Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Browser Redirect


  • Please log in to reply
17 replies to this topic

#1 Ako17

Ako17

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 18 January 2011 - 02:46 PM

Hi there, a day or two ago I clicked on some google image link and AVG picked up a few trojan threats - and I though AVG had saved me. About a day later I noticed that google searches were redirecting to random ad websites. It seems to happen in IE8 (my usual browser) more often than firefox, but it does happen in both. I have been trying to fix this with AVG scans, and then with Malwarebytes, Hijackthis, and Superantispyware.

This paragraph may be unimportant:
---
I installed 'Spyware doctor' for the 1st time, which required me to uninstall AVG, so I did... and learned that the program wasn't free. Thats when I uninstalled it and got the other programs (Malwarebytes, Hijackthis, and Superantispyware), and then when the virus didnt fix with any of those, I reinstalled AVG only to find that something was conflicting, and accidentally let it quarantine an important file (something along the lines of NT.dll) - which caused windows.explorer to fail upon startup (I would get an error message and just a pure black screen) - luckily the task manager worked still (so I could still run anything with a cmd prompt or 'new task'), and when I tried to run explorer.exe AVG would keep finding trojans (I think these were false-positives from my new conflicting anti-virus software) - so I restored the files I had deleted from AVG's vault and uninstalled AVG to remove the conflict, so now the windows.explorer problem is gone and my desktop is back to normal. In other words, I'm back at square one.
---

Where I'm at now:
I still have the redirect virus thing (obviously). Currently on my computer I have Malwarebytes, Hijackthis, and Superantispyware installed (but not AVG anymore due to conflicts). I am using Windows Vista 6.0 (Build 6002: Service Pack 2)

Its easy to test if I have the redirect virus, all I have to do is use IE8, goto google and search for something that I know will redirect, for example: malwarebytes. When I click on malwarebytes anti-malware in the google search (one of the first results) it loads for 5-10 seconds and then redirects to a random ad.

I'm glad to install any required programs and post logs - what should I do first? (I'd also like to know if I should get AVG back!?) Any help is appreciated.

Edited by Ako17, 18 January 2011 - 02:54 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 18 January 2011 - 03:01 PM

Hello ako, please run these,post the logs and let me know how it is running now.

Please read and follow all these instructions.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mod
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Ako17

Ako17
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 18 January 2011 - 03:30 PM

Hi, thanks for the speedy reply! I forgot to mention that I had already run TDSSkiller, but I'll just give you the most recent log that I just ran (unless you want the older 2 from last night). Also, I'm going to give you my malwarebyte log from last night (just in case) in addition to the one I just ran.
--------------------------------------------------------------------------------------

GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:05 on 18/01/2011 (Dan)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:49 10/04/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [21:47 13/05/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [05:36 26/09/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [19:05 18/01/2011]

C:\Users\Dan\Application Data\Mozilla\Firefox\Profiles\sp1vd7oc.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [07:02 10/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:11 08/01/2010]

-=E.O.F=-

--------------------------------------------------------------------------------------

