Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting to googleads.g.doubleclick.net


  • Please log in to reply
14 replies to this topic

#1 ugetout

ugetout

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 30 September 2010 - 04:29 PM

1. my google search results keep getting redirected to sites beginning with googleads.g.doubleclick.net

2. I saw a solution that suggested combofix, but it seems dangerous and doesn't work for 64-bit systems

3. my system is a Win 7, 64-bit, 4gb RAM, 1.2GHz AMD x2 dual core processor

So how do I fix this?

THANK YOU!

BC AdBot (Login to Remove)

 


#2 ugetout

ugetout
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 30 September 2010 - 06:25 PM

1. I saw a similar topic which recommended running TDSS Killer (after changing [file name] .com

2. No threats were found, here is the log it generated:

2010/09/30 19:09:41.0527 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 19:09:41.0542 ================================================================================
2010/09/30 19:09:41.0542 SystemInfo:
2010/09/30 19:09:41.0542
2010/09/30 19:09:41.0542 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/30 19:09:41.0542 Product type: Workstation
2010/09/30 19:09:41.0542 ComputerName: [my pc name]
2010/09/30 19:09:41.0542 UserName: [my user name]
2010/09/30 19:09:41.0542 Windows directory: C:\Windows
2010/09/30 19:09:41.0542 System windows directory: C:\Windows
2010/09/30 19:09:41.0542 Running under WOW64
2010/09/30 19:09:41.0542 Processor architecture: Intel x64
2010/09/30 19:09:41.0542 Number of processors: 2
2010/09/30 19:09:41.0542 Page size: 0x1000
2010/09/30 19:09:41.0542 Boot type: Normal boot
2010/09/30 19:09:41.0542 ================================================================================
2010/09/30 19:09:41.0542 Utility is running under WOW64
2010/09/30 19:09:41.0839 Initialize success
2010/09/30 19:09:46.0597 ================================================================================
2010/09/30 19:09:46.0597 Scan started
2010/09/30 19:09:46.0597 Mode: Manual;
2010/09/30 19:09:46.0597 ================================================================================
2010/09/30 19:09:47.0392 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/30 19:09:47.0517 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/30 19:09:47.0642 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/30 19:09:47.0782 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/30 19:09:47.0907 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/30 19:09:48.0032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/30 19:09:48.0188 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/09/30 19:09:48.0313 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/30 19:09:48.0453 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/30 19:09:48.0578 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/30 19:09:48.0703 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/30 19:09:48.0812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/30 19:09:48.0921 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/30 19:09:49.0046 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/30 19:09:49.0171 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/30 19:09:49.0296 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/09/30 19:09:49.0452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/09/30 19:09:49.0576 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/30 19:09:49.0732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/30 19:09:49.0842 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/30 19:09:49.0998 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2010/09/30 19:09:50.0278 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/30 19:09:50.0559 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2010/09/30 19:09:50.0746 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
2010/09/30 19:09:50.0871 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\System32\Drivers\avgmfx64.sys
2010/09/30 19:09:50.0996 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\System32\Drivers\avgtdia.sys
2010/09/30 19:09:51.0136 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/09/30 19:09:51.0277 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/09/30 19:09:51.0402 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/09/30 19:09:51.0667 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/30 19:09:51.0854 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/30 19:09:51.0979 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/30 19:09:52.0088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/30 19:09:52.0213 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/09/30 19:09:52.0338 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/30 19:09:52.0447 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/30 19:09:52.0572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/30 19:09:52.0681 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/30 19:09:52.0821 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/30 19:09:52.0946 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/30 19:09:53.0071 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/30 19:09:53.0196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/09/30 19:09:53.0336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/30 19:09:53.0445 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/30 19:09:53.0570 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/09/30 19:09:53.0695 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/30 19:09:53.0804 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/30 19:09:53.0929 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/30 19:09:54.0085 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/09/30 19:09:54.0210 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/09/30 19:09:54.0334 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/09/30 19:09:54.0568 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2010/09/30 19:09:54.0709 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/09/30 19:09:54.0865 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/09/30 19:09:54.0990 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/09/30 19:09:55.0161 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/30 19:09:55.0364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/09/30 19:09:55.0614 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/30 19:09:55.0738 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/30 19:09:55.0879 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/09/30 19:09:55.0988 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/09/30 19:09:56.0113 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/30 19:09:56.0253 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/09/30 19:09:56.0362 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/09/30 19:09:56.0472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/30 19:09:56.0581 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/09/30 19:09:56.0706 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/09/30 19:09:56.0815 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/30 19:09:56.0955 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/30 19:09:57.0064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/30 19:09:57.0220 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/30 19:09:57.0345 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/30 19:09:57.0486 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/09/30 19:09:57.0626 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/30 19:09:57.0657 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/30 19:09:57.0766 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/30 19:09:57.0891 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/30 19:09:58.0032 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/30 19:09:58.0203 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/30 19:09:58.0344 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/09/30 19:09:58.0453 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/30 19:09:58.0578 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/30 19:09:58.0702 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/30 19:09:58.0843 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/30 19:09:59.0030 IntcAzAudAddService (46e83cdca292fe83955f428d27d11300) C:\Windows\system32\drivers\RTKVHD64.sys
2010/09/30 19:09:59.0186 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/30 19:09:59.0295 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/30 19:09:59.0436 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/30 19:09:59.0560 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/30 19:09:59.0685 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/09/30 19:09:59.0826 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/09/30 19:09:59.0935 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/30 19:10:00.0044 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/30 19:10:00.0169 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/30 19:10:00.0278 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/30 19:10:00.0403 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/30 19:10:00.0512 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/30 19:10:00.0637 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/09/30 19:10:00.0808 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/30 19:10:00.0964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/30 19:10:01.0089 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/30 19:10:01.0198 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/30 19:10:01.0323 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/30 19:10:01.0432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/09/30 19:10:01.0573 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/30 19:10:01.0698 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/30 19:10:01.0822 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/09/30 19:10:01.0947 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/30 19:10:02.0056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/30 19:10:02.0197 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/30 19:10:02.0306 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/09/30 19:10:02.0415 