Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirect problem


  • Please log in to reply
8 replies to this topic

#1 RAiViN

RAiViN

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 12 August 2010 - 03:57 AM

Hi everyone,

I have a problem with Mozilla Firefox:
when I search for a website and click the link, it redirects me to all kinds of sites.
(promo.vador f.e.)
When I run antimalwarebit, it doesn't give any problem.
What to do? :thumbsup:

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:58 AM

Posted 12 August 2010 - 10:35 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If 'Suspicious' objects are detected, Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 RAiViN

RAiViN
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 14 August 2010 - 02:33 AM

Here's the thing TDSS gave me:


2010/08/14 09:31:01.0014 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/14 09:31:01.0014 ================================================================================
2010/08/14 09:31:01.0014 SystemInfo:
2010/08/14 09:31:01.0014
2010/08/14 09:31:01.0014 OS Version: 6.0.6002 ServicePack: 2.0
2010/08/14 09:31:01.0014 Product type: Workstation
2010/08/14 09:31:01.0015 ComputerName: PC_VAN_AGTEN
2010/08/14 09:31:01.0015 UserName: Agten
2010/08/14 09:31:01.0015 Windows directory: C:\Windows
2010/08/14 09:31:01.0015 System windows directory: C:\Windows
2010/08/14 09:31:01.0015 Running under WOW64
2010/08/14 09:31:01.0015 Processor architecture: Intel x64
2010/08/14 09:31:01.0015 Number of processors: 2
2010/08/14 09:31:01.0015 Page size: 0x1000
2010/08/14 09:31:01.0015 Boot type: Normal boot
2010/08/14 09:31:01.0015 ================================================================================
2010/08/14 09:31:01.0016 Utility is running under WOW64, functionality is limited.
2010/08/14 09:31:01.0515 Initialize success
2010/08/14 09:31:07.0665 ================================================================================
2010/08/14 09:31:07.0665 Scan started
2010/08/14 09:31:07.0665 Mode: Manual;
2010/08/14 09:31:07.0665 ================================================================================
2010/08/14 09:31:08.0469 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/08/14 09:31:08.0566 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/08/14 09:31:08.0645 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/08/14 09:31:08.0701 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/08/14 09:31:08.0759 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/08/14 09:31:08.0886 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/08/14 09:31:08.0980 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/08/14 09:31:09.0078 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/08/14 09:31:09.0198 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/08/14 09:31:09.0255 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/08/14 09:31:09.0327 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/08/14 09:31:09.0596 appdrv01 (b1f3e64c26684d60de67bed3e6718783) C:\Windows\system32\Drivers\appdrv01.sys
2010/08/14 09:31:09.0864 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/08/14 09:31:09.0964 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/08/14 09:31:10.0072 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/14 09:31:10.0145 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/08/14 09:31:10.0267 avgntflt (ed2b23707f19ccc1b2a4382b05d31481) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/08/14 09:31:10.0328 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2010/08/14 09:31:10.0506 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/08/14 09:31:10.0733 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/14 09:31:10.0806 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/14 09:31:10.0871 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/08/14 09:31:10.0958 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/08/14 09:31:11.0009 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/08/14 09:31:11.0066 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/14 09:31:11.0119 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/08/14 09:31:11.0190 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/08/14 09:31:11.0290 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/14 09:31:11.0367 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/14 09:31:11.0467 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/08/14 09:31:11.0551 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/08/14 09:31:11.0707 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/14 09:31:11.0787 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/08/14 09:31:11.0851 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/14 09:31:11.0953 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/08/14 09:31:12.0114 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/08/14 09:31:12.0246 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/08/14 09:31:12.0410 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/08/14 09:31:12.0513 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/14 09:31:12.0614 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/08/14 09:31:12.0752 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/08/14 09:31:12.0903 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/08/14 09:31:13.0017 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/08/14 09:31:13.0190 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/08/14 09:31:13.0277 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/08/14 09:31:13.0360 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/14 09:31:13.0489 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/08/14 09:31:13.0555 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/08/14 09:31:13.0613 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/14 09:31:13.0713 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/08/14 09:31:13.0838 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/14 09:31:13.0898 FTDIBUS (0f210048c6bfbfbc0f50816bce40b575) C:\Windows\system32\drivers\ftdibus.sys
2010/08/14 09:31:13.0965 FTSER2K (814f098b02095814a8bebbf86d13fc90) C:\Windows\system32\drivers\ftser2k.sys
2010/08/14 09:31:14.0050 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/14 09:31:14.0120 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/14 09:31:14.0289 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2010/08/14 09:31:14.0389 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/14 09:31:14.0489 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/08/14 09:31:14.0547 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/08/14 09:31:14.0673 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/14 09:31:14.0790 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/08/14 09:31:14.0887 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/08/14 09:31:14.0985 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/08/14 09:31:15.0072 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/14 09:31:15.0157 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/08/14 09:31:15.0444 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/08/14 09:31:15.0976 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/08/14 09:31:16.0110 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/08/14 09:31:16.0175 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/14 09:31:16.0275 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/14 09:31:16.0414 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/14 09:31:16.0482 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/14 09:31:16.0632 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/08/14 09:31:16.0745 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/08/14 09:31:16.0845 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/14 09:31:16.0905 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/08/14 09:31:16.0969 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/08/14 09:31:17.0050 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/14 09:31:17.0106 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/14 09:31:17.0223 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/14 09:31:17.0285 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/08/14 09:31:17.0465 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/14 09:31:17.0637 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/14 09:31:17.0733 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/14 09:31:17.0823 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/14 09:31:17.0895 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/08/14 09:31:18.0036 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/08/14 09:31:18.0104 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/08/14 09:31:18.0252 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/08/14 09:31:18.0313 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/14 09:31:18.0374 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/14 09:31:18.0433 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/14 09:31:18.0488 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/08/14 09:31:18.0564 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/08/14 09:31:18.0637 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/14 09:31:18.0748 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/14 09:31:18.0841 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/14 09:31:18.0915 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/14 09:31:18.0987 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/14 09:31:19.0037 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/14 09:31:19.0133 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2010/08/14 09:31:19.0261 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/08/14 09:31:19.0379 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/08/14 09:31:19.0440 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/08/14 09:31:19.0585 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/14 09:31:19.0635 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/14 09:31:19.0698 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/08/14 09:31:19.0773 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/08/14 09:31:19.0883 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/14 09:31:19.0947 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/08/14 09:31:20.0033 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/08/14 09:31:20.0133 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/14 09:31:20.0241 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/08/14 09:31:20.0333 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/14 09:31:20.0383 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/14 09:31:20.0477 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/14 09:31:20.0527 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/08/14 09:31:20.0598 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/14 09:31:20.0682 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/14 09:31:20.0933 netr28x (dd371cbe3005934c975aeb7f9053cb88) C:\Windows\system32\DRIVERS\netr28x.sys
