Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting webpages


  • Please log in to reply
17 replies to this topic

#1 Umayr

Umayr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 22 May 2010 - 03:20 PM

I also am having a problem similar to this. I'm using firefox and getting random tabs popping up and more recently my pages are being automatically redirected to a random page without my permission. I have gotten no infections from Mcafee, malware bytes, adaware and in spybot i got some but getting rid of them simply doesn't solve the problem. I even tried this is safemode with networking. I'm new to this site and need help please!

BC AdBot (Login to Remove)

 


#2 Umayr

Umayr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 23 May 2010 - 12:15 AM

should I be doing this also or is this just for Andy?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 23 May 2010 - 02:10 PM

Actually both I was waiting for the next log from one of you to split the posts into individual topics. As you see the confusion of more than one poster in a topic..

So scan it please :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Umayr

Umayr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 23 May 2010 - 05:30 PM

I'm trying to install superantispyware but it says "the system administrator has set policies to prevent this installation."

any ideas on what to do? This is in Safe mode btw. I'll let you know if it works without safemode which i am about to try.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 23 May 2010 - 05:54 PM

Hello Umayr,I am splitting you to a separate topic.
The system administrator has set policies to prevent this installation

Fix the local security policy.

Open Control Panel and go to Administrative Tools.
In Administrative tools open Local Security Policy.
Then in Local Security Policy right click Software Restriction Policies and click “New Software Rectriction Policy”.
Now Left click on software restriction policies and in the right-hand window you should see enforcement.
Double-click on enforcement and set the policy to apply to “ALL USERS EXCEPT LOCAL ADMINISTRATORS”
Now approve the changes and see if you are now able to install software.

Edited by boopme, 23 May 2010 - 05:55 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Umayr

Umayr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 23 May 2010 - 07:14 PM

hey I got it to work, heres the log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2010 at 06:48 PM

Application Version : 4.37.1000

Core Rules Database Version : 4900
Trace Rules Database Version: 2712

Scan type : Complete Scan
Total Scan Time : 01:04:44

Memory items scanned : 312
Memory threats detected : 0
Registry items scanned : 5573
Registry threats detected : 6
File items scanned : 77381
File threats detected : 103

Adware.Tracking Cookie
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@oasn04.247realmedia[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@snapfish.112.2o7[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ads.bridgetrack[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@videoegg.adbureau[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@yieldmanager[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@imrworldwide[4].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@burstbeacon[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@eyewonder[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@sales.liveperson[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ads.vidsense[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@content.yieldmanager[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@pro-market[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@realmedia[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ads.undertone[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@specificmedia[4].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@msnbc.112.2o7[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ad.wsod[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@revsci[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@cdn4.specificclick[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@adserver.adtechus[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@tribalfusion[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@hitbox[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ads.redorbit[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@cdn.at.atwola[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@advertise[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@legolas-media[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@247realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@a1.interclick[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ad.wsod[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ad.wsod[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@adecn[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@admarketplace[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@admarketplace[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ads.mail[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ads.undertone[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@ar.atwola[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@at.atwola[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@atwola[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@atwola[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@bannerads.wedalert[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@bridge1.admarketplace[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@bridge1.admarketplace[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@burstnet[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@cdn.at.atwola[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@cdn.jemamedia[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@click.fastpartner[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@clickthrough.kanoodle[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@collective-media[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@collective-media[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@content.yieldmanager[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@content.yieldmanager[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@content.yieldmanager[4].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@content.yieldmanager[5].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@d.mediaforceads[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@dc.tremormedia[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@dc.tremormedia[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@dr.findlinks[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@dr.findlinks[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@enhance[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@enhance[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@imrworldwide[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@imrworldwide[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@interclick[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@invitemedia[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@invitemedia[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@invitemedia[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@lfstmedia[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@media6degrees[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@revsci[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@sales.liveperson[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@sales.liveperson[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@sales.liveperson[4].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@sales.liveperson[5].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@sales.liveperson[6].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@sales.liveperson[7].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@specificmedia[1].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@specificmedia[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@theclickcheck[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@theclickcheck[3].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@toseeka[2].txt
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Cookies\ahmad@www.cpctrack[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@cdn4.specificclick[2].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@imrworldwide[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@legolas-media[2].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@videoegg.adbureau[2].txt

Trojan.Agent/Gen
HKU\S-1-5-21-484763869-1960408961-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run#extrac64_cab.exe [ C:\DOCUME~1\AHMAD~1.AHM\LOCALS~1\Temp\extrac64_cab.exe ]

Trojan.Agent/Gen-Alureon
HKU\.DEFAULT\Software\h8srt
HKU\S-1-5-19\Software\h8srt
HKU\S-1-5-20\Software\h8srt
HKU\S-1-5-21-484763869-1960408961-725345543-1004\Software\h8srt
HKU\S-1-5-18\Software\h8srt

#7 Umayr

Umayr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 24 May 2010 - 05:40 PM

any idea on what to do next? I am still getting the random tabs and on top of all that my bottom bar on the computer looks odd....like in the pic i will attach but this is in safe mode...and my internet sometimes doesn't work in normal mode. very odd. please help!Posted Image please help asap! thanks.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 24 May 2010 - 09:44 PM

Hello, really busy here, lot of people ...

