Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Critical Security Update Released for Adobe Reader and Acrobat

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

Google Redirect Virus

Started by das_FW , Feb 07 2011 07:26 PM

  • Please log in to reply
9 replies to this topic

#1 das_FW

das_FW

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:11:39 PM

Posted 07 February 2011 - 07:26 PM

It appears I've got the google redirect virus. I'm getting redirected on all search pages and occasionally get advertisement pages pop open. Computer has been slower than normal recently. I've run MalwareBytes, Ad-Aware, and Spybot search and destroy. Each time, each one will find something, but after rebooting and coming back to IE, I get the same issues.

Any help would be appreciated.

Edited by Budapest, 07 February 2011 - 07:27 PM.
Moved from XP ~BP

BC AdBot (Login to Remove)

 

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 07 February 2011 - 08:52 PM

Hello and welcome. I'd like to run a few tools,get logs and see how we are afterward.

We need to disable Spybot S&D's "TeaTimer" if running.
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
Close all open browsers before using, especially FireFox. <-Important!!!
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post 3 logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 das_FW

das_FW
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:11:39 PM

Posted 08 February 2011 - 08:57 PM

Thanks for the help, Boopme. I've followed the instructions and the results follow. The redirect issue within Internet Explorer seems to be corrected, but the hard-drive is still spinning quite a while at start-up with some slow response to applications starting. Task Manager shows 49 processes running which seems pretty high to me.

Thanks again for your help,
DAS_FW


****************************************************
Ran ATF-Cleaner....done cleaning - freed 933.25 MB


****************************************************
Ran SUPERAntiSpyware Scan - log below

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/08/2011 at 01:33 AM

Application Version : 4.48.1000

Core Rules Database Version : 6356
Trace Rules Database Version: 4168

Scan type : Complete Scan
Total Scan Time : 04:37:22

Memory items scanned : 290
Memory threats detected : 0
Registry items scanned : 7529
Registry threats detected : 13
File items scanned : 164452
File threats detected : 115

Trojan.Agent/Gen-SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc

Malware.Trace
HKU\.DEFAULT\SOFTWARE\XML
HKU\S-1-5-18\SOFTWARE\XML
HKU\.DEFAULT\Software\Microsoft\Handle
HKU\S-1-5-18\Software\Microsoft\Handle

Rogue.AntiMalwareDoctor
C:\Documents and Settings\Donald\Application Data\72538CF1D556D8276382335297A3421E

Adware.Tracking Cookie
.media6degrees.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
sales.liveperson.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
sales.liveperson.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
sales.liveperson.net [ C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\udtquc9t.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
web4.realtracker.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dha0g2sc.default\cookies.sqlite ]
ace.advertising.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
burstnet.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
cdn4.specificclick.net [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
core.insightexpressai.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
ds.serving-sys.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
interclick.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
kona.kontera.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
m1.2mdn.net [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
media.mtvnservices.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
media.resulthost.org [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
media.scanscout.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
media.wfaa.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
msnbcmedia.msn.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
objects.tremormedia.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
rmd.atdmt.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
serving-sys.com [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
udn.specificclick.net [ C:\Documents and Settings\Catina\Application Data\Macromedia\Flash Player\#SharedObjects\EY5KX7GB ]
adknowledge.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
advprotraffic.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
cdn-www.pornhub.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
cdn.eyewonder.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
cdn4.specificclick.net [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
cloud.video.unrulymedia.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
content.oddcast.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
core.insightexpressai.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
crackle.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
embed.maxporn.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
files.adbrite.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
bleepedhard18.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
ia.media-imdb.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
imgs.adverticum.net [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
interclick.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
m1.2mdn.net [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
m1.emea.2mdn.net [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
m1.media-yoomee.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
macromedia.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media-mars.pictela.net [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media.cnbc.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media.jambocast.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media.kbmt12.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media.mtvnservices.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media.nbcdfw.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media.noob.us [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media.scanscout.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media.tattomedia.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
media1.break.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
msnbcmedia.msn.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
n1.pornstarslikeitbig.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
naiadsystems.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
objects.tremormedia.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
orders.webpower.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
pornotube.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
serving-sys.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
spe.atdmt.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
static.2mdn.net [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
static.xxxmatch.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
udn.specificclick.net [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
video.unrulymedia.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
vidii2.hardsextube.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
web.adknowledge.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.celebritysextape.ws [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.celebsexvideo.org [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.daywithapornstar.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.dump.porntele.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.bleep-me.name [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.maxporn.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.naiadsystems.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.pornergy.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.pornfidelity.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.pornhub.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
www.soundclick.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Donald\Application Data\Macromedia\Flash Player\#SharedObjects\6JZLF5B8 ]
.tracking.quillion.com [ C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\fzxvox6b.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\fzxvox6b.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\fzxvox6b.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\fzxvox6b.default\cookies.sqlite ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\E6LKJQHD ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\E6LKJQHD ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\E6LKJQHD ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\E6LKJQHD ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\E6LKJQHD ]
C:\WINDOWS\Temp\Cookies\donald@statse.webtrendslive[1].txt


