Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of browser hijack of search results


  • Please log in to reply
6 replies to this topic

#1 Tom Armstrong

Tom Armstrong

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 01 February 2011 - 06:43 AM

Hello,

I am having trouble with both my laptop and my desktop PC. I'll concentrate on the desktop PC today.

Random search listings on google do not take me to the page they promised, instead redirecting to spam pages.

So far I have:

- run AVG
- run MBAM
- Run Hijack this and haven't spotted anything unusual

The only other weird thing is that (on both computers) windows update has been disabled and appears that the internet connection does not work on this page.

Any help on this would be very much appreciated as I use the computer for my work.

Here's the quick scan log from MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5647

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/02/2011 11:42:36
mbam-log-2011-02-01 (11-42-36).txt

Scan type: Quick scan
Objects scanned: 166721
Time elapsed: 11 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:42 PM

Posted 01 February 2011 - 11:16 AM

Hello and welcome,let's run 2 others and see how it is after,'

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Tom Armstrong

Tom Armstrong
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 03 February 2011 - 06:07 AM

Hello,

First of all, thank you very kindly for your help. I have just run the first of the programs, and am posting the log file:

2011/02/03 09:11:41.0031 2516 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/03 09:11:41.0312 2516 ================================================================================
2011/02/03 09:11:41.0312 2516 SystemInfo:
2011/02/03 09:11:41.0312 2516
2011/02/03 09:11:41.0312 2516 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/03 09:11:41.0312 2516 Product type: Workstation
2011/02/03 09:11:41.0312 2516 ComputerName: DARTHPC
2011/02/03 09:11:41.0312 2516 UserName: Tom 3
2011/02/03 09:11:41.0312 2516 Windows directory: C:\WINDOWS
2011/02/03 09:11:41.0312 2516 System windows directory: C:\WINDOWS
2011/02/03 09:11:41.0312 2516 Processor architecture: Intel x86
2011/02/03 09:11:41.0312 2516 Number of processors: 2
2011/02/03 09:11:41.0312 2516 Page size: 0x1000
2011/02/03 09:11:41.0312 2516 Boot type: Normal boot
2011/02/03 09:11:41.0312 2516 ================================================================================
2011/02/03 09:11:42.0203 2516 Initialize success
2011/02/03 09:11:49.0078 3352 ================================================================================
2011/02/03 09:11:49.0078 3352 Scan started
2011/02/03 09:11:49.0078 3352 Mode: Manual;
2011/02/03 09:11:49.0078 3352 ================================================================================
2011/02/03 09:11:50.0406 3352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/03 09:11:50.0531 3352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/03 09:11:50.0859 3352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/03 09:11:50.0968 3352 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/03 09:11:51.0046 3352 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/03 09:11:51.0921 3352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/03 09:11:52.0109 3352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/03 09:11:52.0250 3352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/03 09:11:52.0406 3352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/03 09:11:52.0609 3352 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/02/03 09:11:52.0656 3352 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/02/03 09:11:52.0703 3352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/03 09:11:52.0781 3352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/03 09:11:52.0875 3352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/03 09:11:52.0937 3352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/03 09:11:53.0015 3352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/03 09:11:53.0343 3352 dc3d (91c1736e77cff029302728b431d0eedb) C:\WINDOWS\system32\DRIVERS\dc3d.sys
2011/02/03 09:11:53.0453 3352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/03 09:11:53.0546 3352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/03 09:11:53.0640 3352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/03 09:11:53.0687 3352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/03 09:11:53.0765 3352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/03 09:11:53.0843 3352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/03 09:11:53.0906 3352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/03 09:11:53.0984 3352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/03 09:11:54.0031 3352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/03 09:11:54.0078 3352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/03 09:11:54.0140 3352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/03 09:11:54.0234 3352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/03 09:11:54.0328 3352 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/02/03 09:11:54.0375 3352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/03 09:11:54.0484 3352 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/02/03 09:11:54.0578 3352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/03 09:11:54.0656 3352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/03 09:11:54.0718 3352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/03 09:11:54.0781 3352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/03 09:11:54.0859 3352 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/03 09:11:54.0906 3352 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/03 09:11:54.0968 3352 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/03 09:11:55.0046 3352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/03 09:11:55.0187 3352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/03 09:11:55.0250 3352 Imapi (3e805b4ceb98a26d391b1fab54d5bd3a) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/03 09:11:55.0250 3352 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\imapi.sys. Real md5: 3e805b4ceb98a26d391b1fab54d5bd3a, Fake md5: 083a052659f5310dd8b6a6cb05edcf8e