2011/01/18 15:07:25.0512 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/18 15:07:25.0512 ================================================================================
2011/01/18 15:07:25.0512 SystemInfo:
2011/01/18 15:07:25.0512
2011/01/18 15:07:25.0512 OS Version: 6.0.6002 ServicePack: 2.0
2011/01/18 15:07:25.0512 Product type: Workstation
2011/01/18 15:07:25.0512 ComputerName: DANY
2011/01/18 15:07:25.0512 UserName: Dan
2011/01/18 15:07:25.0512 Windows directory: C:\Windows
2011/01/18 15:07:25.0512 System windows directory: C:\Windows
2011/01/18 15:07:25.0512 Processor architecture: Intel x86
2011/01/18 15:07:25.0512 Number of processors: 3
2011/01/18 15:07:25.0512 Page size: 0x1000
2011/01/18 15:07:25.0512 Boot type: Normal boot
2011/01/18 15:07:25.0512 ================================================================================
2011/01/18 15:07:29.0334 Initialize success
2011/01/18 15:07:57.0601 ================================================================================
2011/01/18 15:07:57.0601 Scan started
2011/01/18 15:07:57.0601 Mode: Manual;
2011/01/18 15:07:57.0601 ================================================================================
2011/01/18 15:07:58.0318 A5AGU (d829323fbf23348ae6f34a89241648b9) C:\Windows\system32\DRIVERS\AGUx86.sys
2011/01/18 15:07:58.0443 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/01/18 15:07:58.0833 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/01/18 15:07:58.0880 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/01/18 15:07:58.0927 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/01/18 15:07:58.0974 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/01/18 15:07:59.0052 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/01/18 15:07:59.0098 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/01/18 15:07:59.0130 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/18 15:07:59.0161 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/01/18 15:07:59.0192 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/01/18 15:07:59.0223 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/01/18 15:07:59.0239 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/01/18 15:07:59.0270 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/01/18 15:07:59.0332 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/01/18 15:07:59.0348 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/01/18 15:07:59.0395 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/18 15:07:59.0457 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/01/18 15:07:59.0504 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/01/18 15:07:59.0551 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/01/18 15:07:59.0582 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/18 15:07:59.0613 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/18 15:07:59.0644 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/18 15:07:59.0676 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/18 15:07:59.0707 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/18 15:07:59.0738 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/18 15:07:59.0769 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/18 15:07:59.0800 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/18 15:07:59.0847 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/18 15:07:59.0894 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/18 15:07:59.0925 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/01/18 15:07:59.0972 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/01/18 15:08:00.0019 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/01/18 15:08:00.0050 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/01/18 15:08:00.0066 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/01/18 15:08:00.0097 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/01/18 15:08:00.0159 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/01/18 15:08:00.0206 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/01/18 15:08:00.0300 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/01/18 15:08:00.0315 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/01/18 15:08:00.0362 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/01/18 15:08:00.0393 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/01/18 15:08:00.0456 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/18 15:08:00.0487 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/18 15:08:00.0565 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/01/18 15:08:00.0627 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/01/18 15:08:00.0690 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/01/18 15:08:00.0768 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/01/18 15:08:00.0799 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/01/18 15:08:00.0830 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/18 15:08:00.0892 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/01/18 15:08:00.0924 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/01/18 15:08:00.0955 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/18 15:08:00.0986 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/01/18 15:08:01.0064 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/18 15:08:01.0095 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/18 15:08:01.0158 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/01/18 15:08:01.0204 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/18 15:08:01.0251 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/18 15:08:01.0267 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/18 15:08:01.0314 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/18 15:08:01.0360 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/01/18 15:08:01.0423 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/01/18 15:08:01.0470 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/01/18 15:08:01.0501 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/18 15:08:01.0532 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/01/18 15:08:01.0563 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/18 15:08:01.0610 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
2011/01/18 15:08:01.0704 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2011/01/18 15:08:01.0782 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/01/18 15:08:01.0828 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/18 15:08:01.0891 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/18 15:08:01.0953 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/18 15:08:01.0984 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/18 15:08:02.0016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/01/18 15:08:02.0047 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/01/18 15:08:02.0094 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/18 15:08:02.0125 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/18 15:08:02.0140 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/18 15:08:02.0203 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/01/18 15:08:02.0218 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/18 15:08:02.0250 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/01/18 15:08:02.0312 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/18 15:08:02.0390 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
2011/01/18 15:08:02.0421 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/18 15:08:02.0484 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/18 15:08:02.0499 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/18 15:08:02.0546 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/18 15:08:02.0593 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/01/18 15:08:02.0624 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/01/18 15:08:02.0671 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/01/18 15:08:02.0718 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/01/18 15:08:02.0749 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/18 15:08:02.0780 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/18 15:08:02.0796 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/18 15:08:02.0811 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/01/18 15:08:02.0842 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/01/18 15:08:02.0889 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/18 15:08:02.0920 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/18 15:08:02.0967 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/18 15:08:02.0998 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/18 15:08:03.0030 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/18 15:08:03.0061 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/18 15:08:03.0108 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/01/18 15:08:03.0139 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/01/18 15:08:03.0186 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/01/18 15:08:03.0217 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/01/18 15:08:03.0248 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/18 15:08:03.0295 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/18 15:08:03.0310 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/01/18 15:08:03.0357 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/01/18 15:08:03.0388 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/18 15:08:03.0420 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/01/18 15:08:03.0451 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/01/18 15:08:03.0513 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/18 15:08:03.0576 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/01/18 15:08:03.0607 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/18 15:08:03.0638 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/18 15:08:03.0669 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/18 15:08:03.0685 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/01/18 15:08:03.0716 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/18 15:08:03.0763 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/18 15:08:03.0825 netr28u (6f8480809d14f0594b4b1df07385da33) C:\Windows\system32\DRIVERS\netr28u.sys