******************************************************************
Ran TDSSKiller - log below

2011/02/08 18:19:54.0656 2128 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/08 18:19:56.0671 2128 ================================================================================
2011/02/08 18:19:56.0750 2128 SystemInfo:
2011/02/08 18:19:56.0750 2128
2011/02/08 18:19:56.0750 2128 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/08 18:19:56.0750 2128 Product type: Workstation
2011/02/08 18:19:56.0750 2128 ComputerName: DELL_DESKTOP
2011/02/08 18:19:56.0750 2128 UserName: Donald
2011/02/08 18:19:56.0750 2128 Windows directory: C:\WINDOWS
2011/02/08 18:19:56.0750 2128 System windows directory: C:\WINDOWS
2011/02/08 18:19:56.0750 2128 Processor architecture: Intel x86
2011/02/08 18:19:56.0750 2128 Number of processors: 2
2011/02/08 18:19:56.0750 2128 Page size: 0x1000
2011/02/08 18:19:56.0750 2128 Boot type: Normal boot
2011/02/08 18:19:56.0750 2128 ================================================================================
2011/02/08 18:20:01.0984 2128 Initialize success
2011/02/08 18:20:14.0562 0984 ================================================================================
2011/02/08 18:20:14.0562 0984 Scan started
2011/02/08 18:20:14.0562 0984 Mode: Manual;
2011/02/08 18:20:14.0562 0984 ================================================================================
2011/02/08 18:20:22.0953 0984 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/08 18:20:25.0156 0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/08 18:20:26.0265 0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/08 18:20:26.0921 0984 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/08 18:20:28.0703 0984 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/02/08 18:20:29.0906 0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/08 18:20:30.0593 0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/08 18:20:31.0687 0984 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/08 18:20:32.0406 0984 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/08 18:20:33.0109 0984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/08 18:20:34.0453 0984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/08 18:20:35.0296 0984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/08 18:20:36.0625 0984 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/08 18:20:37.0578 0984 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/08 18:20:38.0703 0984 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/08 18:20:39.0734 0984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/08 18:20:41.0187 0984 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/08 18:20:42.0109 0984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/08 18:20:43.0140 0984 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/08 18:20:44.0406 0984 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/02/08 18:20:45.0703 0984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/08 18:20:46.0671 0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/08 18:20:47.0734 0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/08 18:20:48.0453 0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/08 18:20:49.0312 0984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/08 18:20:49.0531 0984 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/08 18:20:49.0750 0984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/08 18:20:49.0828 0984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/08 18:20:50.0046 0984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/08 18:20:50.0875 0984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/08 18:20:51.0046 0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/08 18:20:51.0640 0984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/08 18:20:52.0421 0984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/08 18:20:53.0234 0984 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/08 18:20:54.0250 0984 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/02/08 18:20:55.0328 0984 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/02/08 18:20:56.0734 0984 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/08 18:20:56.0843 0984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/08 18:20:57.0843 0984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/08 18:20:58.0484 0984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/08 18:20:59.0468 0984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/08 18:21:00.0078 0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/08 18:21:01.0203 0984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/08 18:21:02.0156 0984 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/02/08 18:21:03.0453 0984 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/08 18:21:05.0125 0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/08 18:21:06.0375 0984 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/02/08 18:21:08.0734 0984 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/02/08 18:21:09.0640 0984 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/08 18:21:11.0187 0984 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/08 18:21:11.0906 0984 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/08 18:21:14.0421 0984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/08 18:21:15.0015 0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/08 18:21:15.0781 0984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/08 18:21:16.0500 0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/08 18:21:17.0312 0984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/08 18:21:18.0156 0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/08 18:21:18.0906 0984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/08 18:21:19.0406 0984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/08 18:21:20.0906 0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/08 18:21:21.0328 0984 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/02/08 18:21:22.0125 0984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/08 18:21:23.0140 0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/08 18:21:24.0031 0984 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/08 18:21:24.0781 0984 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/08 18:21:25.0656 0984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/08 18:21:26.0937 0984 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/08 18:21:29.0718 0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/08 18:21:30.0687 0984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/08 18:21:32.0328 0984 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/02/08 18:21:35.0078 0984 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/02/08 18:21:36.0859 0984 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/02/08 18:21:38.0234 0984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/08 18:21:38.0984 0984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/08 18:21:39.0843 0984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/08 18:21:40.0687 0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/08 18:21:41.0531 0984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/08 18:21:42.0468 0984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/08 18:21:43.0203 0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/08 18:21:44.0156 0984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/08 18:21:45.0000 0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/08 18:21:45.0703 0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/08 18:21:46.0515 0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/08 18:21:47.0640 0984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/08 18:21:48.0468 0984 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/02/08 18:21:49.0171 0984 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/02/08 18:21:50.0984 0984 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2011/02/08 18:21:51.0921 0984 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/02/08 18:21:52.0906 0984 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/02/08 18:21:54.0078 0984 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/08 