Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search redirect issue


  • Please log in to reply
7 replies to this topic

#1 littleman370

littleman370

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 29 July 2010 - 08:09 AM

Hello, recently I've had an issue of my searches in Firefox being redirected elsewhere to various random search sites or ads or what have yous. The odd part is, it only seems to happen when I search from the URL bar or from the Firefox search bar in the top right (e.g. if I go to google.com then search, I am not redirected). Furthermore, it happens without regularity! I'm absolutely flummoxed. Due to a recent malware issue (I can't remember the name, but it was one of the fake virus scan ones) I've been running malwarebyte's anti-malware regularly (not trusting mcafee any longer), and it doesn't come up with anything. Thanks in advance for any help!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 PM

Posted 02 August 2010 - 01:58 AM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 littleman370

littleman370
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 03 August 2010 - 08:29 AM

i gave that a shot, and it found one object and deleted it. the problem persists, however. i ran it again, several times, and it comes up empty but i still get redirected. is there anything else i can do?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:48 AM

Posted 03 August 2010 - 10:01 AM

After running TDSSSKiller, a log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) should have been created and saved to the root directory (usually Local Disk C:). Open the log with notepad and copy/paste the contents of the one which found/removed any threats in your next reply.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 littleman370

littleman370
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 03 August 2010 - 10:44 AM

admittedly i ran TDSSSkiller before originally posting, but forgot to mention it; hence the dates will be weird. anyways moving on:

TDSSSKiller log

2010/07/27 14:49:35.0953 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/27 14:49:35.0953 ================================================================================
2010/07/27 14:49:35.0953 SystemInfo:
2010/07/27 14:49:35.0953
2010/07/27 14:49:35.0953 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/27 14:49:35.0953 Product type: Workstation
2010/07/27 14:49:35.0953 ComputerName: ROBERT-0F8A8CD8
2010/07/27 14:49:35.0953 UserName: Susan Muckle
2010/07/27 14:49:35.0953 Windows directory: C:\WINDOWS
2010/07/27 14:49:35.0953 System windows directory: C:\WINDOWS
2010/07/27 14:49:35.0968 Processor architecture: Intel x86
2010/07/27 14:49:35.0968 Number of processors: 2
2010/07/27 14:49:35.0968 Page size: 0x1000
2010/07/27 14:49:35.0968 Boot type: Normal boot
2010/07/27 14:49:35.0968 ================================================================================
2010/07/27 14:49:36.0328 Initialize success
2010/07/27 14:49:41.0515 ================================================================================
2010/07/27 14:49:41.0515 Scan started
2010/07/27 14:49:41.0515 Mode: Manual;
2010/07/27 14:49:41.0515 ================================================================================
2010/07/27 14:49:43.0921 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/27 14:49:43.0968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/27 14:49:44.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/27 14:49:44.0093 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/27 14:49:44.0156 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/07/27 14:49:44.0281 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/27 14:49:44.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/27 14:49:44.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/27 14:49:44.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/27 14:49:44.0437 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/07/27 14:49:44.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/27 14:49:44.0593 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/27 14:49:44.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/27 14:49:44.0781 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/27 14:49:44.0843 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/27 14:49:44.0875 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/07/27 14:49:44.0890 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/07/27 14:49:44.0953 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/27 14:49:45.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/27 14:49:45.0046 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/27 14:49:45.0078 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/27 14:49:45.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/27 14:49:45.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/27 14:49:45.0312 fanio (0dd24dabb0b8c4ac0d8f2ebf0492276a) C:\WINDOWS\system32\drivers\fanio.sys
2010/07/27 14:49:45.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/27 14:49:45.0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/07/27 14:49:45.0500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/27 14:49:45.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/07/27 14:49:45.0531 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/07/27 14:49:45.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/27 14:49:45.0578 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/27 14:49:45.0640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/27 14:49:45.0656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/27 14:49:45.0718 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
2010/07/27 14:49:45.0906 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/07/27 14:49:45.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/27 14:49:46.0078 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/07/27 14:49:46.0156 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/07/27 14:49:46.0250 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/27 14:49:46.0343 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/27 14:49:46.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/27 14:49:46.0453 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/27 14:49:46.0484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/07/27 14:49:46.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/27 14:49:46.0578 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/27 14:49:46.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/27 14:49:46.0640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/27 14:49:46.0687 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/27 14:49:46.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/27 14:49:46.0781 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/27 14:49:46.0812 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/27 14:49:46.0921 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/27 14:49:46.0968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/27 14:49:47.0046 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/07/27 14:49:47.0390 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/07/27 14:49:47.0500 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/07/27 14:49:47.0625 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/07/27 14:49:47.0656 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/07/27 14:49:47.0796 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/07/27 14:49:47.0906 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/07/27 14:49:47.0984 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\WINDOWS\system32\drivers\mfetdik.sys