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/30 19:10:02.0524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/30 19:10:02.0649 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/30 19:10:02.0774 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/30 19:10:02.0883 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/30 19:10:02.0992 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/30 19:10:03.0102 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/30 19:10:03.0211 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/30 19:10:03.0336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/09/30 19:10:03.0460 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/30 19:10:03.0570 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/30 19:10:03.0726 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/30 19:10:03.0850 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/30 19:10:04.0006 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/09/30 19:10:04.0131 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/09/30 19:10:04.0256 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/30 19:10:04.0365 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/09/30 19:10:04.0474 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/30 19:10:04.0599 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/09/30 19:10:04.0755 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/30 19:10:04.0896 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/09/30 19:10:05.0020 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/30 19:10:05.0192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/30 19:10:05.0317 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/30 19:10:05.0442 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/30 19:10:05.0551 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/09/30 19:10:05.0691 NEOFLTR_650_15977 (af655f3ca78981c119fc511244a3811c) C:\Windows\system32\Drivers\NEOFLTR_650_15977.SYS
2010/09/30 19:10:05.0832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/30 19:10:05.0941 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/30 19:10:06.0081 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/30 19:10:06.0222 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/09/30 19:10:06.0346 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/30 19:10:06.0502 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/09/30 19:10:06.0643 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2010/09/30 19:10:06.0768 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/09/30 19:10:06.0892 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/30 19:10:07.0017 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/30 19:10:07.0142 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/30 19:10:07.0251 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/30 19:10:07.0423 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/09/30 19:10:07.0532 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/09/30 19:10:07.0594 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/09/30 19:10:07.0704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/30 19:10:07.0828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/30 19:10:07.0938 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/09/30 19:10:08.0062 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/09/30 19:10:08.0343 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/30 19:10:08.0468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/09/30 19:10:08.0608 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/30 19:10:08.0764 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/30 19:10:08.0889 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/30 19:10:09.0030 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/30 19:10:09.0139 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/30 19:10:09.0264 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/30 19:10:09.0404 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/30 19:10:09.0560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/30 19:10:09.0716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/30 19:10:09.0841 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/30 19:10:09.0950 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/30 19:10:10.0075 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/30 19:10:10.0231 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/30 19:10:10.0356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/30 19:10:10.0465 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/09/30 19:10:10.0590 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/09/30 19:10:10.0761 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/30 19:10:10.0902 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\System32\Drivers\RtsUStor.sys
2010/09/30 19:10:11.0058 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/09/30 19:10:11.0198 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/30 19:10:11.0323 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/30 19:10:11.0479 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/09/30 19:10:11.0635 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/30 19:10:11.0728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/09/30 19:10:11.0838 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/30 19:10:11.0994 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/30 19:10:12.0118 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/30 19:10:12.0212 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/30 19:10:12.0337 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/30 19:10:12.0462 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/30 19:10:12.0586 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/30 19:10:12.0711 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/09/30 19:10:12.0836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/09/30 19:10:13.0008 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
2010/09/30 19:10:13.0164 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/30 19:10:13.0335 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/30 19:10:13.0491 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/30 19:10:13.0632 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2010/09/30 19:10:13.0756 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/30 19:10:13.0897 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/30 19:10:14.0115 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/09/30 19:10:14.0302 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/30 19:10:14.0443 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/30 19:10:14.0568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/09/30 19:10:14.0661 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/09/30 19:10:14.0786 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/30 19:10:14.0911 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/30 19:10:15.0145 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/30 19:10:15.0254 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/30 19:10:15.0379 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/30 19:10:15.0504 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2010/09/30 19:10:15.0628 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/30 19:10:15.0800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/30 19:10:15.0925 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/30 19:10:16.0034 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/30 19:10:16.0206 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/09/30 19:10:16.0346 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/09/30 19:10:16.0455 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/30 19:10:16.0596 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/30 19:10:16.0705 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/30 19:10:16.0830 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2010/09/30 19:10:16.0986 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/30 19:10:17.0095 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/30 19:10:17.0220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/30 19:10:17.0344 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/09/30 19:10:17.0454 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/30 19:10:17.0578 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/30 19:10:17.0719 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2010/09/30 19:10:17.0906 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/30 19:10:18.0031 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/30 19:10:18.0156 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/09/30 19:10:18.0280 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/30 19:10:18.0390 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/30 19:10:18.0499 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/30 19:10:18.0624 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/09/30 19:10:18.0748 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/30 19:10:18.0858 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/30 19:10:18.0982 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/09/30 19:10:19.0107 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/09/30 19:10:19.0248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/30 19:10:19.0388 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/30 19:10:19.0419 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/30 19:10:19.0591 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/09/30 19:10:19.0716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/30 19:10:19.0918 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/30 19:10:20.0028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/09/30 19:10:20.0230 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/09/30 19:10:20.0371 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/30 19:10:20.0542 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/30 19:10:20.0714 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/09/30 19:10:20.0839 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/30 19:10:20.0948 ================================================================================
2010/09/30 19:10:20.0948 Scan finished
2010/09/30 19:10:20.0948 ================================================================================

