Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack


  • This topic is locked This topic is locked
9 replies to this topic

#1 SteveChipman

SteveChipman

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 05 July 2010 - 03:50 PM

I've tried my darndest to get rid of this browser hijack issue, including running Adware, Malware Bytes and SAS - all of which didn't turn up anything. It doesn't happen all the time - about 50% I'd say but it's very annoying to say the least. So, I come to the experts for some help :thumbsup:

BC AdBot (Login to Remove)

 


#2 SteveChipman

SteveChipman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 06 July 2010 - 11:29 AM

Not sure why my request is being ignored while others who posted after me with the same issue have been helped. I've tried running SAS, MAB and AdAware - none of resolved the browser hijack issue I've been experiencing over the past couple of weeks. It doesn't happen every search but during my last test, I got redirected to a page that downloaded a nasty malware. I was able to kill it but I'm still being redirected. Please help.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:23 PM

Posted 06 July 2010 - 01:49 PM

Hello, getting overwhelmed ...
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Now please an Online scan with ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

Edited by boopme, 06 July 2010 - 01:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 SteveChipman

SteveChipman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 06 July 2010 - 03:45 PM

OK that finally seems to have found something. Here's the log:

# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7a18abef294b4f42955b0b99b181d886
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-06 08:42:08
# local_time=2010-07-06 01:42:08 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2817 16777215 100 100 4671043 6311256 0 0
# compatibility_mode=8192 67108863 100 0 437548 437548 0 0
# scanned=54311
# found=1
# cleaned=1
# scan_time=2089
C:\Documents and Settings\Steve Chipman\Local Settings\Temporary Internet Files\Content.IE5\ZJFP6HGK\update[1].exe a variant of Win32/Kryptik.FHR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#5 SteveChipman

SteveChipman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 06 July 2010 - 03:52 PM

Still having the same issue. Just did another test so while that trojan was cleaned, it either came back or that wasn't it.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:23 PM

Posted 06 July 2010 - 03:56 PM

Please do these next...
TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 SteveChipman

SteveChipman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 06 July 2010 - 04:03 PM

Here's the log file and running scan on MBAM now.


14:01:47:687 0368 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
14:01:47:687 0368 ================================================================================
14:01:47:687 0368 SystemInfo:

