Jump to content

redirected links


Recommended Posts

This just started yesterday, did a google search and clicked on one of the links. My expired Webroots Spysweeper + Antivirus opened a popup warning that the website was blocked etc. The location for the page that tried to open had the error message warning that the server could not be found. "google.ad.sgdoubleclick.net."

I downloaded MBAM, updated, and ran quick scan. It showed two infections, and I allowed the reboot.

After the reboot, I ran the quick scan again. Showed all clear, but still got the redirect.

First log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6788

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

6/6/2011 11:16:59 AM

mbam-log-2011-06-06 (11-16-59).txt

Scan type: Quick scan

Objects scanned: 152147

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\otufuyipidu.dll (Trojan.Hiloti) -> Delete on reboot.

c:\WINDOWS\msvdeA.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hqefudivosogike (Trojan.Hiloti) -> Value: Hqefudivosogike -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bvaduyokuyepe (Trojan.Hiloti) -> Value: Bvaduyokuyepe -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\otufuyipidu.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\WINDOWS\msvdeA.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\9NA726NT\mvldtxhu[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\9NA726NT\z_srsdaj[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

*******************************************************

Second log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6788

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

6/6/2011 3:09:55 PM

mbam-log-2011-06-06 (15-09-55).txt

Scan type: Quick scan

Objects scanned: 152518

Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I did a little searching, then downloaded and ran Avira Anti-virus Personal free version.

It showed two events, not sure how to get a log but I exported the events to Notepad.

I am NOT tech savvy, hope someone can help out here. thanks

Exported events:

6/6/2011 2:35 PM [scanner] Malware found

The file 'C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir'

contained a virus or unwanted program 'TR/Script.212078' [trojan]

Action(s) taken:

The file was moved to the quarantine directory under the name '4969ec12.qua'.

6/6/2011 2:35 PM [scanner] Malware found

The file 'C:\Qoobox\Quarantine\C\WINDOWS\system32\wispex.html.vir'

contained a virus or unwanted program 'TR/Script.212078' [trojan]

Action(s) taken:

The file was moved to the quarantine directory under the name '51fec3b6.qua'.

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

I did try several times to run DDS, as I saw it was requested in other similar threads. It would run for about a minute, then the clock would stop, the computer would freeze, and I would eventually have to power off and on just to get rid of it.

After reading your reply, I ran ATF Cleaner, GooredFix, and TDSSKiller. Logs attached. I did try a couple of Google searches, no redirect on the links I tried so far. Pages seem to be loading much quicker now. I have recently been having problems with Firefox hanging, at the very top of the screen it will show the page title stuff and (Not Responding) with a turning hour-glass cursor - hopefully this might help with that also ?

GooredFix by jpshortstuff (03.07.10.1)

Log created at 15:32 on 08/06/2011 (Owner)

Firefox version 3.6.17 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{6E7ACF9C-E609-4B09-AEE7-9F188B478F49} -> Success!

Deleting C:\Documents and Settings\Owner\Local Settings\Application Data\{6E7ACF9C-E609-4B09-AEE7-9F188B478F49} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:32 15/05/2009]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fc1x9nmt.default\extensions\

{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [03:43 18/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

(none)

-=E.O.F=-

2011/06/08 15:35:53.0890 3192 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48

2011/06/08 15:35:54.0421 3192 ================================================================================

2011/06/08 15:35:54.0421 3192 SystemInfo:

2011/06/08 15:35:54.0421 3192

2011/06/08 15:35:54.0421 3192 OS Version: 5.1.2600 ServicePack: 2.0

2011/06/08 15:35:54.0421 3192 Product type: Workstation

2011/06/08 15:35:54.0421 3192 ComputerName: LAPTOP

2011/06/08 15:35:54.0421 3192 UserName: Owner

2011/06/08 15:35:54.0421 3192 Windows directory: C:\WINDOWS

2011/06/08 15:35:54.0421 3192 System windows directory: C:\WINDOWS

2011/06/08 15:35:54.0421 3192 Processor architecture: Intel x86

2011/06/08 15:35:54.0421 3192 Number of processors: 1

2011/06/08 15:35:54.0421 3192 Page size: 0x1000

2011/06/08 15:35:54.0421 3192 Boot type: Normal boot

2011/06/08 15:35:54.0421 3192 ================================================================================

2011/06/08 15:35:56.0484 3192 Initialize success

2011/06/08 15:36:11.0437 3664 ================================================================================