2011/01/18 15:08:03.0872 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/18 15:08:03.0919 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/01/18 15:08:03.0950 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/18 15:08:04.0028 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/01/18 15:08:04.0090 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/01/18 15:08:04.0137 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/18 15:08:04.0153 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/01/18 15:08:04.0200 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/01/18 15:08:04.0278 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
2011/01/18 15:08:04.0558 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/01/18 15:08:04.0761 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/01/18 15:08:04.0777 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/01/18 15:08:04.0824 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/01/18 15:08:04.0855 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/01/18 15:08:04.0902 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/01/18 15:08:05.0011 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/18 15:08:05.0058 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/18 15:08:05.0089 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/01/18 15:08:05.0120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/18 15:08:05.0167 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/01/18 15:08:05.0198 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/01/18 15:08:05.0229 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/18 15:08:05.0276 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/18 15:08:05.0401 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/18 15:08:05.0416 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/01/18 15:08:05.0479 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/18 15:08:05.0494 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/01/18 15:08:05.0510 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/01/18 15:08:05.0541 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/01/18 15:08:05.0588 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/01/18 15:08:05.0635 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/18 15:08:05.0666 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/18 15:08:05.0697 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/18 15:08:05.0728 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/18 15:08:05.0760 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/18 15:08:05.0791 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/18 15:08:05.0853 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/18 15:08:05.0884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/18 15:08:05.0916 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/01/18 15:08:05.0947 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/18 15:08:05.0978 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/01/18 15:08:06.0040 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/18 15:08:06.0134 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/18 15:08:06.0150 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/18 15:08:06.0196 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/18 15:08:06.0228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/18 15:08:06.0274 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/18 15:08:06.0306 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/18 15:08:06.0337 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/01/18 15:08:06.0384 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/01/18 15:08:06.0415 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/18 15:08:06.0430 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/18 15:08:06.0462 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/18 15:08:06.0493 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/01/18 15:08:06.0524 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/01/18 15:08:06.0555 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/01/18 15:08:06.0586 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/01/18 15:08:06.0633 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/01/18 15:08:06.0696 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/01/18 15:08:06.0696 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/01/18 15:08:06.0711 sptd - detected Locked file (1)
2011/01/18 15:08:06.0758 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/01/18 15:08:06.0805 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/18 15:08:06.0836 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/18 15:08:06.0883 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/18 15:08:06.0914 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/18 15:08:06.0945 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/18 15:08:06.0976 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/18 15:08:07.0070 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/01/18 15:08:07.0132 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/18 15:08:07.0179 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/18 15:08:07.0210 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/01/18 15:08:07.0226 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/01/18 15:08:07.0273 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/18 15:08:07.0320 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/18 15:08:07.0382 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/18 15:08:07.0413 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/18 15:08:07.0444 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/18 15:08:07.0476 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/01/18 15:08:07.0522 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/01/18 15:08:07.0569 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/18 15:08:07.0632 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/18 15:08:07.0663 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/01/18 15:08:07.0694 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/18 15:08:07.0725 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/18 15:08:07.0756 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/18 15:08:07.0803 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/01/18 15:08:07.0850 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/18 15:08:07.0881 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/18 15:08:07.0944 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/18 15:08:07.0990 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/18 15:08:08.0022 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/18 15:08:08.0037 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/18 15:08:08.0068 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/18 15:08:08.0100 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/18 15:08:08.0131 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/18 15:08:08.0178 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/18 15:08:08.0209 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/01/18 15:08:08.0240 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/01/18 15:08:08.0271 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/01/18 15:08:08.0302 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/01/18 15:08:08.0318 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/01/18 15:08:08.0380 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/01/18 15:08:08.0427 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/01/18 15:08:08.0458 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/01/18 15:08:08.0521 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/18 15:08:08.0552 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/18 15:08:08.0568 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/18 15:08:08.0599 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/01/18 15:08:08.0646 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/18 15:08:08.0770 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/01/18 15:08:08.0802 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/18 15:08:08.0880 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/01/18 15:08:08.0911 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/18 15:08:08.0973 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/18 15:08:09.0176 ================================================================================
2011/01/18 15:08:09.0176 Scan finished
2011/01/18 15:08:09.0176 ================================================================================
2011/01/18 15:08:09.0192 Detected object count: 1
2011/01/18 15:08:15.0276 Locked file(sptd) - User select action: Skip
2011/01/18 15:08:20.0923 Deinitialize success

