Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect - Me too :(


  • This topic is locked This topic is locked
8 replies to this topic

#1 Jandro

Jandro

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 17 August 2010 - 12:12 AM

My problem / symptom seems to be consistent to the other threads I have read. In being new to the site, please let me know if I'm doing anything wrong with my post. I tried to follow the pre-post instructions word for word.

I'm running XP version 2002 service pack 3 on a HP Pavillion. I'm pretty much not able to use google at all. My only work around is to select the "cache" option and then select the actual URL.

----------------------------------------------------------------------------------

DDS LOG


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:23:36.79 on Mon 08/16/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.587 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe 4
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\Defogger.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Laun

sorry if this post shows up multiple times, but it was showing "connection reset" every time I tried to post the main topic. Thanks again for the help!

Merged posts. Duplicate topics deleted. Infection causing posting issues. ~ OB

Attached Files


Edited by Orange Blossom, 17 August 2010 - 12:20 AM.
Add in more log from another partial. ~ OB


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:29 PM

Posted 17 August 2010 - 04:25 PM

Good evening. smile.gif

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.
  • You will then need to extract the file(s) from the zipped folder.

  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish


  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Nowand ensure that your machine does so.

  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. smile.gif


So long, and thanks for all the fish.

 

 


#3 Jandro

Jandro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 17 August 2010 - 05:40 PM

WOW. Thanks so much for the quick response! I have to say, having issues with my computer sucks, but having people willing to help sure helps take the sting out of it.

Here is the log I found. I could not find it where you referenced, so I just opened TDSS Killer again and pressed report. The time and date are correct.

So to be clear, I only ran the scan once and it found 1 issue only.

Thanks again!!!!
----------------------------------------------------

2010/08/17 18:35:35.0656 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/17 18:35:35.0656 ================================================================================
2010/08/17 18:35:35.0656 SystemInfo:
2010/08/17 18:35:35.0656
2010/08/17 18:35:35.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/17 18:35:35.0656 Product type: Workstation
2010/08/17 18:35:35.0656 ComputerName: USER-6TZJ0H438V
2010/08/17 18:35:35.0656 UserName: Owner
2010/08/17 18:35:35.0656 Windows directory: C:\WINDOWS
2010/08/17 18:35:35.0656 System windows directory: C:\WINDOWS
2010/08/17 18:35:35.0656 Processor architecture: Intel x86
2010/08/17 18:35:35.0656 Number of processors: 1
2010/08/17 18:35:35.0656 Page size: 0x1000
2010/08/17 18:35:35.0656 Boot type: Normal boot
2010/08/17 18:35:35.0656 ================================================================================
2010/08/17 18:35:35.0843 Initialize success

Edited by Jandro, 17 August 2010 - 05:41 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:29 PM

Posted 18 August 2010 - 02:31 PM

Good evening. smile.gif

Unfortunately doing that just displays a fresh report, but with minimal contents as the scan hasn't been run yet.
If you can't find the log in the root of your hard drive then I suggest that you run the tool again and have it run another scan and post the log that it produces as per my previous post.
Assuming that the tool did it's job the first time round, you shouldn't need to fix anything or reboot.

So long, and thanks for all the fish.

 

 


#5 Jandro

Jandro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 19 August 2010 - 10:44 AM

Sorry, I finally found it. For some reason I was looking for a folder labeled TDSS Killer.

Thanks!