2011/06/08 15:36:11.0437 3664 Scan started

2011/06/08 15:36:11.0437 3664 Mode: Manual;

2011/06/08 15:36:11.0437 3664 ================================================================================

2011/06/08 15:36:12.0031 3664 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/08 15:36:12.0062 3664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/06/08 15:36:12.0203 3664 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/06/08 15:36:12.0281 3664 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/06/08 15:36:12.0390 3664 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/06/08 15:36:12.0515 3664 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/06/08 15:36:12.0984 3664 AR5211 (d07ccc37476034ebf5de4608a8af4386) C:\WINDOWS\system32\DRIVERS\SHP5211.sys

2011/06/08 15:36:13.0046 3664 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/08 15:36:13.0218 3664 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/06/08 15:36:13.0296 3664 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/08 15:36:13.0359 3664 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/08 15:36:13.0500 3664 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/06/08 15:36:13.0750 3664 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/08 15:36:13.0843 3664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/08 15:36:13.0968 3664 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/06/08 15:36:14.0015 3664 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/06/08 15:36:14.0078 3664 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/06/08 15:36:14.0140 3664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/08 15:36:14.0250 3664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/08 15:36:14.0515 3664 CdaC15BA (82c4c6a2343b592c4fd590f625a724a9) C:\WINDOWS\system32\drivers\CDAC15BA.SYS

2011/06/08 15:36:14.0578 3664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/08 15:36:14.0609 3664 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/08 15:36:14.0671 3664 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/08 15:36:14.0796 3664 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/06/08 15:36:14.0875 3664 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/06/08 15:36:15.0046 3664 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/08 15:36:15.0125 3664 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/06/08 15:36:15.0156 3664 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/06/08 15:36:15.0203 3664 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/06/08 15:36:15.0234 3664 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/06/08 15:36:15.0296 3664 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/06/08 15:36:15.0328 3664 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/06/08 15:36:15.0359 3664 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/06/08 15:36:15.0406 3664 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/06/08 15:36:15.0453 3664 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/06/08 15:36:15.0546 3664 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/08 15:36:15.0750 3664 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/08 15:36:15.0828 3664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/08 15:36:15.0906 3664 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/08 15:36:15.0984 3664 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/08 15:36:16.0031 3664 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/06/08 15:36:16.0109 3664 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/06/08 15:36:16.0187 3664 EUSBMSD (3dc945a9abbfb2ecf268eed276e05fec) C:\WINDOWS\system32\DRIVERS\EUSBMSD.SYS

2011/06/08 15:36:16.0281 3664 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/08 15:36:16.0359 3664 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/06/08 15:36:16.0546 3664 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/08 15:36:16.0609 3664 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/08 15:36:16.0703 3664 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/06/08 15:36:16.0734 3664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/08 15:36:16.0796 3664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/08 15:36:16.0859 3664 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/08 15:36:16.0953 3664 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

2011/06/08 15:36:17.0015 3664 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/08 15:36:17.0250 3664 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/08 15:36:17.0390 3664 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/08 15:36:17.0500 3664 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/08 15:36:17.0546 3664 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/08 15:36:17.0953 3664 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/06/08 15:36:18.0468 3664 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/08 15:36:18.0531 3664 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/06/08 15:36:18.0562 3664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/08 15:36:18.0609 3664 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/08 15:36:18.0687 3664 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/08 15:36:18.0734 3664 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/08 15:36:18.0796 3664 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/08 15:36:18.0859 3664 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/08 15:36:18.0906 3664 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/08 15:36:18.0984 3664 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/08 15:36:19.0218 3664 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys

2011/06/08 15:36:19.0265 3664 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/08 15:36:19.0390 3664 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

2011/06/08 15:36:19.0437 3664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/08 15:36:19.0484 3664 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/08 15:36:19.0562 3664 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/08 15:36:19.0671 3664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/08 15:36:19.0703 3664 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/08 15:36:19.0828 3664 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/08 15:36:20.0109 3664 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/08 15:36:20.0156 3664 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/08 15:36:20.0234 3664 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/08 15:36:20.0265 3664 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/08 15:36:20.0312 3664 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/08 15:36:20.0375 3664 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/08 15:36:20.0453 3664 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/08 15:36:20.0500 3664 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/08 15:36:20.0578 3664 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/08 15:36:20.0625 3664 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/08 15:36:20.0718 3664 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/08 15:36:20.0875 3664 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/08 15:36:20.0921 3664 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/08 15:36:20.0984 3664 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/08 15:36:21.0031 3664 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