2010/08/14 09:31:21.0082 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/08/14 09:31:21.0200 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/08/14 09:31:21.0280 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/14 09:31:21.0389 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/08/14 09:31:21.0479 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/08/14 09:31:21.0567 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/08/14 09:31:21.0632 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/08/14 09:31:21.0720 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/08/14 09:31:21.0917 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2010/08/14 09:31:22.0221 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/08/14 09:31:22.0297 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/08/14 09:31:22.0410 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/08/14 09:31:22.0472 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/08/14 09:31:22.0535 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/08/14 09:31:22.0627 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2010/08/14 09:31:22.0718 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/08/14 09:31:23.0059 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/14 09:31:23.0154 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/08/14 09:31:23.0307 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/14 09:31:23.0404 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/08/14 09:31:23.0515 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/08/14 09:31:23.0618 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/14 09:31:23.0674 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/14 09:31:23.0767 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/14 09:31:23.0870 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/14 09:31:23.0950 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/14 09:31:24.0039 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/14 09:31:24.0105 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/14 09:31:24.0202 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/08/14 09:31:24.0276 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/14 09:31:24.0366 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/08/14 09:31:24.0568 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/14 09:31:24.0656 RTL8169 (c4dd02a9d97c5531e145f9e4420636f8) C:\Windows\system32\DRIVERS\Rtlh64.sys
2010/08/14 09:31:24.0788 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/08/14 09:31:24.0985 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/08/14 09:31:25.0121 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/14 09:31:25.0190 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/08/14 09:31:25.0293 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/08/14 09:31:25.0413 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/08/14 09:31:25.0472 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/14 09:31:25.0533 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/14 09:31:25.0593 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/08/14 09:31:25.0754 Si3531 (1b731ae02fc0c1ccdc4b7d32fcc95660) C:\Windows\system32\DRIVERS\Si3531.sys
2010/08/14 09:31:25.0798 SiFilter (8574809375c8147cc9b6a62822018fd6) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2010/08/14 09:31:25.0861 SiRemFil (e7b586131c8c417691e303c511c3563b) C:\Windows\system32\DRIVERS\SiRemFil.sys
2010/08/14 09:31:26.0096 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/08/14 09:31:26.0155 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/08/14 09:31:26.0326 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/08/14 09:31:26.0473 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/08/14 09:31:26.0609 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/08/14 09:31:26.0610 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/08/14 09:31:26.0639 sptd - detected Locked file (1)
2010/08/14 09:31:26.0712 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys
2010/08/14 09:31:26.0787 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/14 09:31:26.0849 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/14 09:31:27.0136 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/14 09:31:27.0269 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/08/14 09:31:27.0330 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/08/14 09:31:27.0394 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/08/14 09:31:27.0636 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/08/14 09:31:27.0755 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/14 09:31:27.0852 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/14 09:31:27.0926 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/08/14 09:31:27.0982 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/08/14 09:31:28.0069 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/14 09:31:28.0158 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/14 09:31:28.0420 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/14 09:31:28.0483 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/14 09:31:28.0570 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/14 09:31:28.0651 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/08/14 09:31:28.0737 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/14 09:31:28.0896 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/14 09:31:28.0981 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/08/14 09:31:29.0058 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/08/14 09:31:29.0127 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/08/14 09:31:29.0206 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/14 09:31:29.0340 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/08/14 09:31:29.0437 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2010/08/14 09:31:29.0543 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/14 09:31:29.0630 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/08/14 09:31:29.0707 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/14 09:31:29.0808 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/14 09:31:29.0873 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/08/14 09:31:29.0946 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/14 09:31:30.0038 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/14 09:31:30.0131 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/14 09:31:30.0218 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/14 09:31:30.0363 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/14 09:31:30.0423 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/08/14 09:31:30.0486 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/08/14 09:31:30.0603 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/08/14 09:31:30.0682 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/08/14 09:31:30.0743 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/08/14 09:31:30.0833 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/08/14 09:31:31.0029 VX3000 (b19333c00b64edc5a53bd4a38f55fe95) C:\Windows\system32\DRIVERS\VX3000.sys
2010/08/14 09:31:31.0365 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/08/14 09:31:31.0442 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/14 09:31:31.0488 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/14 09:31:31.0755 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/08/14 09:31:31.0851 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/14 09:31:32.0505 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/14 09:31:32.0717 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/14 09:31:32.0794 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/14 09:31:32.0976 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/14 09:31:33.0115 XUIF (6533f30045b0a234783bd8b4069f0433) C:\Windows\system32\Drivers\x10ufx2.sys
2010/08/14 09:31:33.0180 ================================================================================
2010/08/14 09:31:33.0180 Scan finished
2010/08/14 09:31:33.0180 ================================================================================
2010/08/14 09:31:33.0199 Detected object count: 1
2010/08/14 09:31:42.0286 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/08/14 09:31:42.0286 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/08/14 09:31:42.0297 C:\Windows\system32\Drivers\sptd.sys - quarantined
2010/08/14 09:31:42.0298 Locked file(sptd) - User select action: Quarantine
2010/08/14 09:31:55.0755 Deinitialize success