2011/02/03 09:11:55.0265 3352 Imapi - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/03 09:11:55.0437 3352 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/03 09:11:55.0578 3352 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/03 09:11:55.0640 3352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/03 09:11:55.0718 3352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/03 09:11:55.0781 3352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/03 09:11:55.0843 3352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/03 09:11:55.0906 3352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/03 09:11:55.0968 3352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/03 09:11:56.0015 3352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/03 09:11:56.0109 3352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/03 09:11:56.0171 3352 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/03 09:11:56.0250 3352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/03 09:11:56.0312 3352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/03 09:11:56.0484 3352 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/02/03 09:11:56.0546 3352 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/02/03 09:11:56.0578 3352 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/02/03 09:11:56.0703 3352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/03 09:11:56.0781 3352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/03 09:11:56.0843 3352 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/02/03 09:11:56.0921 3352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/03 09:11:56.0953 3352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/03 09:11:57.0031 3352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/03 09:11:57.0218 3352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/03 09:11:57.0484 3352 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/03 09:11:57.0546 3352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/03 09:11:57.0609 3352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/03 09:11:57.0640 3352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/03 09:11:57.0671 3352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/03 09:11:57.0718 3352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/03 09:11:57.0781 3352 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/02/03 09:11:57.0843 3352 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/03 09:11:57.0921 3352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/03 09:11:57.0968 3352 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/03 09:11:58.0015 3352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/03 09:11:58.0062 3352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/03 09:11:58.0109 3352 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/03 09:11:58.0171 3352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/03 09:11:58.0234 3352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/03 09:11:58.0328 3352 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/02/03 09:11:58.0375 3352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/03 09:11:58.0468 3352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/03 09:11:58.0562 3352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/03 09:11:58.0703 3352 nv (7fe3f1721856365c882dae13f3600223) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/03 09:11:58.0953 3352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/03 09:11:59.0015 3352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/03 09:11:59.0140 3352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/03 09:11:59.0234 3352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/03 09:11:59.0312 3352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/03 09:11:59.0359 3352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/03 09:11:59.0484 3352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/03 09:11:59.0562 3352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/03 09:11:59.0656 3352 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/03 09:11:59.0968 3352 Point32 (60a044879c4fa76314494f5fddc43b93) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/02/03 09:12:00.0031 3352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/03 09:12:00.0109 3352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/03 09:12:00.0187 3352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/03 09:12:00.0250 3352 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/03 09:12:00.0562 3352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/03 09:12:00.0656 3352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/03 09:12:00.0703 3352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/03 09:12:00.0734 3352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/03 09:12:00.0781 3352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/03 09:12:00.0906 3352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/03 09:12:01.0000 3352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/03 09:12:01.0078 3352 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/03 09:12:01.0140 3352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/03 09:12:01.0265 3352 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