#3 ugetout

ugetout
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 01 October 2010 - 08:00 AM

1. Why haven't I gotten an official response? I'm new to this forum so please let me know if I'm going about asking for help the wrong way. (I registered an account, posted a new topic, included the details of my computer with the problem, and posted the log from TDSS Killer).

2. While waiting for help, I've been running Anti-Malware for the past 6 hours and 58 minutes - wow that took a while LOL! Here's the log from that:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4726

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/1/2010 8:57:56 AM
mbam-log-2010-10-01 (08-57-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 303762
Time elapsed: 6 hour(s), 58 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 ugetout

ugetout
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 03 October 2010 - 11:28 AM

1. While waiting for help, I realized the reason MB Anti-Malware took so long...
(In my haste) I didn't read in one of the MBAM guides "check Perform Quick scan" :thumbsup:
so anyone who is going through the same as me, should switch to "Quick" instead of "Complete"


2. Anyway, since MBAM showed know infections, I acted on another thread here recommending the user go into SAFE mode and run ATF-Cleaner, followed by SUPERAntiSpyware:

A. The result of ATF Cleaner was the removal of over 5,000 MB of temporary files (which I think is 5GB), a STARTLING number of unnecessary files - if I read that correctly.

B. This is the log from SUPERAntiSpyware ...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/03/2010 at 01:45 AM

Application Version : 4.44.1000

Core Rules Database Version : 5622
Trace Rules Database Version: 3434

Scan type : Complete Scan
Total Scan Time : 00:59:00

Memory items scanned : 330
Memory threats detected : 0
Registry items scanned : 14269
Registry threats detected : 0
File items scanned : 35224
File threats detected : 31

Rogue.AntiMalwareDoctor
C:\Users\try\AppData\Roaming\9ABF0CD5BBAFDFDBB4BBAA8E81B87D14

Adware.Tracking Cookie


That's followed by addresses of 30 cookies ending in " [ C:\Users\[username]\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GP5ZN47J ] "

for example... " media.mtvu.com [ C:\Users\[username]\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GP5ZN47J ] "


3. So it seems that the rogue virus "AntiMalwareDoctor" was causing at least some of the problems

A. I searched for info on AntiMalwareDoctor and found that another user was having their explorer browser randomly crash (while infected with AntiMalwareDoctor), so I just wanted to state for the record....
mine has been doing the same thing on a regular basis (although I use Firefox, not IE).

B. I don't see anymore google redirects, and the browser hasn't crashed since using SUPERAntiSpyware, but I'll check back tomorrow for feedback, and update this thread if the problem recurrs

Edited by ugetout, 03 October 2010 - 11:29 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 03 October 2010 - 09:08 PM

Hello, what happened is all the replies to yourself makes it appear as if this thread is being helped.

