Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My browsers are hijacked


  • This topic is locked This topic is locked
15 replies to this topic

#1 cheardrums

cheardrums

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 02 January 2011 - 10:58 PM

Hi.
I was wondering if anyone can help me with my browser hijack problem. I will be as detailed as possible.


I just tested Internet Explorer and has the same problem that Firefox has. On clicking on a Google result, I get redirected to the following site, which is considered a dangerous one by the "WOT" rating system.

HIJACKER SITE - hxxp://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=1931,822322,1173020,1882,1891,1891,2047,0,0,1886,0,827175,8137,26719,2731,1891,-114186404&ioa=0&ncm=1&bd_ref_v=www.bidvertiser.com&TREF=1&WIN_NAME=&Category=7&ownid=739&u_agnt=&skter=fgmfyf&frdto=oh%3Df%26f%3Diz%26z%3Dhg%26h%3Dgz%26937_144028%3Dwrg%26fgmfyf%3Dnivg%262633%3Dwrwz%3FpxroXwz%2FveivHwz%2Fnlx.hwzpox%2F%2F%3Akggs

It will then proceed to redirect me to another site: hxxp://search.bpath.com/toolbar/search.dbm?q=ubuntu&trg=oh%3Df%26f%3Diz%26z%3Dhg%26h%3Dgz%26937_144028%3Dwrg%26fgmfyf%3Dnivg%262633%3Dwrwz%3FpxroXwz%2FveivHwz%2Fnlx.hwzpox%2F%2F%3Akggs[/s] very briefly before going to hxxp://www.liutilities.com/products/campaigns/vendors/sp/maw/web/ I have never installed this software before BTW.

When I go there, my back.history button is also hijacked to the same site, I have to use the little arrow to choose last page from the list (an empty entry is there separating them). If I then click on the same link again, it will generally work ok!
The redirecting appears to be random, happening about half of the links I click on. I guess the most surprising attack was when a random page came up that minimised Firefor and put up a pop-up which "warned" me I had Malware installed and to "click here". Obviously I didn't follow that, the only way out was to terminate the process. Next time, the site was still there and the Firefox window was extremely small.

I have re-installed Firefox, even deleting Profile folders, to no avail.

I have run full scans of Ad-Aware (removed 3 items) Malwarebytes (clean), and Microtrends online scan Housecall (also clean).
I have also run a full scan of Avira Personal, which came clean - after previously finding and deleting a Trojan, as described below.

My Windows Firewall is ON. Adwatch now runs all the time. I also have the latest Advanced System Care, which reports a clean system.

Avira anti-virus did detect two trojans on every start-up. The file I have in Avira quarantine is described as a "TR/Crypt.XPACK.Gen2" with the filename "Microsoft .NET Framework 3.6 SP8" and has appeared many times in both of the folders: "C:\Program Files\" and "C:\Documents and Settings\Jeremy\Temp\". However since I did some vicious file-deleting (Temp folders, etc) they are no longer turning up. I do not know if this is related to the hijacking.

My Hijackthis report is included in attachment.

I would appreciate any suggestions of how to correct this without having to format my computer.

I have tried the Live chat at Computerhope.com, who suggested the Houscall software, but I found them to be a little lacking in security knowledge.

Thank you in advance for any help you can provide.

I apologise for the double entry, I realised it was in the wrong place and will delete the other copy, as no-one has seen it anyway...

Attached Files


Edited by elise025, 03 January 2011 - 05:55 AM.
Deactivated links ~ Elise

Posted Image


BC AdBot (Login to Remove)

 


#2 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 05 January 2011 - 09:36 AM

Hi everyone.
I don't know if any steps have been taken to fix this, but for the moment, my problem seems to have gone away since I uninstalled and re-installed Avira Personal.
Aparently my Google Search results are now clean...
B)
The only thing I can think of is that the objects in Quarantine were still active
For the moment consider this almost resolved.
I never found any info on the ".NET Framework 3.6", maybe someone can enlighten me about this threat?

Edited by cheardrums, 06 January 2011 - 08:51 AM.

Posted Image


#3 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 06 January 2011 - 08:20 AM

Correction!
My problem is still there, the only thing is if I always type the website in the address bar, it doesn't cause any harm.
But if I follow a link from Google search, the problem is still there, albeit intermittently!
Now the infection takes me to hxxp://www.monstermarketplace.com/search/?q=birthday+wishes&t=H456704&gc=w50&sid=CM17jKxB0Mf-mAvqIJV7jQ. As you can see from the link, it incorporated my last search: birthday wishes.
Also it adds a blank redirect page to the history button so that when I go ":back" it reloads the scampage.
Can anyone help me on this? Please?

Edited by elise025, 06 January 2011 - 09:08 AM.
Deactivated link ~ Elise

Posted Image


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:33 AM

Posted 08 January 2011 - 01:22 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



IMPORTANT NOTE: :exclame:

If the system has been used after topic creation time we need to take a look at fresh logs. So, please post fresh copies of dds.




Regards,
Georgi :hello:

cXfZ4wS.png


#5 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 11 January 2011 - 08:34 AM

Thanks for your answer. I will post logs as soon as I have them.
The problem is still there, but I bypass it by always typing the site in the adress bar.

