Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittantly getting redirected to "other" search engine hits


  • This topic is locked This topic is locked
24 replies to this topic

#1 Out_of_Control

Out_of_Control

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 19 November 2010 - 02:49 PM

This problem has become very prominent in the last week. It appears to be intermittent in that I can search for some parameters and when selecting interesting hits, I am redirected to ads for other websites or services. Once a trigger (my assumption) happens, the hits will always redirect the hits consistently. However if I do some other activity, sometimes I can get the hits to retrieve the proper URL as located by the search engine. It is not specific to a search engine. By looking at my search history, the first entry after I click on a redirected hit seems to always start with "aslads.ask.com" plus a long string of URL variables. I have searched with Malwarebytes and SuperAntiSpyware. I have found numerous low threat "bugs" but quarantine and removal procedures have not resolved my problem. I am new to BleepingComputer and the proper protocol I should follow so any advice or assistance would be appreciated.

BC AdBot (Login to Remove)

 


#2 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 20 November 2010 - 02:04 PM

Actually this morning the redirection activity is back but now does not include the "aslads.ask.com" in the history entries. Still not sure where to go or what to do...

#3 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 21 November 2010 - 03:59 AM

I have disabled all Firefox extensions and themes to see if they are involved in my problem. Time will tell.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 AM

Posted 21 November 2010 - 10:12 AM

Welcome to BC. Sorry for the delayed response but staff members are all volunteers who assist other members as well as you when time permits. Unfortunately, this means sometimes a topic thread will get overlooked when requests for assistance get backed up.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan usb flash drives and/or other removable drives, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 22 November 2010 - 10:57 PM

I thought that the topic I am posted to has a header directive that states that I was NOT to post any log's or scan outputs to this thread. Am I misunderstanding the directions on the header of this topic? Or am I to post the log's or outputs to another topic? And if so, to whose attention?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 AM

Posted 23 November 2010 - 07:19 AM

ComboFix, DDS, OTL, RSIT and HijackThis logs are not permitted in this forum.

Logs from general scanning tools are permitted if you are instructed to run them. Just copy and paste the results in this thread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 23 November 2010 - 07:56 PM