14:01:47:687 0368 OS Version: 5.1.2600 ServicePack: 2.0
14:01:47:687 0368 Product type: Workstation
14:01:47:687 0368 ComputerName: STEVE
14:01:47:687 0368 UserName: Steve Chipman
14:01:47:687 0368 Windows directory: C:\WINDOWS
14:01:47:687 0368 System windows directory: C:\WINDOWS
14:01:47:687 0368 Processor architecture: Intel x86
14:01:47:687 0368 Number of processors: 1
14:01:47:687 0368 Page size: 0x1000
14:01:47:687 0368 Boot type: Normal boot
14:01:47:687 0368 ================================================================================
14:01:47:937 0368 Initialize success
14:01:47:937 0368
14:01:47:937 0368 Scanning Services ...
14:01:48:312 0368 Raw services enum returned 321 services
14:01:48:328 0368
14:01:48:328 0368 Scanning Drivers ...
14:01:49:093 0368 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
14:01:49:171 0368 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:01:49:234 0368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:01:49:359 0368 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
14:01:49:437 0368 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:01:49:515 0368 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:01:49:984 0368 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:01:50:093 0368 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:01:50:171 0368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:01:50:265 0368 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys
14:01:50:359 0368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:01:50:453 0368 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
14:01:50:531 0368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:01:50:656 0368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:01:50:718 0368 cdbe (501f6c4e56b373bd65d845594b98cd49) C:\WINDOWS\system32\cdbe.sys
14:01:50:718 0368 Suspicious file (NoAccess): C:\WINDOWS\system32\cdbe.sys. md5: 501f6c4e56b373bd65d845594b98cd49
14:01:50:796 0368 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:01:50:875 0368 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:01:51:203 0368 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:01:51:312 0368 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:01:51:390 0368 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:01:51:468 0368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:01:51:531 0368 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:01:51:656 0368 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:01:51:734 0368 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:01:51:796 0368 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:01:51:875 0368 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:01:51:953 0368 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:01:52:015 0368 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:01:52:078 0368 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:01:52:140 0368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:01:52:203 0368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:01:52:281 0368 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:01:52:343 0368 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:01:52:406 0368 hcmon (18c29504ed5b8b791dd574071f84ad96) C:\WINDOWS\system32\drivers\hcmon.sys
14:01:52:484 0368 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:01:52:609 0368 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:01:53:031 0368 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:01:53:156 0368 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:01:53:281 0368 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:01:53:343 0368 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:01:53:421 0368 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:01:53:500 0368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:01:53:562 0368 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:01:53:625 0368 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:01:53:703 0368 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:01:53:765 0368 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:01:53:843 0368 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:01:53:906 0368 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:01:53:984 0368 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:01:54:078 0368 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
14:01:54:156 0368 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
14:01:54:234 0368 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:01:54:359 0368 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
14:01:54:421 0368 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
14:01:54:484 0368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:01:54:562 0368 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:01:54:625 0368 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:01:54:687 0368 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:01:54:750 0368 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:01:54:828 0368 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:01:54:937 0368 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:01:55:031 0368 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:01:55:109 0368 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:01:55:171 0368 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:01:55:234 0368 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:01:55:312 0368 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:01:55:390 0368 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:01:55:453 0368 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:01:55:546 0368 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:01:55:609 0368 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:01:55:671 0368 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:01:55:750 0368 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:01:55:843 0368 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:01:55:906 0368 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:01:55:984 0368 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:01:56:062 0368 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:01:56:140 0368 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
14:01:56:218 0368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:01:56:453 0368 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:01:56:562 0368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:01:56:640 0368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:01:56:718 0368 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:01:56:796 0368 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:01:56:859 0368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:01:56:937 0368 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:01:57:109 0368 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:01:57:468 0368 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:01:57:546 0368 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:01:57:625 0368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:01:57:703 0368 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:01:58:015 0368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:01:58:093 0368 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:01:58:156 0368 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:01:58:234 0368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:01:58:312 0368 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:01:58:375 0368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:01:58:453 0368 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
14:01:58:531 0368 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:01:58:593 0368 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:01:58:609 0368 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:01:58:671 0368 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:01:58:750 0368 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:01:58:812 0368 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:01:58:906 0368 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:01:59:031 0368 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:01:59:140 0368 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
14:01:59:218 0368 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:01:59:312 0368 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
14:01:59:375 0368 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:01:59:453 0368 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:01:59:718 0368 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:01:59:812 0368 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:01:59:890 0368 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:01:59:953 0368 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:02:00:031 0368 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:02:00:140 0368 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:02:00:281 0368 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
14:02:00:343 0368 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:02:00:421 0368 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
14:02:00:484 0368 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:02:00:562 0368 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:02:00:625 0368 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:02:00:703 0368 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:02:00:765 0368 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:02:00:875 0368 vmci (5137e48ad1d6ee1e789a20aa49b793e4) C:\WINDOWS\system32\Drivers\vmci.sys
14:02:00:968 0368 vmkbd (415a0bc09e9187e3994508968ffef9bf) C:\WINDOWS\system32\drivers\VMkbd.sys
14:02:01:046 0368 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
14:02:01:125 0368 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
14:02:01:203 0368 VMnetuserif (24294deae94290431a95bfe0ed5438da) C:\WINDOWS\system32\drivers\vmnetuserif.sys
14:02:01:281 0368 VMparport (a3b4e1232a2455eb91c140b7986de706) C:\WINDOWS\system32\Drivers\VMparport.sys
14:02:01:390 0368 vmx86 (541f40e9cef74b6a7c766f8f0a838d07) C:\WINDOWS\system32\Drivers\vmx86.sys
14:02:01:468 0368 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:02:01:531 0368 vstor2-ws60 (70652ddbb219083acda28ca0cb0d6663) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
14:02:01:593 0368 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:02:01:718 0368 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
14:02:01:796 0368 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:02:01:875 0368 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:02:01:937 0368 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:02:01:953 0368
14:02:01:953 0368 Completed
14:02:01:953 0368
14:02:01:953 0368 Results:
14:02:01:953 0368 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:02:01:953 0368 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:02:01:953 0368
14:02:01:953 0368 KLMD(ARK) unloaded successfully

#8 SteveChipman

SteveChipman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 06 July 2010 - 04:16 PM

MBAM scan completed. Nothing found.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:23 PM

Posted 06 July 2010 - 07:34 PM

OK, we got something hidden.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

Edited by boopme, 06 July 2010 - 07:45 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,110 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:23 PM

Posted 07 July 2010 - 07:55 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/329705/browser-hijack-causing-searches-to-go-to-malicious-sites/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users