Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

website redirect, MBAM shows no infection, running Windows XP home and IE 8


  • Please log in to reply
4 replies to this topic

#1 cla-la

cla-la

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 20 January 2011 - 02:11 AM

I am having a similar problem as everyone else in that my internet redirects to the wrong page - e.g., Infomash or other random sites. Even when I type in the web address in the address line, it sometimes takes me to a different site. When I click on a link, it sometimes takes me to the appropriate page, but other times take me to a wrong page like the Infomash cited above.

I've read the fixes on this site but am concerned about using the fixes suggested before confirming that the problem I am having is indeed the same problem as the other posters.

What I have done so far - I downloaded Malwarebytes and performed both a complete and a quick scan (with the most current definitions) and it comes up with 0 infections but I still continue to have the problem.

I am not very technologically savvy so I may need a layman's description to the technical jargon.

Thanks!

UPDATE

So, after posting this I found another discussion forum on the Bleeping Computer site where the person (Blossom) advising instructed everyone with virus problem to: (1) disable CD emulator (?); (2) perform a DDS scan; and (3) perform a GMER scan. I did (1) and (2). I got all the way to downloading GMER through her link, extracting the application, and running the scan. Then, the computer froze. I couldn't even do an ctrl+alt+del to manual end the program so I had to do a hard shut down. When I tried to restart the computer, it took a long time to start up and the computer processed noticeably very slow. I tried to do the GMER scan again and again the computer froze and nothing would unfreeze it so I did another hard shut down.

I was able to do the GMER scan, I just was not able to save the results. From my recollection, there appeared to be a whole page full of files and some of the files looked suspicious with names like "impersonate."

All the applications I downloaded were through Blossom's link, which took me to a download site on a Bleeping Computer page.

What is going on? Thanks for your help.

Edited by cla-la, 20 January 2011 - 10:33 AM.


BC AdBot (Login to Remove)

 


#2 cla-la

cla-la
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 24 January 2011 - 11:52 PM

Hello?

#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 PM

Posted 25 January 2011 - 09:44 AM

Hi cla-la and welcome to Bleeping Computer.

Try this:

Step 1

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Vista/Win7 users should right-click and select Run As Administrator.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.


Step 2

I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Click Posted Image, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the Posted Image button.
  • Click Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt




In your next reply, please submit:
TDSSKiller report
Eset scan report

Thanks.

Edited by Starbuck, 25 January 2011 - 09:44 AM.

BBPP6nz.png


#4 cla-la

cla-la
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 25 January 2011 - 02:31 PM

Thanks Starbucks,

While I was able to do the TDSSKIller scan, I was not able to do the eset scan because my IE will not allow me to go to any sites. Interestingly, my wifi shows that I am connected to the internet and when I use a direct link from my skype to access my skype account, I am able to access my Skype account. However, any url address I type results in the same error message,

"Internet Explorer cannot display the webpage

What you can try:
- It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.
- Retype the address.
- Go back to the previous page.

Most likely causes:
- You are not connected to the Internet.
- The website is encountering problems.
- There might be a typing error in the address."


Anyhow, here is the TDSKiller log:

2011/01/25 10:05:04.0828 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/25 10:05:04.0828 ================================================================================
2011/01/25 10:05:04.0828 SystemInfo:
2011/01/25 10:05:04.0828
2011/01/25 10:05:04.0828 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/25 10:05:04.0828 Product type: Workstation
2011/01/25 10:05:04.0828 ComputerName: DB9ZH0G1
2011/01/25 10:05:04.0828 UserName: Admin Assistant
2011/01/25 10:05:04.0828 Windows directory: C:\WINDOWS
2011/01/25 10:05:04.0828 System windows directory: C:\WINDOWS
2011/01/25 10:05:04.0828 Processor architecture: Intel x86
2011/01/25 10:05:04.0828 Number of processors: 2
2011/01/25 10:05:04.0828 Page size: 0x1000
2011/01/25 10:05:04.0828 Boot type: Normal boot
2011/01/25 10:05:04.0828 ================================================================================
2011/01/25 10:05:09.0328 Initialize success
2011/01/25 10:05:21.0671 ================================================================================
2011/01/25 10:05:21.0671 Scan started
2011/01/25 10:05:21.0671 Mode: Manual;
2011/01/25 10:05:21.0671 ================================================================================
2011/01/25 10:05:41.0859 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/25 10:05:45.0359 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/25 10:05:48.0109 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/25 10:05:50.0343 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/25 10:05:53.0750 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/01/25 10:05:56.0093 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/01/25 10:05:58.0671 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/25 10:06:02.0656 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/25 10:06:04.0906 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/25 10:06:07.0156 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/25 10:06:09.0031 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/25 10:06:11.0125 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/25 10:06:13.0375 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/25 10:06:15.0359 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/25 10:06:22.0218 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/25 10:06:24.0062 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/25 10:06:26.0187 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/01/25 10:06:28.0906 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/25 10:06:33.0015 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/25 10:06:35.0703 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/25 10:06:39.0031 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/25 10:06:42.0656 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/25 10:06:45.0359 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/25 10:06:49.0609 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/25 10:06:52.0343 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/25 10:06:54.0593 AX88772 (35c86dee8492d04ad9918329c4ecaf8a) C:\WINDOWS\system32\DRIVERS\ax88772.sys
2011/01/25 10:06:56.0625 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/01/25 10:06:58.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/25 10:07:02.0281 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/01/25 10:07:05.0953 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/01/25 10:07:08.0515 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/25 10:07:10.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/25 10:07:12.0875 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/25 10:07:15.0609 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/25 10:07:18.0593 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/25 10:07:21.0718 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/25 10:07:23.0828 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/25 10:07:27.0453 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/25 10:07:29.0562 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/25 10:07:31.0125 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/25 10:07:32.0625 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/25 10:07:34.0546 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/25 10:07:37.0328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/25 10:07:39.0406 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys
2011/01/25 10:07:41.0312 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/25 10:07:43.0375 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/01/25 10:07:44.0812 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/25 10:07:46.0218 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/25 10:07:47.0328 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/01/25 10:07:48.0140 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/25 10:07:48.0937 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/25 10:07:49.0734 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/25 10:07:51.0421 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/01/25 10:07:52.0828 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/25 10:07:53.0828 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/25 10:07:56.0156 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/25 10:07:59.0640 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/25 10:08:02.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/25 10:08:03.0812 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/25 10:08:05.0296 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/25 10:08:06.0515 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/25 10:08:07.0656 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/25 10:08:09.0765 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/25 10:08:11.0250 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys
2011/01/25 10:08:12.0828 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/25 10:08:14.0500 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/25 10:08:15.0531 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys
2011/01/25 10:08:16.0125 EraserUtilRebootDrv (00bd6fc4a873d3341dcf9aef2d3c841e) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/25 10:08:17.0515 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/25 10:08:19.0671 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/25 10:08:21.0546 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/25 10:08:22.0750 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/25 10:08:23.0968 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/25 10:08:26.0468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/25 10:08:28.0484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/25 10:08:32.0046 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/25 10:08:33.0546 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/25 10:08:34.0468 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/25 10:08:35.0640 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/25 10:08:37.0359 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/01/25 10:08:40.0468 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/25 10:08:45.0546 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/25 10:08:50.0390 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/25 10:08:52.0828 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/25 10:08:54.0265 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/25 10:08:55.0687 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
2011/01/25 10:08:58.0609 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/25 10:09:00.0187 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/25 10:09:01.0390 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/25 10:09:03.0281 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/25 10:09:05.0406 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/25 10:09:07.0593 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/25 10:09:09.0578 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/25 10:09:12.0046 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/25 10:09:14.0625 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/25 10:09:17.0531 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/25 10:09:19.0609 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/25 10:09:21.0828 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/25 10:09:23.0984 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/25 10:09:26.0171 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/25 10:09:27.0937 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/25 10:09:30.0890 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/01/25 10:09:32.0953 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/25 10:09:35.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/25 10:09:37.0937 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/25 10:09:39.0718 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/25 10:09:41.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/25 10:09:42.0515 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/25 10:09:43.0796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/25 10:09:45.0593 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/25 10:09:47.0453 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/25 10:09:49.0546 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/25 10:09:50.0609 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/25 10:09:51.0921 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/25 10:09:52.0921 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/25 10:09:53.0625 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/25 10:09:54.0562 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/25 10:09:55.0265 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/25 10:09:56.0093 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/25 10:09:56.0968 NAVENG (494c4ebfee40baaff49492b97abaf18c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090225.021\NAVENG.SYS
