus as of right now. Was what you told me to do last night supposed to get rid of the virus, or is it just another step, and you have more things I need to do. Seems as if the infection keeps getting worse. Right now I basically have to keep cleaning out my browser history and cache every time I search for a new website etc. It's a time killer and a complete pain in the ass. I'm getting close to reformatting my hard drive. I just can't believe this thing doesn't have a fix, there has got to be others out there suffering my same problem.

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Then grab a fresh copy of ComboFix, run it, and post its log.

Link to post
Share on other sites

2011/05/27 12:38:16.0540 5160 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/05/27 12:38:16.0949 5160 ================================================================================

2011/05/27 12:38:16.0950 5160 SystemInfo:

2011/05/27 12:38:16.0950 5160

2011/05/27 12:38:16.0950 5160 OS Version: 6.0.6002 ServicePack: 2.0

2011/05/27 12:38:16.0950 5160 Product type: Workstation

2011/05/27 12:38:16.0950 5160 ComputerName: JON-PC

2011/05/27 12:38:16.0950 5160 UserName: Jon

2011/05/27 12:38:16.0950 5160 Windows directory: C:\Windows

2011/05/27 12:38:16.0950 5160 System windows directory: C:\Windows

2011/05/27 12:38:16.0950 5160 Running under WOW64

2011/05/27 12:38:16.0950 5160 Processor architecture: Intel x64

2011/05/27 12:38:16.0950 5160 Number of processors: 2

2011/05/27 12:38:16.0950 5160 Page size: 0x1000

2011/05/27 12:38:16.0950 5160 Boot type: Normal boot

2011/05/27 12:38:16.0950 5160 ================================================================================

2011/05/27 12:38:18.0291 5160 Initialize success

2011/05/27 12:38:45.0380 5520 ================================================================================

2011/05/27 12:38:45.0380 5520 Scan started

2011/05/27 12:38:45.0380 5520 Mode: Manual;

2011/05/27 12:38:45.0380 5520 ================================================================================

2011/05/27 12:38:45.0970 5520 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2011/05/27 12:38:46.0035 5520 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2011/05/27 12:38:46.0097 5520 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2011/05/27 12:38:46.0141 5520 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2011/05/27 12:38:46.0188 5520 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2011/05/27 12:38:46.0276 5520 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2011/05/27 12:38:46.0338 5520 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2011/05/27 12:38:46.0372 5520 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2011/05/27 12:38:46.0425 5520 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

2011/05/27 12:38:46.0453 5520 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2011/05/27 12:38:46.0478 5520 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2011/05/27 12:38:46.0540 5520 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2011/05/27 12:38:46.0574 5520 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2011/05/27 12:38:46.0626 5520 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/27 12:38:46.0658 5520 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

2011/05/27 12:38:46.0762 5520 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2011/05/27 12:38:46.0826 5520 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/27 12:38:46.0863 5520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2011/05/27 12:38:46.0893 5520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2011/05/27 12:38:46.0932 5520 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2011/05/27 12:38:46.0965 5520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2011/05/27 12:38:46.0995 5520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2011/05/27 12:38:47.0023 5520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2011/05/27 12:38:47.0060 5520 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2011/05/27 12:38:47.0145 5520 CAXHWBS2 (84e556e7f7c00c22e300d78200fc6c44) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

2011/05/27 12:38:47.0195 5520 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/27 12:38:47.0237 5520 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/27 12:38:47.0271 5520 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2011/05/27 12:38:47.0317 5520 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2011/05/27 12:38:47.0378 5520 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2011/05/27 12:38:47.0412 5520 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

2011/05/27 12:38:47.0442 5520 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2011/05/27 12:38:47.0495 5520 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2011/05/27 12:38:47.0540 5520 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2011/05/27 12:38:47.0598 5520 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2011/05/27 12:38:47.0644 5520 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/27 12:38:47.0748 5520 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys

2011/05/27 12:38:47.0794 5520 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2011/05/27 12:38:47.0860 5520 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2011/05/27 12:38:47.0932 5520 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2011/05/27 12:38:47.0996 5520 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2011/05/27 12:38:48.0063 5520 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2011/05/27 12:38:48.0113 5520 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2011/05/27 12:38:48.0169 5520 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/27 12:38:48.0221 5520 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2011/05/27 12:38:48.0248 5520 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2011/05/27 12:38:48.0283 5520 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/27 12:38:48.0328 5520 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2011/05/27 12:38:48.0394 5520 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/27 12:38:48.0428 5520 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2011/05/27 12:38:48.0529 5520 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/27 12:38:48.0584 5520 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2011/05/27 12:38:48.0611 5520 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2011/05/27 12:38:48.0657 5520 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/27 12:38:48.0715 5520 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2011/05/27 12:38:48.0788 5520 HSF_DPV (8774d021a3fffe44150f8510381deee6) C:\Windows\system32\DRIVERS\CAX_DPV.sys