Here are the 2 scans you requested. I ran them today.
2010/11/23 11:36:09.0803 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/23 11:36:09.0803 ================================================================================
2010/11/23 11:36:09.0803 SystemInfo:
2010/11/23 11:36:09.0803
2010/11/23 11:36:09.0803 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/23 11:36:09.0803 Product type: Workstation
2010/11/23 11:36:09.0803 ComputerName: D600-LAPTOP
2010/11/23 11:36:09.0803 UserName: Ron
2010/11/23 11:36:09.0803 Windows directory: C:\WINDOWS
2010/11/23 11:36:09.0803 System windows directory: C:\WINDOWS
2010/11/23 11:36:09.0803 Processor architecture: Intel x86
2010/11/23 11:36:09.0803 Number of processors: 1
2010/11/23 11:36:09.0803 Page size: 0x1000
2010/11/23 11:36:09.0803 Boot type: Normal boot
2010/11/23 11:36:09.0803 ================================================================================
2010/11/23 11:36:10.0274 Initialize success
2010/11/23 11:36:24.0124 ================================================================================
2010/11/23 11:36:24.0124 Scan started
2010/11/23 11:36:24.0124 Mode: Manual;
2010/11/23 11:36:24.0124 ================================================================================
2010/11/23 11:36:26.0447 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/23 11:36:26.0547 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/23 11:36:26.0788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/23 11:36:26.0918 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/23 11:36:27.0338 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/23 11:36:27.0459 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/11/23 11:36:27.0599 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/23 11:36:28.0080 ApfiltrService (42860ba463d5c9c58a91d1ad208169a9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/11/23 11:36:28.0400 AR5211 (9108f38c07f4953ea4ee89243e787cad) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/11/23 11:36:28.0871 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/11/23 11:36:29.0071 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/23 11:36:29.0171 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/23 11:36:29.0381 ati2mtag (246248aada156450be611eceaa5fe033) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/23 11:36:29.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/23 11:36:29.0992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/23 11:36:30.0122 b57w2k (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/23 11:36:30.0343 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
2010/11/23 11:36:30.0443 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/23 11:36:30.0593 btaudio (e2ec8e2b65229497e17f94a0eff1e0ae) C:\WINDOWS\system32\drivers\btaudio.sys
2010/11/23 11:36:30.0914 BTDriver (58db48fea7f4f3c6b99a0dc62e93504f) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/11/23 11:36:31.0174 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/11/23 11:36:31.0304 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/11/23 11:36:31.0474 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/11/23 11:36:31.0605 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/11/23 11:36:31.0815 BTKRNL (9e2e4b187a335faa600353152aeb7123) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/11/23 11:36:32.0175 BTSERIAL (d0c5e812ab1c63e8f3d7e4e8942115e7) C:\WINDOWS\system32\drivers\btserial.sys
2010/11/23 11:36:32.0356 BTWDNDIS (fbb27c5f29773ebb6be5bb795678cc4c) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/11/23 11:36:32.0556 btwhid (7d829ad5f3f62544ed13dd96f0af0d90) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/11/23 11:36:32.0816 BTWUSB (d2fc32f56b04847094eba46c2d3ae531) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/11/23 11:36:33.0087 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/23 11:36:33.0287 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/23 11:36:33.0417 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/23 11:36:33.0547 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/23 11:36:33.0878 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/11/23 11:36:34.0138 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/23 11:36:34.0339 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/23 11:36:34.0569 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/23 11:36:34.0659 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2010/11/23 11:36:34.0719 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2010/11/23 11:36:34.0799 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/11/23 11:36:34.0829 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2010/11/23 11:36:34.0869 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2010/11/23 11:36:34.0909 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2010/11/23 11:36:34.0959 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2010/11/23 11:36:35.0130 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/11/23 11:36:35.0180 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2010/11/23 11:36:35.0220 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2010/11/23 11:36:35.0330 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/23 11:36:35.0510 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/23 11:36:35.0590 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/23 11:36:35.0771 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/23 11:36:35.0931 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/23 11:36:36.0041 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/11/23 11:36:36.0101 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/11/23 11:36:36.0241 FAD (d3aaf1c7c8fe9d82ada6d3acc6e32ef6) C:\WINDOWS\system32\Drivers\FADXP32.sys
2010/11/23 11:36:36.0512 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/23 11:36:36.0632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/23 11:36:36.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/23 11:36:36.0862 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/23 11:36:36.0972 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/23 11:36:37.0052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/23 11:36:37.0123 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/23 11:36:37.0263 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/23 11:36:37.0433 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/23 11:36:37.0663 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/23 11:36:37.0964 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/23 11:36:38.0114 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/23 11:36:38.0264 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/23 11:36:38.0464 HSF_DP (272914d8e356bbbffbe7e88871a188ef) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/23 11:36:38.0715 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/11/23 11:36:38.0955 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/23 11:36:39.0276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/23 11:36:39.0466 IFP800 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\drivers\ifp800.sys
2010/11/23 11:36:39.0516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/23 11:36:39.0646 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/23 11:36:39.0726 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/23 11:36:39.0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/23 11:36:39.0907 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/23 11:36:40.0007 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/23 11:36:40.0197 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/23 11:36:40.0377 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/23 11:36:40.0537 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/23 11:36:40.0678 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/23 11:36:40.0788 JSWSCIMD (0c79476ceb3d497a7d0d6d828e9de4c6) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
2010/11/23 11:36:40.0998 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/23 11:36:41.0108 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/23 11:36:41.0238 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/23 11:36:41.0489 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/23 11:36:41.0859 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/23 11:36:41.0990 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/11/23 11:36:42.0030 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/11/23 11:36:42.0090 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/11/23 11:36:42.0220 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/11/23 11:36:42.0390 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/11/23 11:36:42.0600 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/23 11:36:42.0721 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/23 11:36:42.0791 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/23 11:36:42.0921 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/23 11:36:43.0001 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/23 11:36:43.0141 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2010/11/23 11:36:43.0652 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/11/23 11:36:43.0862 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2010/11/23 11:36:44.0073 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2010/11/23 11:36:44.0243 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/11/23 11:36:44.0433 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/23 11:36:44.0583 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/23 11:36:44.0673 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/23 11:36:44.0764 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/23 11:36:44.0874 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/23 11:36:45.0004 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/23 11:36:45.0174 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/23 11:36:45.0264 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/23 11:36:45.0394 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys
2010/11/23 11:36:45.0605 NAL (ebbef7d3ddeb24239ab8d067f3a27ccf) C:\WINDOWS\system32\Drivers\iqvw32.sys
2010/11/23 11:36:45.0935 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/23 11:36:46.0015 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/23 11:36:46.0146 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/23 11:36:46.0206 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/23 11:36:46.0276 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/23 11:36:46.0346 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/23 11:36:46.0436 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/23 11:36:46.0616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/23 11:36:46.0696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/23 11:36:46.0786 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/23 11:36:46.0907 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/23 11:36:46.0987 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/23 11:36:47.0187 O2SCBUS (ab2b07ac4afd38f574d903eaf9e98a60) C:\WINDOWS\system32\DRIVERS\ozscr.sys
2010/11/23 11:36:47.0437 OMCI (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/23 11:36:47.0678 OZSCR (ab2b07ac4afd38f574d903eaf9e98a60) C:\WINDOWS\system32\DRIVERS\ozscr.sys
2010/11/23 11:36:47.0798 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/23 11:36:47.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/23 11:36:48.0048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/23 11:36:48.0249 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/11/23 11:36:48.0479 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/23 11:36:48.0629 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/23 11:36:48.0779 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/23 11:36:49.0450 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2010/11/23 11:36:49.0761 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/23 11:36:49.0851 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/23 11:36:49.0921 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/23 11:36:50.0051 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/23 11:36:50.0562 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/23 11:36:50.0682 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/23 11:36:50.0752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/23 11:36:50.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/23 11:36:50.0942 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/23 11:36:50.0992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/23 11:36:51.0113 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/23 11:36:51.0263 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/23 11:36:51.0423 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/23 11:36:51.0633 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/11/23 11:36:51.0794 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/23 11:36:52.0014 s24trans (423ae506c8d55bba9e429eeeec035a40) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/23 11:36:52.0354 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\APPL\SuperAntiSpy\SASDIFSV.SYS
2010/11/23 11:36:52.0515 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\APPL\SuperAntiSpy\SASKUTIL.SYS
2010/11/23 11:36:52.0995 se32 (695745cce49c346dab9620519b3e1970) C:\WINDOWS\system32\Drivers\se32.sys
2010/11/23 11:36:53.0366 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/23 11:36:53.0506 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/23 11:36:53.0596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/23 11:36:53.0726 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/23 11:36:53.0907 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/23 11:36:54.0047 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/23 11:36:54.0197 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/23 11:36:54.0337 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/23 11:36:54.0498 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\STAC97.sys
2010/11/23 11:36:54.0798 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/23 11:36:54.0878 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/23 11:36:55.0239 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/23 11:36:55.0419 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/23 11:36:55.0519 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/23 11:36:55.0569 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/23 11:36:55.0639 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/23 11:36:55.0789 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/23 11:36:55.0950 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/23 11:36:56.0110 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/23 11:36:56.0170 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/23 11:36:56.0230 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/23 11:36:56.0270 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/23 11:36:56.0350 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/23 11:36:56.0440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/23 11:36:56.0500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/23 11:36:56.0550 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/23 11:36:56.0681 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/23 11:36:56.0821 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2010/11/23 11:36:57.0061 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/23 11:36:57.0262 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/23 11:36:57.0442 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/23 11:36:57.0812 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/11/23 11:36:57.0932 WSIMD (2691329aa67863c2e80e63f1d9802947) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2010/11/23 11:36:58.0233 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/23 11:36:58.0383 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/23 11:37:09.0179 ================================================================================
2010/11/23 11:37:09.0179 Scan finished
2010/11/23 11:37:09.0179 ================================================================================
2010/11/23 12:10:48.0362 Deinitialize success