2010/07/27 14:49:48.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/27 14:49:48.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/27 14:49:48.0234 Mouclass (6980039428d69e6d76c784e813554557) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/27 14:49:48.0234 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: 6980039428d69e6d76c784e813554557, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/07/27 14:49:48.0234 Mouclass - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/07/27 14:49:48.0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/27 14:49:48.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/27 14:49:48.0546 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/27 14:49:48.0625 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/27 14:49:48.0656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/27 14:49:48.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/27 14:49:48.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/27 14:49:48.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/27 14:49:48.0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/27 14:49:48.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/27 14:49:48.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/27 14:49:48.0875 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/27 14:49:48.0984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/27 14:49:49.0000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/27 14:49:49.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/27 14:49:49.0031 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/27 14:49:49.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/27 14:49:49.0390 NETw5x32 (90f7fad201e62732cbe6625b07e4c8f1) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/07/27 14:49:49.0609 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/27 14:49:49.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/27 14:49:49.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/27 14:49:50.0140 nv (c116d2b008a1640c4484a1dcd1abe12c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/27 14:49:50.0781 NvtSp50 (dfbbb46e406d6cd7bcb58af493ba80f8) C:\WINDOWS\system32\DRIVERS\NvtSp50.sys
2010/07/27 14:49:50.0843 NWADI (2f49369ddcc5ca3cdcd944b637efacad) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2010/07/27 14:49:50.0875 NWDellModem (c4ec827bc90f5f4fa8e772b254ce1b6c) C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys
2010/07/27 14:49:51.0000 NWDellPort (c4ec827bc90f5f4fa8e772b254ce1b6c) C:\WINDOWS\system32\DRIVERS\nwdelser.sys
2010/07/27 14:49:51.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/27 14:49:51.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/27 14:49:51.0250 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/07/27 14:49:51.0281 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/27 14:49:51.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/27 14:49:51.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/27 14:49:51.0375 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/27 14:49:51.0406 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/07/27 14:49:51.0515 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/27 14:49:51.0531 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/27 14:49:51.0562 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/07/27 14:49:51.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/27 14:49:51.0750 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/27 14:49:51.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/27 14:49:51.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/27 14:49:51.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/27 14:49:51.0875 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/27 14:49:51.0906 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/27 14:49:51.0968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/27 14:49:52.0015 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/27 14:49:52.0062 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/27 14:49:52.0140 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/07/27 14:49:52.0234 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/27 14:49:52.0296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/27 14:49:52.0312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/27 14:49:52.0343 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/27 14:49:52.0437 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/27 14:49:52.0500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/27 14:49:52.0578 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/27 14:49:52.0765 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/07/27 14:49:52.0906 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/27 14:49:52.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/27 14:49:52.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/27 14:49:53.0031 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/27 14:49:53.0093 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/07/27 14:49:53.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/27 14:49:53.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/27 14:49:53.0203 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/27 14:49:53.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/27 14:49:53.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/27 14:49:53.0781 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/27 14:49:53.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/27 14:49:53.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/27 14:49:53.0921 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/27 14:49:53.0953 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/27 14:49:53.0968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/27 14:49:53.0984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/27 14:49:54.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/27 14:49:54.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/27 14:49:54.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/27 14:49:54.0437 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/07/27 14:49:54.0625 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/07/27 14:49:54.0750 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/27 14:49:54.0781 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/27 14:49:54.0828 ================================================================================
2010/07/27 14:49:54.0828 Scan finished
2010/07/27 14:49:54.0828 ================================================================================
2010/07/27 14:49:54.0828 Detected object count: 1
2010/07/27 14:50:06.0171 Mouclass (6980039428d69e6d76c784e813554557) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/27 14:50:06.0171 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: 6980039428d69e6d76c784e813554557, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/07/27 14:50:07.0250 Backup copy found, using it..
2010/07/27 14:50:07.0359 C:\WINDOWS\system32\DRIVERS\mouclass.sys - will be cured after reboot
2010/07/27 14:50:07.0359 Rootkit.Win32.TDSS.tdl3(Mouclass) - User select action: Cure
2010/07/27 14:50:10.0734 Deinitialize success