==============================================================

2010/08/17 18:28:24.0562 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/17 18:28:24.0562 ================================================================================
2010/08/17 18:28:24.0562 SystemInfo:
2010/08/17 18:28:24.0562
2010/08/17 18:28:24.0562 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/17 18:28:24.0562 Product type: Workstation
2010/08/17 18:28:24.0562 ComputerName: USER-6TZJ0H438V
2010/08/17 18:28:24.0562 UserName: Owner
2010/08/17 18:28:24.0562 Windows directory: C:\WINDOWS
2010/08/17 18:28:24.0562 System windows directory: C:\WINDOWS
2010/08/17 18:28:24.0562 Processor architecture: Intel x86
2010/08/17 18:28:24.0562 Number of processors: 1
2010/08/17 18:28:24.0562 Page size: 0x1000
2010/08/17 18:28:24.0562 Boot type: Normal boot
2010/08/17 18:28:24.0562 ================================================================================
2010/08/17 18:28:24.0765 Initialize success
2010/08/17 18:28:27.0328 ================================================================================
2010/08/17 18:28:27.0328 Scan started
2010/08/17 18:28:27.0328 Mode: Manual;
2010/08/17 18:28:27.0328 ================================================================================
2010/08/17 18:28:28.0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/17 18:28:29.0046 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/17 18:28:29.0125 aeaudio (f13d8e7e1faa31019c25eb17b5fb2662) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/17 18:28:29.0203 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/17 18:28:29.0281 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/08/17 18:28:29.0343 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/17 18:28:29.0437 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/17 18:28:29.0796 androidusb (f71671248134ea39bfd10401ee5fd825) C:\WINDOWS\system32\Drivers\androidusb.sys
2010/08/17 18:28:29.0859 ApfiltrService (285b803bfa147716b6fe7545586450cd) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/08/17 18:28:29.0921 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/17 18:28:30.0062 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/17 18:28:30.0109 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/17 18:28:30.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/17 18:28:30.0250 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/17 18:28:30.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/17 18:28:30.0375 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/17 18:28:30.0437 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/17 18:28:30.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/17 18:28:30.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/17 18:28:30.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/17 18:28:30.0828 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/17 18:28:30.0937 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/17 18:28:31.0031 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/08/17 18:28:31.0109 CVPNDRVA (d46b2e0eeaf349f2085f8b164e462156) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/08/17 18:28:31.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/17 18:28:31.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/17 18:28:31.0406 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/17 18:28:31.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/17 18:28:31.0515 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/17 18:28:31.0625 DNE (694616f813fb627a32c9e32dec133078) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/08/17 18:28:31.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/17 18:28:31.0828 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/17 18:28:31.0890 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/17 18:28:32.0031 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/17 18:28:32.0078 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/17 18:28:32.0125 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/17 18:28:32.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/17 18:28:32.0203 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/17 18:28:32.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/17 18:28:32.0281 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/17 18:28:32.0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/08/17 18:28:32.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/17 18:28:32.0406 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/17 18:28:32.0484 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2010/08/17 18:28:32.0531 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/17 18:28:32.0578 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/17 18:28:32.0656 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/17 18:28:32.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/17 18:28:32.0812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/17 18:28:32.0906 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/17 18:28:32.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/17 18:28:33.0046 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/17 18:28:33.0093 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/17 18:28:33.0125 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/17 18:28:33.0187 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/17 18:28:33.0218 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/17 18:28:33.0265 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/17 18:28:33.0296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/17 18:28:33.0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/17 18:28:33.0375 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/17 18:28:33.0421 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/17 18:28:33.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/17 18:28:33.0531 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/17 18:28:33.0640 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
2010/08/17 18:28:33.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/17 18:28:33.0765 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/17 18:28:33.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/17 18:28:33.0859 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/17 18:28:33.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/17 18:28:33.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/17 18:28:34.0031 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/17 18:28:34.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/17 18:28:34.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/17 18:28:34.0171 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/17 18:28:34.0203 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/17 18:28:34.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/17 18:28:34.0281 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/17 18:28:34.0312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/17 18:28:34.0359 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/17 18:28:34.0515 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100813.009\naveng.sys
2010/08/17 18:28:34.0640 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100813.009\navex15.sys