Norman Malware Cleaner
Version 1.8.3
Copyright 1990 - 2010, Norman ASA. Built 2010/11/23 07:35:44

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/11/23 07:35:44, Variants: 8160808

Scan started: 2010/11/23 12:13:38

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: D600-LAPTOP\Ron

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 2
Number of sectors scanned: 2
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 170ms


Scanning running processes and process memory...

Number of processes/threads found: 6907
Number of processes/threads scanned: 6907
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 8m 28s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\ComboFix\catchme.cfxxe (Infected with W32/Smalltroj.ZLDK)
Deleted file

C:\ComboFix\Catchme.tmp (Infected with W32/Smalltroj.ZLDK)
Deleted file

C:\Documents and Settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\VS10_2K_XP.xml (Infected with HTML/Redir.FI)
Deleted file

C:\Documents and Settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\VS_8_2k.xml (Infected with HTML/Redir.FI)
Deleted file

C:\Documents and Settings\All Users\Application Data\{8348123F-43F4-426A-892E-38B5CCBBBC45}\DepositSP.res/componentstree.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{8348123F-43F4-426A-892E-38B5CCBBBC45}\DepositSP.res/destination.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{8348123F-43F4-426A-892E-38B5CCBBBC45}\DepositSP.res/maintenance.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{8348123F-43F4-426A-892E-38B5CCBBBC45}\DepositSP.res/progressprereq.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{8348123F-43F4-426A-892E-38B5CCBBBC45}\DepositSP.res/setuptype.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{8348123F-43F4-426A-892E-38B5CCBBBC45}\DepositSP.res/startinstallation.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{8348123F-43F4-426A-892E-38B5CCBBBC45}\DepositSP.res/welcome.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{8348123F-43F4-426A-892E-38B5CCBBBC45}\DepositSP.res/wizard.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{9449906A-32A2-4A76-BCEC-C0B1FF25C416}\setup.res/componentstree.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{9449906A-32A2-4A76-BCEC-C0B1FF25C416}\setup.res/destination.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{9449906A-32A2-4A76-BCEC-C0B1FF25C416}\setup.res/maintenance.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{9449906A-32A2-4A76-BCEC-C0B1FF25C416}\setup.res/progressprereq.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{9449906A-32A2-4A76-BCEC-C0B1FF25C416}\setup.res/setuptype.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{9449906A-32A2-4A76-BCEC-C0B1FF25C416}\setup.res/startinstallation.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{9449906A-32A2-4A76-BCEC-C0B1FF25C416}\setup.res/welcome.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\All Users\Application Data\{9449906A-32A2-4A76-BCEC-C0B1FF25C416}\setup.res/wizard.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