here's the MBR check:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7B12000 \WINDOWS\system32\KDCOM.DLL
0xF7A22000 \WINDOWS\system32\BOOTVID.dll
0xF74E3000 ACPI.sys
0xF7B14000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74D2000 pci.sys
0xF7612000 isapnp.sys
0xF7A26000 compbatt.sys
0xF7A2A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BDA000 pciide.sys
0xF7892000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B4000 pcmcia.sys
0xF7622000 MountMgr.sys
0xF7495000 ftdisk.sys
0xF789A000 PartMgr.sys
0xF7632000 VolSnap.sys
0xF747D000 atapi.sys
0xF7642000 disk.sys
0xF7652000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF745D000 fltMgr.sys
0xF744B000 sr.sys
0xF7434000 KSecDD.sys
0xF73A7000 Ntfs.sys
0xF737A000 NDIS.sys
0xF7360000 Mup.sys
0xF730E000 mfehidk.sys
0xF7812000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AFE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7B02000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF642B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6417000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF63EF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5FEC000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xF5FC9000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF795A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5FA5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7962000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7822000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF5F8A000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF796A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7972000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7832000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B0A000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7842000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7852000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7862000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5F67000 \SystemRoot\system32\DRIVERS\ks.sys
0xF797A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7CDE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7872000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5F50000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7882000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7672000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7982000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5F3F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7682000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF798A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7992000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5F0F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7692000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B32000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5EB1000 \SystemRoot\system32\DRIVERS\update.sys
0xF72CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF5E78000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xF76A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF3D10000 \SystemRoot\system32\drivers\sthda.sys
0xF3CEC000 \SystemRoot\system32\drivers\portcls.sys
0xF76B2000 \SystemRoot\system32\drivers\drmk.sys
0xF3CB2000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xF3BBB000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xF3B05000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xF79A2000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76D2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B3C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B3E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D53000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B40000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79D2000 \SystemRoot\System32\drivers\vga.sys
0xF7B42000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B44000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79DA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79E2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7ABE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF38AA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3851000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF76E2000 \SystemRoot\system32\drivers\mfetdik.sys
0xF382B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF3803000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7702000 \SystemRoot\system32\DRIVERS\NvtSp50.sys
0xF37E1000 \SystemRoot\System32\drivers\afd.sys
0xF7712000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF37B6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3746000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7722000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79EA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF2A5D000 \SystemRoot\system32\DRIVERS\nwdelmdm.sys
0xF2A34000 \SystemRoot\system32\DRIVERS\nwdelser.sys
0xF7732000 \SystemRoot\System32\Drivers\tcusb.sys
0xF7742000 \SystemRoot\System32\Drivers\oz776.sys
0xF7AE6000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xF7AF2000 \??\C:\WINDOWS\system32\drivers\fanio.sys
0xF77E2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF29D4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BA4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF2A0C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78AA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C13000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA7A4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA79C000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBA42B000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA6F0000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9F70000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9E01000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9DE5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB8F32000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB8B79000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7BC2000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
848 C:\WINDOWS\system32\smss.exe
900 csrss.exe
928 C:\WINDOWS\system32\winlogon.exe
972 C:\WINDOWS\system32\services.exe
984 C:\WINDOWS\system32\lsass.exe
1160 C:\WINDOWS\system32\svchost.exe
1228 svchost.exe
1372 C:\WINDOWS\system32\svchost.exe
1436 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1524 svchost.exe
1772 svchost.exe
2040 C:\WINDOWS\system32\spoolsv.exe
180 scardsvr.exe
568 C:\WINDOWS\explorer.exe
1288 C:\WINDOWS\system32\rundll32.exe
1296 C:\WINDOWS\system32\rundll32.exe
1316 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
1324 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
1332 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
1340 C:\Program Files\Apoint\Apoint.exe
1428 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1468 C:\Program Files\iTunes\iTunesHelper.exe
1596 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
1616 C:\Program Files\Apoint\hidfind.exe
1676 C:\Program Files\I8kfanGUI\I8kfanGUI.exe
1712 C:\WINDOWS\system32\ctfmon.exe
1744 C:\Program Files\Apoint\ApntEx.exe
1860 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1940 C:\Program Files\Secunia\PSI\psi.exe
460 svchost.exe
544 C:\Program Files\Bonjour\mDNSResponder.exe
624 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
720 C:\Program Files\Java\jre6\bin\jqs.exe
1128 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
1484 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
2828 C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
3180 C:\WINDOWS\system32\mfevtps.exe
3372 C:\WINDOWS\system32\nvsvc32.exe
3536 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3648 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
3748 C:\WINDOWS\system32\searchindexer.exe
4024 C:\WINDOWS\system32\wbem\unsecapp.exe
4044 wmiprvse.exe
1788 C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
380 mfeann.exe
2092 C:\WINDOWS\system32\wscntfy.exe
3156 wmiprvse.exe
1760 C:\Program Files\iPod\bin\iPodService.exe
2588 alg.exe
3328 C:\Program Files\AIM\aim.exe
884 C:\WINDOWS\system32\wuauclt.exe
2472 C:\Program Files\Mozilla Firefox\firefox.exe
564 C:\WINDOWS\system32\searchprotocolhost.exe
2292 searchfilterhost.exe
2960 C:\Documents and Settings\Susan Muckle\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541080G9SA00, Rev: MB4OC60R

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


thanks for all the help!!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:48 AM

Posted 03 August 2010 - 10:51 AM

TDSSSKiller found/removed the primary infection. This is the relevant part:

2010/07/27 14:49:48.0234 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: 6980039428d69e6d76c784e813554557, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/07/27 14:49:48.0234 Mouclass - detected Rootkit.Win32.TDSS.tdl3 (0)

0010/07/27 14:50:06.0171 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: 6980039428d69e6d76c784e813554557, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/07/27 14:50:07.0250 Backup copy found, using it..
2010/07/27 14:50:07.0359 C:\WINDOWS\system32\DRIVERS\mouclass.sys - will be cured after reboot

Please confirm that you rebooted the computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 littleman370

littleman370
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 03 August 2010 - 10:55 AM

i have restarted my computer several times since. is there a separate log that would include that info? i can post what would be a current one where it should come up clean

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:48 AM

Posted 03 August 2010 - 11:27 AM

If you rebooted, rescanned with TDSSKiller and nothing more was detected, then you are probably dealing with multiple infections which is why I had you run MBRCheck but that log looked ok.

This issue will require further investigation. Many of the tools we use in this forum are not capable of detecting all malware variants so more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS/HijackThis log.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users