With the suspicious file I only could Skip or Quarantine the object, so I Quarantined it.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:58 AM

Posted 14 August 2010 - 08:21 AM

Are you using Daemon Tools or another CD Emulator like Alchohol 120%, Astroburn, AnyDVD?

I ask because sptd.sys is related to Daemon Tools and installed as a service. See here.

These type of tools uses rootkit-like techniques to hide from other applications and to circumvent copy protection schemes. As a result of this technology, some files related to the program may at times be detected as a "Suspiciousl", "Potentially Unwanted Program" or even "Malware" (virus/trojan) when that is not the case. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

Anytime you come across a suspicious file or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

When the quarantined file is known to be malicious, you can delete it at any time usually by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete. If it was a false positive, then you can choose the option to restore the file.

Please download bootkit_remover.rar and save it to your Desktop. <-Important!!!

You will need to extract the remover.exe file using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can downlaod, install and use 7-zip.
  • Right-click on the bootkit_remover.rar file and select "extract/unzip here".
  • This will create two readme files and a file named remover.exe on your desktop.
  • Double-click on remover.exe.
    Note: Vista/Windows 7 users right-click and select Run As Administrator.
  • A command window will open with a black screen and some data on it.
  • Right-click on the screen and choose Select All.
  • The screen will turn white. Press CTRL+C to copy the data on that screen.
  • Open Notepad and press CTRL+V, or click on the Edit tab and choose Paste.
  • Copy and paste the output from Notepad in your next reply.
  • Clcik on the black screen and Press any key on the keyboard to exit.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 RAiViN

RAiViN
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 14 August 2010 - 09:34 AM

Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

about the sptd.sys: I use daemon tools

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:58 AM

Posted 14 August 2010 - 12:03 PM

That log shows no infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 RAiViN

RAiViN
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 15 August 2010 - 01:09 AM

I shall try to download firefox again and do searches

#8 RAiViN

RAiViN
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 15 August 2010 - 01:20 AM

I shall try to download firefox again and do searches


Positive, I don't get any redirects anymore, looked a couple other topics with the same problem.
Thanks for your help!

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:58 AM

Posted 15 August 2010 - 06:20 AM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users