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Now an ESET online scan:
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Umayr

Umayr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 25 May 2010 - 04:56 PM

the TDSSKiller.txt file is below...i will add the rest as i do them.

16:49:00:421 1916 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
16:49:00:421 1916 ================================================================================
16:49:00:421 1916 SystemInfo:

16:49:00:421 1916 OS Version: 5.1.2600 ServicePack: 3.0
16:49:00:421 1916 Product type: Workstation
16:49:00:421 1916 ComputerName: AHMAD-448A301E6
16:49:00:421 1916 UserName: Administrator
16:49:00:421 1916 Windows directory: C:\WINDOWS
16:49:00:421 1916 Processor architecture: Intel x86
16:49:00:421 1916 Number of processors: 2
16:49:00:421 1916 Page size: 0x1000
16:49:00:421 1916 Boot type: Safe boot with network
16:49:00:421 1916 ================================================================================
16:49:00:953 1916 Initialize success
16:49:00:953 1916
16:49:00:953 1916 Scanning Services ...
16:49:01:468 1916 Raw services enum returned 356 services
16:49:01:500 1916
16:49:01:500 1916 Scanning Drivers ...
16:49:02:703 1916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:49:02:765 1916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:49:02:812 1916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:49:02:890 1916 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
16:49:02:953 1916 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:49:03:031 1916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:49:03:046 1916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:49:03:078 1916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:49:03:093 1916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:49:03:140 1916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:49:03:203 1916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:49:03:234 1916 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:49:03:281 1916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:49:03:312 1916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:49:03:375 1916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:49:03:421 1916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:49:03:484 1916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:49:03:546 1916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:49:03:578 1916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:49:03:625 1916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:49:03:656 1916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:49:03:687 1916 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
16:49:03:703 1916 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
16:49:03:750 1916 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:49:03:828 1916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:49:03:843 1916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:49:03:875 1916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:49:03:890 1916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:49:03:953 1916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:49:03:968 1916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:49:03:984 1916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:49:04:000 1916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:49:04:015 1916 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:49:04:093 1916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:49:04:125 1916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:49:04:218 1916 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:49:04:265 1916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:49:04:375 1916 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
16:49:04:453 1916 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
16:49:04:546 1916 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
16:49:04:609 1916 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:49:04:687 1916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:49:04:734 1916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:49:04:781 1916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:49:04:890 1916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:49:04:953 1916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:49:05:000 1916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:49:05:046 1916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:49:05:062 1916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:49:05:109 1916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:49:05:140 1916 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:49:05:187 1916 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
16:49:05:234 1916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:49:05:296 1916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:49:05:343 1916 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:49:05:390 1916 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
16:49:05:406 1916 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
16:49:05:468 1916 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
16:49:05:546 1916 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
16:49:05:578 1916 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
16:49:05:625 1916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:49:05:640 1916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:49:05:703 1916 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:49:05:734 1916 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
16:49:05:781 1916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:49:05:843 1916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:49:05:859 1916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:49:05:921 1916 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
16:49:05:953 1916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:49:06:046 1916 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:49:06:109 1916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:49:06:125 1916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:49:06:156 1916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:49:06:281 1916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:49:06:312 1916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:49:06:375 1916 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:49:06:375 1916 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:49:06:421 1916 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:49:06:453 1916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:49:06:500 1916 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:49:06:562 1916 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:49:06:625 1916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:49:06:640 1916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:49:06:656 1916 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:49:06:671 1916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:49:06:703 1916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:49:06:718 1916 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:49:06:734 1916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:49:06:750 1916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:49:06:828 1916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:49:06:890 1916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:49:06:906 1916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:49:06:906 1916 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:49:06:953 1916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:49:06:968 1916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:49:06:984 1916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:49:07:015 1916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:49:07:046 1916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:49:07:078 1916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:49:07:156 1916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:49:07:203 1916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:49:07:218 1916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:49:07:250 1916 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:49:07:296 1916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:49:07:328 1916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:49:07:421 1916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:49:07:437 1916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:49:07:484 1916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:49:07:500 1916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:49:07:531 1916 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:49:07:546 1916 redbook (a70f8717f04f0d320b8ab1dffed5ca24) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:49:07:546 1916 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: a70f8717f04f0d320b8ab1dffed5ca24, Fake md5: f828dd7e1419b6653894a8f97a0094c5
16:49:07:546 1916 File "C:\WINDOWS\system32\DRIVERS\redbook.sys" infected by TDSS rootkit ... 16:49:09:109 1916 Backup copy found, using it..
16:49:09:125 1916 will be cured on next reboot
16:49:09:265 1916 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:49:09:296 1916 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:49:09:421 1916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:49:09:546 1916 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:49:09:687 1916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:49:09:718 1916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:49:09:781 1916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:49:09:843 1916 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:49:09:906 1916 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
16:49:09:968 1916 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
16:49:10:031 1916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:49:10:093 1916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:49:10:171 1916 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
16:49:10:218 1916 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
16:49:10:234 1916 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
16:49:10:265 1916 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:49:10:296 1916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:49:10:375 1916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:49:10:484 1916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:49:10:546 1916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:49:10:625 1916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:49:10:656 1916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:49:10:734 1916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:49:10:796 1916 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
16:49:10:812 1916 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
16:49:10:828 1916 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
16:49:10:859 1916 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
16:49:10:875 1916 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
16:49:10:890 1916 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
16:49:10:906 1916 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
16:49:10:906 1916 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
16:49:10:953 1916 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
16:49:11:000 1916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:49:11:109 1916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:49:11:187 1916 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:49:11:250 1916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:49:11:312 1916 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:49:11:359 1916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:49:11:406 1916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:49:11:453 1916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:49:11:484 1916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:49:11:515 1916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:49:11:531 1916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:49:11:562 1916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:49:11:703 1916 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\WINDOWS\system32\DRIVERS\VX3000.sys
16:49:11:843 1916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:49:11:921 1916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:49:12:015 1916 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:49:12:062 1916 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:49:12:078 1916 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:49:12:093 1916 Reboot required for cure complete..
16:49:12:500 1916 Cure on reboot scheduled successfully
16:49:12:500 1916
16:49:12:500 1916 Completed
16:49:12:500 1916
16:49:12:500 1916 Results:
16:49:12:500 1916 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:49:12:500 1916 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:49:12:500 1916
16:49:12:515 1916 KLMD(ARK) unloaded successfully