2011/05/27 12:38:48.0916 5520 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2011/05/27 12:38:48.0967 5520 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2011/05/27 12:38:49.0005 5520 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/27 12:38:49.0061 5520 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2011/05/27 12:38:49.0234 5520 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/05/27 12:38:49.0466 5520 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2011/05/27 12:38:49.0543 5520 IntcAzAudAddService (04c6489a44e340574daae64a6062541c) C:\Windows\system32\drivers\RTKVHD64.sys

2011/05/27 12:38:49.0621 5520 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2011/05/27 12:38:49.0654 5520 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/27 12:38:49.0717 5520 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/27 12:38:49.0778 5520 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2011/05/27 12:38:49.0810 5520 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2011/05/27 12:38:49.0843 5520 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2011/05/27 12:38:49.0880 5520 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2011/05/27 12:38:49.0921 5520 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/27 12:38:49.0967 5520 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2011/05/27 12:38:50.0102 5520 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2011/05/27 12:38:50.0170 5520 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/27 12:38:50.0208 5520 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/27 12:38:50.0260 5520 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/27 12:38:50.0295 5520 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2011/05/27 12:38:50.0347 5520 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/27 12:38:50.0404 5520 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2011/05/27 12:38:50.0448 5520 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2011/05/27 12:38:50.0508 5520 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2011/05/27 12:38:50.0537 5520 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2011/05/27 12:38:50.0608 5520 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/05/27 12:38:50.0639 5520 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2011/05/27 12:38:50.0683 5520 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2011/05/27 12:38:50.0747 5520 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2011/05/27 12:38:50.0774 5520 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/27 12:38:50.0807 5520 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/27 12:38:50.0853 5520 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/27 12:38:50.0878 5520 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2011/05/27 12:38:50.0914 5520 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2011/05/27 12:38:50.0948 5520 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/27 12:38:50.0990 5520 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2011/05/27 12:38:51.0036 5520 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2011/05/27 12:38:51.0097 5520 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/27 12:38:51.0165 5520 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/27 12:38:51.0196 5520 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/27 12:38:51.0234 5520 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys

2011/05/27 12:38:51.0273 5520 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2011/05/27 12:38:51.0327 5520 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2011/05/27 12:38:51.0349 5520 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2011/05/27 12:38:51.0390 5520 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/27 12:38:51.0420 5520 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/27 12:38:51.0455 5520 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2011/05/27 12:38:51.0497 5520 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2011/05/27 12:38:51.0554 5520 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/27 12:38:51.0577 5520 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2011/05/27 12:38:51.0611 5520 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2011/05/27 12:38:51.0681 5520 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/27 12:38:51.0738 5520 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2011/05/27 12:38:51.0778 5520 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/27 12:38:51.0813 5520 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/27 12:38:51.0849 5520 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/27 12:38:51.0883 5520 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2011/05/27 12:38:51.0914 5520 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/27 12:38:51.0962 5520 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/27 12:38:52.0038 5520 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2011/05/27 12:38:52.0086 5520 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2011/05/27 12:38:52.0125 5520 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/27 12:38:52.0194 5520 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2011/05/27 12:38:52.0271 5520 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2011/05/27 12:38:52.0308 5520 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2011/05/27 12:38:52.0339 5520 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2011/05/27 12:38:52.0378 5520 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2011/05/27 12:38:52.0463 5520 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

2011/05/27 12:38:52.0503 5520 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2011/05/27 12:38:52.0538 5520 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2011/05/27 12:38:52.0595 5520 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2011/05/27 12:38:52.0645 5520 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

2011/05/27 12:38:52.0678 5520 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2011/05/27 12:38:52.0717 5520 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2011/05/27 12:38:52.0847 5520 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/27 12:38:52.0889 5520 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2011/05/27 12:38:52.0956 5520 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/27 12:38:53.0003 5520 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/05/27 12:38:53.0074 5520 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2011/05/27 12:38:53.0163 5520 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2011/05/27 12:38:53.0201 5520 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/27 12:38:53.0296 5520 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/27 12:38:53.0390 5520 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/27 12:38:53.0439 5520 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/27 12:38:53.0494 5520 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/27 12:38:53.0545 5520 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/27 12:38:53.0596 5520 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/27 12:38:53.0638 5520 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/27 12:38:53.0686 5520 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2011/05/27 12:38:53.0718 5520 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/27 12:38:53.0765 5520 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2011/05/27 12:38:53.0844 5520 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/27 12:38:53.0981 5520 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2011/05/27 12:38:54.0055 5520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/05/27 12:38:54.0108 5520 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2011/05/27 12:38:54.0144 5520 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2011/05/27 12:38:54.0176 5520 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2011/05/27 12:38:54.0233 5520 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2011/05/27 12:38:54.0278 5520 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2011/05/27 12:38:54.0319 5520 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2011/05/27 12:38:54.0349 5520 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2011/05/27 12:38:54.0393 5520 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2011/05/27 12:38:54.0425 5520 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2011/05/27 12:38:54.0479 5520 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2011/05/27 12:38:54.0544 5520 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2011/05/27 12:38:54.0635 5520 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