Posted Image


#6 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 11 January 2011 - 10:59 AM

Ok I had an answer regarding my problem, described here: http://www.bleepingcomputer.com/forums/topic371031.html/page__p__2078468__fromsearch__1#entry2078468
About the requests, I only managed to scan with DDS, the GMER application ALWAYS freezes my computer to the point of reset. I tried disabling Ad-watch and any other useless software, also no CD emulation software is running, according to Defogger.
Since running your tools I have noticed a 300% increase in boot-up time, my sound has gone crackly/laggy and I now have access denied on my startup item in msconfig (says I need Administrator account) even though I am administrator... any suggestions about this and the GMER failure to complete? I have also tried it in Safe Mode, but still freezes, and I hate having to cut the power.
Attached File  DDS.txt   12.49KB   7 downloads
Attached File  Attach.zip   3.78KB   5 downloads

Edited by myrti, 11 January 2011 - 01:07 PM.
EDIT: merged topic with current one upon request of TO

Posted Image


#7 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 11 January 2011 - 11:01 AM

EDIT: Link to dead post removed
EDIT: Topic has been merged into this one. See reply above. ~myrti
The GMER causes my computer to be unresponsive every time I run it, partly through the scan...

Edited by cheardrums, 11 January 2011 - 01:15 PM.

Posted Image


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:33 AM

Posted 11 January 2011 - 01:24 PM

Hi,

please try running rootkit unhooker instead of gmer:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 11 January 2011 - 01:37 PM

I scanned and got this Rootkit Unhooker log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB14E1000 C:\WINDOWS\system32\DRIVERS\snp2sxp.sys 11988992 bytes (-, USB2.0 PC Camera driver)
0xB2231000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6082560 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xF6611000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3891200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1CD000 C:\WINDOWS\System32\ati3duag.dll 3821568 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF572000 C:\WINDOWS\System32\ativvaxx.dll 2674688 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF065000 C:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7281000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF6490000 C:\WINDOWS\system32\DRIVERS\ar5211.sys 528384 bytes (Atheros Communications, Inc., Driver for Atheros AR5001 Wireless Network Adapter)
0xB209C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEB633000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB2181000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAEC55000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF182000 C:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xAECFD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEB691000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF655E000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF73E3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAEECE000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7254000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB210C000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF658E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB2159000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB2050000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF736F000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB2076000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB220D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF65D9000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF65B6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB2137000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7337000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7395000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF73B4000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF723A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAD9AA000 C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys 106496 bytes (ZTE Incorporated, USB Modem/Serial Device Driver)
0xAD976000 C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys 106496 bytes (ZTE Incorporated, USB Modem/Serial Device Driver)
0xAD990000 C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys 106496 bytes (ZTE Incorporated, USB Modem/Serial Device Driver)
0xF7357000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAD7CE000 C:\DOCUME~1\Jeremy\LOCALS~1\Temp\axliqpow.sys 98304 bytes
0xF730E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6479000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAF116000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xAF1A4000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xAF039000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6525000 C:\WINDOWS\system32\DRIVERS\ESM7SK.sys 81920 bytes (ENE Technology Inc., ENE PCI SmartMedia / XD Card Reader Driver)
0xF6511000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 81920 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF6539000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF65FD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB21DA000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7325000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF654D000 C:\WINDOWS\system32\DRIVERS\EMS7SK.sys 69632 bytes (ENE Technology Inc., ENE PCI Memory Stick Card Reader Driver)
0xF73D2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6468000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEEB84000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7682000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7702000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xEF025000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7562000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF7692000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF4C04000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEF7E1000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7662000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xEEFB5000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7552000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76A2000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76D2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xEEF95000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7532000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76C2000 C:\WINDOWS\system32\DRIVERS\ESD7SK.sys 49152 bytes (ENE Technology Inc., ENE PCI Secure Digital / MMC Card Reader Driver)
0xF76F2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xEEFF5000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7672000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7522000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76E2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7512000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xEF811000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xEF831000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF4BD4000 C:\WINDOWS\system32\DRIVERS\Amusbprt.sys 36864 bytes (A4Tech Co.,Ltd., A4Tech HID Mouse Filter Driver)
0xF7542000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAEBF5000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7722000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEF015000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAD740000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xEEFE5000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xEC794000 C:\WINDOWS\system32\DRIVERS\Amfilter.sys 32768 bytes (A4Tech Co.,Ltd., A4Tech Mouse Filter Driver)
0xF780A000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEC77C000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF782A000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7852000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xEC764000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7792000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEC75C000 C:\WINDOWS\system32\DRIVERS\SNCAMD.SYS 28672 bytes (-, USB2.0 PC Camera driver)
0xF785A000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7862000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xEC774000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xEC78C000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEC784000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF779A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xEF498000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xEF480000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7872000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF784A000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xEC74C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAF188000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF792A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7212000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAF04E000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xECDEC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAF1D1000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF792E000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7922000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7926000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF69E3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAF130000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF720A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEC284000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF720E000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7A9C000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7A96000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A16000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7A92000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A12000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A94000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A98000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A86000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A44000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A14000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B3A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BE5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEBE6B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7ADB000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7ADA000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

Posted Image


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:33 AM

Posted 11 January 2011 - 02:06 PM

Hi,

those logs are looking clean. Please run a scan with MBRCheck next:
Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • Left click on title bar (where program name and path is written)
  • From menu chose Edit -> Select All
  • Now just click Enter key on keyboard to copy selected text
  • Now paste that text here for me.

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 11 January 2011 - 02:23 PM

Sounds is still broken - here's the result of MBRCheck:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
Press ENTER to exit...

Posted Image


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:33 AM

Posted 11 January 2011 - 02:44 PM

Hi,

could you please try reinstalling the drivers in that case.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 11 January 2011 - 04:18 PM

Re-installed the Realtek driver I had that was working ok before all of this.
Still broken...atm

Posted Image


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:33 AM

Posted 12 January 2011 - 05:40 AM

Hi,

please run a chkdsk followd by a sfc:
Go to the Run box on the Start Menu and type in:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 cheardrums

cheardrums
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 12 January 2011 - 08:49 PM

I did a system repair with the CD.
Thanks for all your time.
Problem resolved - until further notice

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users