--------------------------------------------------------------------------------------
mbam log from last night:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5544

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

18/01/2011 1:08:22 AM
mbam-log-2011-01-18 (01-08-22).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 361608
Time elapsed: 1 hour(s), 14 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\explorer.dat (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

--------------------------------------------------------------------------------------
mbam log from just now:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5549

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

18/01/2011 3:15:22 PM
mbam-log-2011-01-18 (15-15-22).txt

Scan type: Quick scan
Objects scanned: 149330
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------

The problem persists; I tried to visit malwarebytes website, and indeed it redirected me once again.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 18 January 2011 - 03:35 PM

hello,if the other Tdds logs found items I would like to see the bottom portion..
2011/01/18 15:08:09.0176 ================================================================================
2011/01/18 15:08:09.0176 Scan finished
2011/01/18 15:08:09.0176 ================================================================================
2011/01/18 15:08:09.0192 Detected object count: 1
2011/01/18 15:08:15.0276 Locked file(sptd) - User select action: Skip
2011/01/18 15:08:20.0923 Deinitialize success


If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Ako17

Ako17
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 18 January 2011 - 03:52 PM

Hi boopme, again, thanks for responding - heres the two TDSS logs from last night which I ran minutes apart from one another:

2011/01/18 02:54:30.0875 ================================================================================
2011/01/18 02:54:30.0875 Scan finished
2011/01/18 02:54:30.0875 ================================================================================
2011/01/18 02:54:30.0889 Detected object count: 1
2011/01/18 02:54:49.0221 Locked file(sptd) - User select action: Skip
2011/01/18 02:54:52.0824 Deinitialize success

and

2011/01/18 02:58:21.0578 ================================================================================
2011/01/18 02:58:21.0578 Scan finished
2011/01/18 02:58:21.0578 ================================================================================
2011/01/18 02:58:21.0609 Detected object count: 1
2011/01/18 02:58:30.0516 Locked file(sptd) - User select action: Skip
2011/01/18 02:58:35.0508 Deinitialize success


The DNS flush didn't fix the problem, and I already obtain IP and DNS automatically.

Thank you so far.

EDIT: I'd just like to add that I just restarted my computer, and immediately tried visiting 2 websites that would normally redirect, and they didnt redirect to my surprise. a moment later I tried again, and the redirect problem persisted.
Also, it seems that sometimes (not always) when I open IE it will just flash and immediately close. To get around it i just quickly open it twice and instead immediately closing, both windows will open properly.

Edited by Ako17, 18 January 2011 - 04:07 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 18 January 2011 - 04:06 PM

Did you have the OPtion to "Cure?"
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Ako17

Ako17
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 18 January 2011 - 04:17 PM

TDSS says 1 infection, which says Locked File, and has a little highlight that says 'skip' beside it, I just noticed now that I can also choose 'copy to quarantine' and 'delete'.

It looks something like this:

! - Suspicious Objects

- Locked file Skip
Service
Service name: sptd
Service type: Kernel driver (0x1)
Service start: Boot (0x0)
File: C:\Windows\system32\Drivers\sptd.sys
MD5: cdddec541bc3c96f91ecb48759673505

And the only button is "Continue"


So to answer your question; no, I am never given the option to 'cure', but i could change it from 'skip' to 'copy to quarantine' or 'delete'. I'll let you decide.


I edited my last post adding:
I'd just like to add that I just restarted my computer, and immediately tried visiting 2 websites that would normally redirect, and they didnt redirect to my surprise. a moment later I tried again, and the redirect problem persisted.
Also, it seems that sometimes (not always) when I open IE it will just flash and immediately close. To get around it i just quickly open it twice and instead of immediately closing, both windows will open properly.

Edited by Ako17, 18 January 2011 - 04:19 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 18 January 2011 - 04:49 PM

Are you using Daemon Tools or another CD Emulator like Alchohol 120%, Astroburn, AnyDVD?

If so, be aware that CD Emulators use hidden drivers with rootkit-like techniques to hide from other applications and to circumvent copy protection schemes. As a result of this technology, some files related to these programs (i.e. sptd.sys, dtscsi.sys) often leads to false reports by investigative and security tools.