Scanning: E:\*.*

E:\New Install\Advanced Reistry Optimizer\AROTrial_dw.exe (Infected with AdvancedRegistry.A)
Deleted file

E:\New Install\AT&T\New Tool\ATT_SST_Installer.exe/noname.nsis/file5/noname.nsis/file1 (Error whilst scanning file: I/O Error (0x00220005))

E:\New Install\AT&T\New Tool\ATT_SST_Installer_b.exe/noname.nsis/file5/noname.nsis/file1 (Error whilst scanning file: I/O Error (0x00220005))

E:\System Volume Information\_restore{ED9B06F6-8D05-4235-9168-D3C13689AFB7}\RP11\A0002261.exe (Infected with AdvancedRegistry.A)
Deleted file

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 631031
Number of archives unpacked: 5849
Number of files scanned: 631012
Number of files not scanned: 19
Number of files skipped due to exclude list: 0
Number of infected files found: 6
Number of infected files repaired/deleted: 6
Number of infections removed: 6
Total scanning time: 6h 21m 27s

As repairs were made, I will be monitoring for redirection issues as I go forward - May be resolved?

#8 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 23 November 2010 - 08:34 PM

Unfortunately, my first search on Google resulted in a redirected website on the 1st 2 hits I tried. Problem still exists.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 AM

Posted 23 November 2010 - 10:12 PM

Try doing an online scan to see if it finds anything else (i.e. remnants) that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 25 November 2010 - 01:59 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=788698ca6cb89c4ea0405282a2534a98
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-25 05:55:33
# local_time=2010-11-24 11:55:33 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776533 100 96 9446745 42657315 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98277
# found=0
# cleaned=0
# scan_time=12342

The above is the log for the online scan I conducted as requested. I believe it indicates nothing found. Let me monitor my system for a few days to ensure that I still have a problem. Thank you! I will post a status in a few days.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 AM

Posted 25 November 2010 - 07:01 AM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 25 November 2010 - 10:29 PM

I have completed the "New Restore Point" but have feedback that indicates to me that I am still infected. 2 areas of concern:
1) I attempted to do a search and was redirected to a "Bing" search page (I was using Google) when I clicked on a hit. I was able later to bring up the hit for the search so it exists and is retrievable.
2) When I am signed on to Bleeping Computer and looking at the Forums, I typically go the "My Content" under my Userid at the top of the page to retrieve my topics. Consistently now, clicking on this (My Content) brings up a page that only has the text "Temporarily Disabled". However, I can look through the Forums and locate my topics which are retrievable and still in tact.
Any Suggestions?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 AM

Posted 26 November 2010 - 08:26 AM

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • When the 'Setup page' appears, click Next, check the box 'I accept the license agreement' and click Next twice more to begin extracting the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen. Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 26 November 2010 - 08:23 PM

Completed the scan on both C:\ & E:\ and found a virus on each.
I am pasting the log for the critical events as requested but also saved the Important and "All Events" report in different files if you need them. I appears that the scanner deleted the C: drive virus as I instructed. This was the only option and was recommended. The E: drive virus has a recommendation to quarantine and per my instruction that action was taken. That action (quarantine) only appears in the "All Events" log as best I can see or tell.

I did not uninstall the scanner as I do not have any idea where the E: virus was quarantined to and I would really like to delete the virus entirely. Do I need the installed scanner to do that?

I have not had time to attempt any searches so I do not have any feedback on the impact of finding and actions taken for the 2 virus's. Please advise on what plan of action you feel I need to take from here.

#15 Out_of_Control

Out_of_Control
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 26 November 2010 - 08:25 PM

Sorry - Here is a copy of the "Critical Events" report as you requested.

Autoscan: completed 10 minutes ago (events: 4, objects: 437883, time: 08:30:02)
11/26/2010 9:55:56 AM Task started
11/26/2010 10:31:31 AM Detected: Backdoor.Win32.IRCNite.bvq C:\Documents and Settings\Ron\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\sua-0810240-0-main.dll
11/26/2010 12:21:33 PM Detected: HEUR:Trojan.Win32.KillFiles E:\New Install\AT&T\ATT_SST_Installer.exe/WiseSFXDropper/WISE0107.BIN/WISE0011.BIN
11/26/2010 6:25:59 PM Task completed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users