2010/08/17 18:28:34.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/17 18:28:34.0906 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/17 18:28:34.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/17 18:28:34.0984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/17 18:28:35.0031 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/17 18:28:35.0062 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/17 18:28:35.0109 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/17 18:28:35.0156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/17 18:28:35.0218 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/17 18:28:35.0250 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/17 18:28:35.0312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/17 18:28:35.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/17 18:28:35.0437 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/17 18:28:35.0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/17 18:28:35.0531 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/17 18:28:35.0609 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2010/08/17 18:28:35.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/17 18:28:35.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/17 18:28:35.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/17 18:28:35.0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/17 18:28:35.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/17 18:28:35.0906 Pcmcia (1e59b5580e951344ae14e1f4d8532ebb) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/17 18:28:35.0921 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: 1e59b5580e951344ae14e1f4d8532ebb, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1
2010/08/17 18:28:35.0921 Pcmcia - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/17 18:28:36.0156 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
2010/08/17 18:28:36.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/17 18:28:36.0234 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/17 18:28:36.0281 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/17 18:28:36.0312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/17 18:28:36.0390 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/17 18:28:36.0531 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/17 18:28:36.0578 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/17 18:28:36.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/17 18:28:36.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/17 18:28:36.0718 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/17 18:28:36.0765 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/17 18:28:36.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/17 18:28:36.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/17 18:28:36.0953 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/08/17 18:28:37.0031 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/08/17 18:28:37.0109 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/17 18:28:37.0171 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/08/17 18:28:37.0218 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/08/17 18:28:37.0343 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/17 18:28:37.0406 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/17 18:28:37.0484 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
2010/08/17 18:28:37.0562 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/17 18:28:37.0609 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/17 18:28:37.0671 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/17 18:28:37.0734 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/17 18:28:37.0890 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/08/17 18:28:37.0953 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/17 18:28:38.0015 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/17 18:28:38.0078 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/17 18:28:38.0125 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/17 18:28:38.0156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/17 18:28:38.0203 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/17 18:28:38.0296 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2010/08/17 18:28:38.0343 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/08/17 18:28:38.0390 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/08/17 18:28:38.0500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/17 18:28:38.0578 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/17 18:28:38.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/17 18:28:38.0671 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/17 18:28:38.0718 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/17 18:28:38.0781 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2010/08/17 18:28:38.0859 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/17 18:28:38.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/17 18:28:39.0015 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/17 18:28:39.0046 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/17 18:28:39.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/17 18:28:39.0125 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/17 18:28:39.0171 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/17 18:28:39.0203 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/17 18:28:39.0250 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/17 18:28:39.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/17 18:28:39.0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/17 18:28:39.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/17 18:28:39.0453 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
2010/08/17 18:28:39.0656 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/08/17 18:28:39.0828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/17 18:28:39.0906 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/08/17 18:28:39.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/17 18:28:40.0046 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/08/17 18:28:40.0093 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/17 18:28:40.0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/17 18:28:40.0203 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/17 18:28:40.0250 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/17 18:28:40.0312 \HardDisk0\MBR - detected Trojan-Clicker.Win32.Wistler.a (0)
2010/08/17 18:28:40.0312 ================================================================================
2010/08/17 18:28:40.0312 Scan finished
2010/08/17 18:28:40.0312 ================================================================================
2010/08/17 18:28:40.0328 Detected object count: 2
2010/08/17 18:28:59.0921 Pcmcia (1e59b5580e951344ae14e1f4d8532ebb) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/17 18:28:59.0921 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: 1e59b5580e951344ae14e1f4d8532ebb, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1
2010/08/17 18:29:02.0328 Backup copy found, using it..
2010/08/17 18:29:02.0390 C:\WINDOWS\system32\DRIVERS\pcmcia.sys - will be cured after reboot
2010/08/17 18:29:02.0390 Rootkit.Win32.TDSS.tdl3(Pcmcia) - User select action: Cure
2010/08/17 18:29:02.0437 \HardDisk0\MBR - will be cured after reboot
2010/08/17 18:29:02.0437 Trojan-Clicker.Win32.Wistler.a(\HardDisk0\MBR) - User select action: Cure
2010/08/17 18:29:09.0734 Deinitialize success


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:29 PM

Posted 19 August 2010 - 02:54 PM

Good evening. smile.gif

Were there any symptoms besides the redirects - audio adverts or issues with your PC's volume for example?

So long, and thanks for all the fish.

 

 


#7 Jandro

Jandro
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 19 August 2010 - 05:38 PM

Well, the volume has always been on the low side compared to other computers, but I believe that is just a hardware / speaker difference. No audio adverts that are invisible. I get a pop-up every once in a while but I believe that is most likely website related.

So what should I do next? The problem appears to have gone away. Anything else I should worry about?

Thanks Noviciate!

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:29 PM

Posted 20 August 2010 - 02:07 PM

Good evening. smile.gif

Good to hear - I was just playing around with a possibility is all. I'd like you to run one more scan just to ensure that all is well; sometimes the nasty you had may visit with friends:

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log AND a description of how your PC is behaving.

So long, and thanks for all the fish.

 

 


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:29 PM

Posted 25 August 2010 - 02:47 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users