#10 Umayr

Umayr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 25 May 2010 - 05:30 PM

MBAM log listed below...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4143

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2010 5:29:32 PM
mbam-log-2010-05-25 (17-29-32).txt

Scan type: Quick scan
Objects scanned: 173228
Time elapsed: 25 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmwldnkg (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmwldnkg (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Local Settings\Temporary Internet Files\Content.IE5\IEX2XKFK\avs[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\h8srtkrl32mainweq.dll (Rootkit.Trace) -> Quarantined and deleted successfully.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 25 May 2010 - 07:39 PM

Looking really good.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Umayr

Umayr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 25 May 2010 - 07:48 PM

The final log for ESET is below....is there anything else i need to do to fix the computer? Can I uninstall Superanitspyware and the other programs or should i keep them?

thanks!!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7d9a68f858b5b34991683534579f7e4a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-26 12:42:49
# local_time=2010-05-25 07:42:49 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776533 100 96 2672884 26832674 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=80399
# found=7
# cleaned=7
# scan_time=7022
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Application Data\Sun\Java\Deployment\cache\6.0\10\6a4d710a-7adb97c5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Application Data\Sun\Java\Deployment\cache\6.0\22\42443d56-333f9cea a variant of Java/TrojanDownloader.Agent.NAX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-43fa45bd a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Application Data\Sun\Java\Deployment\cache\6.0\49\35217071-12d0c5db multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Application Data\Sun\Java\Deployment\cache\6.0\62\a0dd2be-1c99446c a variant of Java/Exploit.Agent.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ahmad.AHMAD-448A301E6\Local Settings\Temp\jar_cache5637572065474214166.tmp a variant of Java/TrojanDownloader.Agent.NAX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 25 May 2010 - 08:28 PM

Ok, are the redirects all gone now?

You can uninstall the MBAm and SAS if you want,ESET did not install. These are good tools to run at least weekly.
I keep SAS and MBAM as on demand on my PC's.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Umayr

Umayr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:06:08 AM

Posted 25 May 2010 - 09:10 PM

I am not completely sure if the redirects are gone since I have not been able to browse the net too much today but I'm sure I will know by the end of the night. My computer does seem to be running a lot faster and the internet does not freeze and go nearly as slow as before. I just wanna say THANK YOU SO MUCH!!!! For all your help and time that you took to help me. I'm so glad I found such a reliable source to trust and help me through some tough tasks. Once again thank you sooo much for your help and if the redirects do return I'll be sure to ask for more help if you won't mind. Thanks! :thumbsup:

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 AM

Posted 25 May 2010 - 10:01 PM

let's do this in the meantime.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users