2011/01/25 10:09:58.0125 NAVEX15 (f4a95d6d20767a5f1f2b2fed261a1b23) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090225.021\NAVEX15.SYS
2011/01/25 10:09:59.0375 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/25 10:10:00.0843 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/25 10:10:02.0218 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/25 10:10:03.0500 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/25 10:10:04.0250 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/25 10:10:05.0062 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/25 10:10:05.0984 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/25 10:10:06.0828 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/25 10:10:10.0250 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/01/25 10:10:12.0953 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/25 10:10:13.0625 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/25 10:10:14.0625 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/25 10:10:16.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/25 10:10:26.0984 nv (218ca6e9470581777e4e186fb05ace3d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/25 10:10:37.0031 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/25 10:10:37.0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/25 10:10:38.0593 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/25 10:10:39.0406 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
2011/01/25 10:10:40.0421 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/25 10:10:41.0406 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/25 10:10:41.0968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/25 10:10:42.0968 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/25 10:10:44.0968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/25 10:10:46.0484 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/25 10:10:50.0062 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/25 10:10:50.0921 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/25 10:10:53.0656 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/01/25 10:10:56.0453 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/25 10:10:57.0062 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/25 10:10:58.0421 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/25 10:10:58.0765 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
2011/01/25 10:10:59.0578 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/25 10:11:00.0437 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/25 10:11:00.0953 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/25 10:11:01.0843 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/25 10:11:02.0578 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/25 10:11:03.0109 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/25 10:11:03.0750 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/25 10:11:04.0390 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/25 10:11:04.0859 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/25 10:11:05.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/25 10:11:06.0015 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/25 10:11:06.0812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/25 10:11:07.0562 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/25 10:11:08.0437 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/25 10:11:08.0953 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/25 10:11:09.0796 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/01/25 10:11:10.0421 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/01/25 10:11:10.0875 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/01/25 10:11:11.0593 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/01/25 10:11:12.0093 sdbus (45c6411c6f9f911a9f1c8561b1fa1115) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/25 10:11:12.0859 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/25 10:11:13.0578 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/25 10:11:14.0156 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/25 10:11:14.0859 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/25 10:11:16.0500 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/25 10:11:17.0062 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/25 10:11:17.0906 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/25 10:11:18.0859 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/01/25 10:11:19.0656 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/25 10:11:20.0171 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/25 10:11:21.0093 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/01/25 10:11:22.0031 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/01/25 10:11:23.0015 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/01/25 10:11:24.0000 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/25 10:11:25.0828 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/25 10:11:26.0609 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/01/25 10:11:27.0140 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/25 10:11:27.0812 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/25 10:11:28.0546 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/25 10:11:29.0140 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/25 10:11:29.0906 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/25 10:11:30.0671 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/01/25 10:11:31.0500 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/25 10:11:32.0109 SYMFW (a131d8360b01044517aa44529e2137d6) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/01/25 10:11:32.0921 SYMIDS (2b77868f02dae02103380b824431b798) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/01/25 10:11:33.0812 SYMIDSCO (c87748b4a7541b81c9564ed5b3cf8697) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090217.002\SymIDSCo.sys
2011/01/25 10:11:34.0500 SYMNDIS (799282f4a913ca51197c9cdd34d403d6) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/01/25 10:11:34.0937 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/01/25 10:11:35.0843 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/01/25 10:11:36.0562 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/25 10:11:37.0046 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/25 10:11:37.0812 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/25 10:11:38.0734 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/25 10:11:39.0796 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/25 10:11:40.0718 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/25 10:11:41.0468 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/25 10:11:42.0031 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/25 10:11:43.0015 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/25 10:11:44.0015 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/25 10:11:44.0843 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/25 10:11:45.0875 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/25 10:11:46.0890 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/25 10:11:47.0671 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/25 10:11:48.0140 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/25 10:11:48.0921 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/25 10:11:49.0703 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/25 10:11:50.0437 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/25 10:11:50.0937 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/25 10:11:51.0421 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/25 10:11:51.0968 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/25 10:11:52.0453 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/25 10:11:53.0046 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/25 10:11:53.0718 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/25 10:11:54.0281 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/25 10:11:55.0328 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/25 10:11:56.0265 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/25 10:11:57.0359 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/25 10:11:57.0812 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/25 10:11:57.0890 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/25 10:11:58.0984 ================================================================================
2011/01/25 10:11:58.0984 Scan finished
2011/01/25 10:11:58.0984 ================================================================================
2011/01/25 10:11:59.0000 Detected object count: 1
2011/01/25 10:12:26.0640 \HardDisk0 - will be cured after reboot
2011/01/25 10:12:26.0640 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/25 10:12:43.0171 Deinitialize success

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:22 PM

Posted 25 January 2011 - 05:42 PM

Hi cla-la,

my IE will not allow me to go to any sites


Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options
Click on the Connections tab
Click on the Lan Settings button
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen
Then press the OK button to close the Internet Options screen.

See if IE works now.
If it does, try running the Eset online scan.

Thanks

Edited by Starbuck, 25 January 2011 - 05:43 PM.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users