2011/02/03 09:12:01.0390 3352 rt2870 (65a31e0eeaacc22871fe97c5ac23156c) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/02/03 09:12:01.0515 3352 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/02/03 09:12:01.0640 3352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/03 09:12:01.0734 3352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/03 09:12:01.0781 3352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/03 09:12:01.0875 3352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/03 09:12:01.0968 3352 SiS315 (dff19dfd9ac111c7c68162caae96a203) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/02/03 09:12:02.0046 3352 SiSGbeXP (37daa9f59a3ff30a314fd98ee8f47000) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
2011/02/03 09:12:02.0109 3352 SiSkp (6faf3014ee1cc1a5146a5d2b29f94b8c) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/02/03 09:12:02.0218 3352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/03 09:12:02.0328 3352 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/03 09:12:02.0609 3352 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/02/03 09:12:02.0609 3352 sptd - detected Locked file (1)
2011/02/03 09:12:02.0671 3352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/03 09:12:02.0796 3352 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/03 09:12:02.0937 3352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/03 09:12:03.0015 3352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/03 09:12:03.0203 3352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/03 09:12:03.0281 3352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/03 09:12:03.0390 3352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/03 09:12:03.0468 3352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/03 09:12:03.0531 3352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/03 09:12:03.0640 3352 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/02/03 09:12:03.0750 3352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/03 09:12:03.0859 3352 UltraMonMirror (26401a2c5e5466857077eadaaec7cdd0) C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
2011/02/03 09:12:03.0937 3352 UltraMonUtility (6fc85b4505eefbfdfc817787e4b3e26f) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
2011/02/03 09:12:04.0046 3352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/03 09:12:04.0171 3352 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/03 09:12:04.0250 3352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/03 09:12:04.0328 3352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/03 09:12:04.0390 3352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/03 09:12:04.0453 3352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/03 09:12:04.0515 3352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/03 09:12:04.0578 3352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/03 09:12:04.0625 3352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/03 09:12:04.0671 3352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/03 09:12:04.0765 3352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/03 09:12:04.0828 3352 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/02/03 09:12:04.0890 3352 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/02/03 09:12:04.0906 3352 wacomvhid (6843fd7db708b14ea4d8092abb464244) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/02/03 09:12:04.0921 3352 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
2011/02/03 09:12:04.0984 3352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/03 09:12:05.0062 3352 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/03 09:12:05.0156 3352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/03 09:12:05.0265 3352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/03 09:12:05.0343 3352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/03 09:12:05.0406 3352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/03 09:12:05.0578 3352 ================================================================================
2011/02/03 09:12:05.0578 3352 Scan finished
2011/02/03 09:12:05.0578 3352 ================================================================================
2011/02/03 09:12:05.0593 2416 Detected object count: 2
2011/02/03 09:12:12.0531 2416 Imapi (3e805b4ceb98a26d391b1fab54d5bd3a) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/03 09:12:12.0531 2416 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\imapi.sys. Real md5: 3e805b4ceb98a26d391b1fab54d5bd3a, Fake md5: 083a052659f5310dd8b6a6cb05edcf8e
2011/02/03 09:12:14.0453 2416 Backup copy found, using it..
2011/02/03 09:12:14.0468 2416 C:\WINDOWS\system32\DRIVERS\imapi.sys - will be cured after reboot
2011/02/03 09:12:14.0468 2416 Rootkit.Win32.TDSS.tdl3(Imapi) - User select action: Cure
2011/02/03 09:12:14.0468 2416 Locked file(sptd) - User select action: Skip

#4 Tom Armstrong

Tom Armstrong
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 03 February 2011 - 06:24 AM

Aha! That seems to have nailed the problem. I notice that on both PCs I had the TDSS.tdl3 and the first software removed it. The browsing is working perfectly again.

Thank you!

#5 Tom Armstrong

Tom Armstrong
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 03 February 2011 - 06:28 AM

I have one more problem related to my virus, perhaps it's a more serious one.

My host informed me that a hacker had gotten hold of my FTP username and password. These passwords are very securely created. I also use a virtual keyboard to type them to avoid keyloggers.

I read it's possible for a virus to send FTP passwords to a hacker if they are stored in the FTP software. The tool I use (CuteFTP) was among those listed as vulnerable to this exploit.

Is there a way to get rid of this?

Thanks again

Tom

#6 Tom Armstrong

Tom Armstrong
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 03 February 2011 - 06:41 AM

Sorry, I may have answered my own question. I have an iframe trojan. It was picked up with ESET during the scan.

Thanks again for all of the help. I think my problems are fixed.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:42 PM

Posted 03 February 2011 - 11:08 AM

Hello,yes this looks good now.
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users