Please do an online scan as I think we hav most if not all of it.
ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 ugetout

ugetout
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 06 October 2010 - 09:38 AM

Hi Boopme,

You were right, I didn't catch all of it with TDSS Killer, MBAM, and SAS, because I still experienced more Google Redirects :thumbsup:

1. ESET found 10 threats

2. Here is the log from ESET...

C:\Users\[name]\AppData\Local\{0CF3EF34-819F-4560-835B-C78476D6BD01}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan cleaned by deleting - quarantined
C:\Users\[name]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\653a8b4a-56f81d48 probably a variant of Win32/Agent.FPEXZHL trojan deleted - quarantined
C:\Users\[name]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41e8aee3-5ada17ed probably a variant of Win32/Agent.HRYTTOE trojan deleted - quarantined
C:\Users\[name]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\56919ea5-3d759af4 multiple threats deleted - quarantined
C:\Users\[name]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7a68f367-1bbbecd2 a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
C:\Users\[name]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4084a7b0-11233b8a multiple threats deleted - quarantined
C:\Users\[name]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\bcc0505-3ecc73ef multiple threats deleted - quarantined
C:\Users\[name]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\54a59b8-6cd647fd multiple threats deleted - quarantined
C:\Users\[name]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4cafbd48-224793ba probably a variant of Win32/Agent.LMMBFXF trojan cleaned by deleting - quarantined
C:\Users\[name]\Desktop\Documents\2 Apps\Portable\SMSConvert\sms2csv.exe probably a variant of Win32/Agent.BRUNOSD trojan cleaned by deleting - quarantined


That last exe (sms2csv.exe) is a program I use to backup sms messages from phone, so I'm hoping I can get that back.

THANK YOU

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 06 October 2010 - 08:02 PM

Ok, this is good everything running well now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 ugetout

ugetout
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 14 October 2010 - 07:53 AM

Hey boopme,

It seems to be running well now, but I'm still a bit paranoid :thumbsup:

Let me see what happens in the next day or two before I confirm okay?

Thanks

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 14 October 2010 - 12:07 PM

OK,let me know and we'll mop up.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 ugetout

ugetout
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 19 October 2010 - 01:30 PM

Hey Boopme, the new template is cool.

The good news is:
1. the computer hasn't crashed anymore
2. the redirects are not going to googleads.g.doubleclick anymore

the bad news is...

1. the computer is working slowly
2. searches are still being redirected!

For example if I google Hip-Hop, the first entry is:
Hip hop music - Wikipedia, the free encyclopedia
showing the address en.wikipedia.org/wiki/Hip_hop_music
but...
when I click it, I get
http://www.google.com/ url? sa=t&source=web&cd=1&sqi=2&ved= 0CCEQFjAA&url= http%3A%2F%2Fen.wikipedia.org %2Fwiki%2FHip_hop_music &rct=j&q=hip-hop&ei=_-K9TPDkI46-sAPoqdGQDA&usg=AFQjCNEA8VwvkTdb7TVZ0ue2LqccZJtjlQ&cad=rja (spaces included to break link)

How should I proceed?

Thanks

OK,let me know and we'll mop up.


Edited by ugetout, 19 October 2010 - 01:37 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 19 October 2010 - 10:43 PM

Please read and follow all these instructions very carefully.
Please download GooreFix and save it to your Desktop.
Double-click GooredFix.exe to run it.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Please read and follow all these instructions very carefully.[list=1]
[*]Please download [url=http://jpshortstuff.247fixes.com/GooredFix.exe][color=#0000FF][b]GooredFix[ /b][/color][/url] and [b]save it to your [u]Desktop[/u][/b].
[*]Double-click [b]GooredFix.exe[/b] to run it.
[*]A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
[/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 ugetout

ugetout
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 October 2010 - 12:00 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:48 on 21/10/2010 (try)
Firefox version 3.6.11 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:49 18/01/2010]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [19:25 20/02/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [03:25 22/02/2010]

C:\Users\[name]\Application Data\Mozilla\Firefox\Profiles\sdxxl0w9.default\extensions\
wisestamp@wisestamp.com [16:51 25/09/2010]
{d9284e50-81fc-11da-a72b-0800200c9a66} [12:45 14/10/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [17:36 05/09/2010]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files (x86)\AVG\AVG10\Firefox\" [15:53 14/10/2010]

-=E.O.F=-

Edited by ugetout, 21 October 2010 - 12:30 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 21 October 2010 - 12:09 PM

Ok, uggh, it appears we have a well hi\deen and protected malware to dig out.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 ugetout

ugetout
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 10 January 2011 - 12:52 PM

Hi Boopme,
I haven't been experiencing redirects on google anymore, so I want to thank you for your help. :thumbsup:

occasionally the computer will still shut down, but it seems to only happen when I'm watching a movie, so I think it is either
1. from overheating
2. from the websites that host movies.

either, way, I use atf cleaner and sometimes superantispyware when the computer cools down and starts again > this seems to work until the next time I'm watching a movie and the computer shuts down.

More importantly, the google redirects are gone.
Thanks!

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 10 January 2011 - 02:57 PM

Ok, thar's great news!!
You can ask in the Win7 forum and have them check your specs to maybe see what's up with the video.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users