2011/06/08 15:36:21.0109 3664 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/08 15:36:21.0171 3664 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/08 15:36:21.0265 3664 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/08 15:36:21.0328 3664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/08 15:36:21.0390 3664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/08 15:36:21.0437 3664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/08 15:36:21.0484 3664 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/08 15:36:21.0531 3664 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

2011/06/08 15:36:21.0750 3664 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/08 15:36:21.0812 3664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/08 15:36:21.0843 3664 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/08 15:36:21.0921 3664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/08 15:36:22.0000 3664 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/06/08 15:36:22.0296 3664 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

2011/06/08 15:36:22.0375 3664 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/06/08 15:36:22.0453 3664 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/08 15:36:22.0500 3664 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/08 15:36:22.0546 3664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/08 15:36:22.0578 3664 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/08 15:36:22.0796 3664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/08 15:36:23.0031 3664 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/08 15:36:23.0109 3664 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/08 15:36:23.0140 3664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/08 15:36:23.0234 3664 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/08 15:36:23.0265 3664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/08 15:36:23.0328 3664 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/08 15:36:23.0406 3664 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/08 15:36:23.0484 3664 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2011/06/08 15:36:23.0546 3664 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/06/08 15:36:23.0843 3664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/08 15:36:23.0921 3664 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

2011/06/08 15:36:23.0968 3664 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/08 15:36:24.0031 3664 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

2011/06/08 15:36:24.0093 3664 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/08 15:36:24.0250 3664 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/08 15:36:24.0296 3664 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/08 15:36:24.0578 3664 Srv (7a0111577d8046633d5162a3ce15e9e1) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/08 15:36:24.0656 3664 ssfs0bbc (1097fe3528c825e54c1d52ed8c0eac0f) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys

2011/06/08 15:36:24.0687 3664 sshrmd (e97911c0ac7d26d1a2a782869f264e9e) C:\WINDOWS\system32\DRIVERS\sshrmd.sys

2011/06/08 15:36:24.0765 3664 ssidrv (80997508996f9d2a662502238fbcb1d7) C:\WINDOWS\system32\DRIVERS\ssidrv.sys

2011/06/08 15:36:24.0859 3664 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/06/08 15:36:24.0953 3664 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/08 15:36:25.0046 3664 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/08 15:36:25.0484 3664 SynTP (f6770219b73bd989d5613d2e9c78a227) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/06/08 15:36:25.0546 3664 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/08 15:36:25.0609 3664 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

2011/06/08 15:36:25.0718 3664 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/08 15:36:25.0875 3664 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/08 15:36:26.0031 3664 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/08 15:36:26.0078 3664 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/08 15:36:26.0171 3664 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

2011/06/08 15:36:26.0218 3664 Tvs (12c836c7fe526d7b3239af82e4083be2) C:\WINDOWS\system32\DRIVERS\Tvs.sys

2011/06/08 15:36:26.0281 3664 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/08 15:36:26.0421 3664 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/08 15:36:26.0500 3664 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/08 15:36:26.0640 3664 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/08 15:36:26.0781 3664 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/08 15:36:26.0843 3664 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/06/08 15:36:26.0921 3664 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/08 15:36:27.0000 3664 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/08 15:36:27.0062 3664 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/08 15:36:27.0093 3664 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/06/08 15:36:27.0171 3664 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/08 15:36:27.0343 3664 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/08 15:36:27.0515 3664 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/06/08 15:36:27.0640 3664 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/08 15:36:27.0796 3664 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0

2011/06/08 15:36:27.0937 3664 ================================================================================

2011/06/08 15:36:27.0937 3664 Scan finished

2011/06/08 15:36:27.0937 3664 ================================================================================

2011/06/08 15:36:27.0953 3660 Detected object count: 0

2011/06/08 15:36:27.0953 3660 Actual detected object count: 0

Link to post
Share on other sites

Still can't run DDS. The window with the text opens, it starts adding the #### symbols across the screen, but never even finishes the line. Clock stops and 10 minutes later still no change so power off.

I don't know where to look for script blockers ? IE and Firefox are both set with Java enabled. Would it be something in the Webroot Antivirus with Antispyware ?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6814

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

6/8/2011 4:59:08 PM

mbam-log-2011-06-08 (16-59-08).txt

Scan type: Quick scan

Objects scanned: 153270

Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

You can delete TDSSKiller

Good job thumbup.gif

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.