"Object is locked skipped" or "Access Denied" notations in an anti-virus/anti-malware scan are not uncommon. Some files and services are locked by the operating system or running programs during use for protection, so scanners cannot access them. Other files, especially those used by security programs, may be encrypted or password protected so they do not allow access. When the scanner finds such an object, it makes a note and then just skips to the next one. That explains why it may show as "skipped", "locked" or "Access Denied" in certain anti-virus or anti-malware log scan reports. These types of notations are normal when using many security scanning programs so there is seldom a need for concern.
If you are than we will skip it.



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

i have to run and get my daughter so I'll be gone for a while
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Ako17

Ako17
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 18 January 2011 - 05:02 PM

I do indeed have Daemon tools, and I dont ever use it so I can just delete it completely.
I also have a Playstation 1 emulator on my computer, but I sincerely doubt it is causeing a problem (it must be Daemon).

I'll have to reset the modem/router a little later, since people are currently in the middle of using the internet. Once I do those things, I'll send you the log.

Until then... I was retracing my steps and found the site that I'm almost positive I got the virus from. I was google image searching for "constellation 30 degree processions" (because I was looking at some Age of Aquarius stuff), and the 6th image that comes up on a safesearch-off google image search looks like a harmless map of the ring of constellations with the Sun at the centre from a site that is apparently called "ericstores.com" I didn't click on the picture again or anything, just looking at it on google without actually going to the site again. But a day or two ago when I did click on it, thats when AVG started going nuts with trojan threats. Strange how something so innocent looking can do this...

Anyways, thanks for your help so far, I really do appreciate it - I'll post that log when I get the chance.

Edit: my house-mate has a paid-for copy of Spyware Doctor, should I try that?

Edited by Ako17, 18 January 2011 - 05:53 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 18 January 2011 - 07:50 PM

This can be a bit tricky to remove so let's wait.
Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.


Try this first,DEFOGGER, run it then the Killer. Then re-enable
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


REENABLE>>

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.[list]
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Ako17

Ako17
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 19 January 2011 - 03:18 PM

So, you didnt tell me to do this, but my friend put his full copy of 'Spyware doctor with antivirus' on my computer and quarantined some things - I have since recovered anything that was quarantined though. The spyware doctor scan found some things, but didnt fix the problem anyways (mostly just cookies, plus one 'trojan' related to java, and one 'trojan' that wasnt quarantined related to system files).

So, I used Defogger, and pressed disable, and pressed restart, which resulted in what looked like a normal restart, and then a BLUE SCREEN of death. Upon restart, Daemon didn't show up (I guess that works). I then reset the router, and after a minute or two BLUE SCREEN. Upon restart the internet was back, and misreading your post I ran MBAM (instead of TDSS killer) and about 5-6 minutes after i had restarted, and in the middle of the scan BLUE SCREEN. I tried running MBAM again, and 5-6 minutes in BLUE SCREEN. I read your post again, realized I was supposed to run TDSSkiller, ran it and got no infections found. I then open defogger, like you said, and pressed re-enable, and restart. The computer restarted WITHOUT a blue screen this time and daemon showed up again. I tried MBAM again, and long story short, my computer can't stay on more than 6 or so minutes before a BLUE SCREEN of death. I can't finish an MBAM scan to get a log!

I don't really think Spyware Doctor is the problem, and I've recovered everything it quarantined just in case - and I could just delete the program to be sure.

I'm almost positive the BLUE SCREEN problem every 6 or so minutes is related to Defogger - what should I do? I literally have 6 minutes give or take every time the computer turns on before it crashes.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 19 January 2011 - 03:34 PM

Can we Restor the sytem to a date before the whole infection started (preferred)? or at least Monday??

Windows Vista System Restore Guide
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Ako17

Ako17
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 19 January 2011 - 04:00 PM

Just before I resort to system restoring, I'm going to delete this Spyware Doctor program and see if it is what is making the PC crash.
I'll keep you posted.

Question on system restoring: if I do restore, should I perhaps just quickly put some of my documents (word files, some pictures) on a USB stick just in case? also, If I were to have a restore point to before I got the virus, would it theoretically remove the virus?

#14 Ako17

Ako17
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 19 January 2011 - 04:14 PM

Well, good news I guess; I properly removed Spyware Doctor and the blue screen problem is gone! (I guess DeFogger and PcTools Spyware Doctor w/ Antivirus dont mix)

Should I still system restore now? Or do you perhaps have a different plan of action I should take?

Edited by Ako17, 19 January 2011 - 04:16 PM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 19 January 2011 - 04:18 PM

we are not reinstalling,just moving the system backa few days. You are at risk of losing any application updates after that time.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users