2011/05/27 12:38:54.0711 5520 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/27 12:38:54.0750 5520 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/27 12:38:54.0802 5520 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/27 12:38:54.0834 5520 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2011/05/27 12:38:54.0855 5520 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2011/05/27 12:38:54.0887 5520 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2011/05/27 12:38:54.0994 5520 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2011/05/27 12:38:55.0102 5520 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/27 12:38:55.0181 5520 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/27 12:38:55.0219 5520 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2011/05/27 12:38:55.0247 5520 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2011/05/27 12:38:55.0291 5520 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/27 12:38:55.0337 5520 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/27 12:38:55.0414 5520 tmcfw (c23888cc24f4ab8a5f5b635702b12875) C:\Windows\system32\DRIVERS\TM_CFW.sys

2011/05/27 12:38:55.0469 5520 tmpreflt (e5963107d6d25a74e37d72724e91b6de) C:\Windows\system32\DRIVERS\tmpreflt.sys

2011/05/27 12:38:55.0540 5520 tmtdi (8696c63e6b08cc0ea720dd7a15ba4eab) C:\Windows\system32\DRIVERS\tmtdi.sys

2011/05/27 12:38:55.0574 5520 Tmxpflt (06e4f3dfeb1aafc691d225c83a3662ec) C:\Windows\system32\drivers\TmXPFlt.sys

2011/05/27 12:38:55.0652 5520 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/27 12:38:55.0692 5520 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2011/05/27 12:38:55.0754 5520 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/27 12:38:55.0787 5520 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2011/05/27 12:38:55.0834 5520 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/27 12:38:55.0923 5520 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2011/05/27 12:38:55.0963 5520 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2011/05/27 12:38:56.0016 5520 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2011/05/27 12:38:56.0065 5520 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2011/05/27 12:38:56.0113 5520 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/27 12:38:56.0174 5520 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/27 12:38:56.0215 5520 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2011/05/27 12:38:56.0257 5520 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/27 12:38:56.0302 5520 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/27 12:38:56.0353 5520 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2011/05/27 12:38:56.0393 5520 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/27 12:38:56.0463 5520 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

2011/05/27 12:38:56.0507 5520 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/05/27 12:38:56.0530 5520 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/27 12:38:56.0583 5520 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/27 12:38:56.0618 5520 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2011/05/27 12:38:56.0650 5520 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2011/05/27 12:38:56.0686 5520 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2011/05/27 12:38:56.0745 5520 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2011/05/27 12:38:56.0815 5520 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2011/05/27 12:38:56.0880 5520 vsapint (39e8e95ea1ed20d304ee246ab1e7d4ac) C:\Windows\system32\DRIVERS\vsapint.sys

2011/05/27 12:38:56.0981 5520 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2011/05/27 12:38:57.0046 5520 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2011/05/27 12:38:57.0090 5520 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/27 12:38:57.0115 5520 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/27 12:38:57.0182 5520 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2011/05/27 12:38:57.0233 5520 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/27 12:38:57.0387 5520 winachsf (47e8fe123d0a99dc0e172f89425b9342) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

2011/05/27 12:38:57.0506 5520 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

2011/05/27 12:38:57.0586 5520 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/27 12:38:57.0653 5520 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/27 12:38:57.0688 5520 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys

2011/05/27 12:38:57.0752 5520 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

2011/05/27 12:38:57.0789 5520 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

2011/05/27 12:38:57.0798 5520 ================================================================================

2011/05/27 12:38:57.0798 5520 Scan finished

2011/05/27 12:38:57.0798 5520 ================================================================================

2011/05/27 12:38:57.0816 3748 Detected object count: 0

2011/05/27 12:38:57.0816 3748 Actual detected object count: 0

combofix 5-27 log.txt

Link to post
Share on other sites

If you look about 25 lines down on the combofix log there is something called 2011-05-09 00:30 . 2011-05-09 00:30 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

Is this the root of my whole problem? If so it is obviously still there.

Link to post
Share on other sites

  • Staff

These all appear to be related:

2011-05-09 00:31 . 2011-05-09 00:32 -------- d-----w- c:\users\Jon\Shared

2011-05-09 00:30 . 2011-05-09 00:30 -------- d-----w- c:\users\Jon\AppData\Local\adrevmedia

2011-05-09 00:30 . 2011-05-09 00:30 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

2011-05-09 00:30 . 2011-05-09 02:29 -------- d-----w- c:\users\Jon\AppData\Roaming\ZiggyTV

2011-05-09 00:30 . 2011-05-09 00:31 -------- d-----w- c:\program files (x86)\ZiggyTV

Looks like ZiggyTV brought in some malware.

Uninstall ZiggyTV, and delete the above 5 folders. Reboot and see if the redirections persist.

Link to post
Share on other sites

Thanks for all your help. My system seems to be working smoothly again. If any issues arise I'll send a message. I appreciate the time you took to help me solve this issue. It sure was an annoying problem to say the least. There is virtually almost nothing on the web about this virus. At least now I can go around and spread the answer to this problem when and where I see it being asked. I had another tech guy said the only way I would disinfect was to reformat, and I thought that seemed like a cop out to me. I didn't believe him, and I'm glad. Thanks for sticking with me here. If I ever have an issue I can't solve again I will be back.

grey74

Link to post
Share on other sites

  • Staff

Glad to hear it!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.