18:21:56.0640 0984 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/02/08 18:21:57.0734 0984 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/02/08 18:21:58.0968 0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/08 18:21:59.0828 0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/08 18:22:00.0390 0984 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/08 18:22:01.0515 0984 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/02/08 18:22:02.0250 0984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/08 18:22:02.0937 0984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/08 18:22:03.0781 0984 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/02/08 18:22:05.0109 0984 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/08 18:22:05.0843 0984 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/02/08 18:22:07.0000 0984 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/02/08 18:22:08.0734 0984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/08 18:22:10.0546 0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/08 18:22:11.0562 0984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/08 18:22:12.0687 0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/08 18:22:13.0640 0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/08 18:22:14.0468 0984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/08 18:22:15.0218 0984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/08 18:22:15.0875 0984 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/08 18:22:16.0484 0984 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/08 18:22:17.0250 0984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/08 18:22:17.0859 0984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/08 18:22:18.0718 0984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/08 18:22:19.0437 0984 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/08 18:22:20.0062 0984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/08 18:22:20.0531 0984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/08 18:22:21.0203 0984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/08 18:22:22.0203 0984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/08 18:22:22.0859 0984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/08 18:22:23.0531 0984 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
2011/02/08 18:22:25.0187 0984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/08 18:22:26.0125 0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/08 18:22:26.0937 0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/08 18:22:28.0500 0984 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/08 18:22:31.0531 0984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/08 18:22:32.0515 0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/08 18:22:33.0578 0984 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/02/08 18:22:34.0843 0984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/08 18:22:35.0484 0984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/08 18:22:36.0390 0984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/08 18:22:37.0250 0984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/08 18:22:38.0343 0984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/08 18:22:39.0171 0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/08 18:22:40.0859 0984 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/08 18:22:42.0437 0984 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/08 18:22:43.0312 0984 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/02/08 18:22:44.0531 0984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/08 18:22:45.0187 0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/08 18:22:45.0937 0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/08 18:22:46.0859 0984 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/08 18:22:47.0890 0984 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/08 18:22:48.0843 0984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/08 18:22:49.0703 0984 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/08 18:22:50.0484 0984 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/08 18:22:51.0343 0984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/08 18:22:52.0093 0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/08 18:22:53.0000 0984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/08 18:22:54.0031 0984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/08 18:22:55.0171 0984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/08 18:22:56.0140 0984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/08 18:22:57.0703 0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/08 18:22:58.0609 0984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/08 18:23:00.0218 0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/08 18:23:01.0515 0984 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/08 18:23:02.0781 0984 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/02/08 18:23:03.0343 0984 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/08 18:23:03.0796 0984 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/08 18:23:04.0531 0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/08 18:23:05.0156 0984 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/08 18:23:06.0046 0984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/08 18:23:06.0609 0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/08 18:23:07.0640 0984 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/08 18:23:08.0546 0984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/08 18:23:09.0812 0984 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/08 18:23:11.0093 0984 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2011/02/08 18:23:12.0125 0984 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/08 18:23:12.0968 0984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/08 18:23:13.0781 0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/08 18:23:14.0890 0984 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/08 18:23:16.0828 0984 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/02/08 18:23:17.0921 0984 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/02/08 18:23:18.0828 0984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/08 18:23:19.0093 0984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/08 18:23:19.0234 0984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/08 18:23:19.0828 0984 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/08 18:23:20.0750 0984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/08 18:23:21.0796 0984 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/08 18:23:22.0109 0984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/08 18:23:23.0375 0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/08 18:23:24.0187 0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/08 18:23:24.0937 0984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/08 18:23:25.0609 0984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/08 18:23:26.0421 0984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/08 18:23:27.0609 0984 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/02/08 18:23:28.0546 0984 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/02/08 18:23:29.0593 0984 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/02/08 18:23:30.0921 0984 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/02/08 18:23:32.0109 0984 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/02/08 18:23:33.0171 0984 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/02/08 18:23:34.0968 0984 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/02/08 18:23:36.0406 0984 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/02/08 18:23:37.0781 0984 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/02/08 18:23:40.0296 0984 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/08 18:23:41.0281 0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/08 18:23:42.0203 0984 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/08 18:23:43.0796 0984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/08 18:23:45.0093 0984 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/08 18:23:47.0359 0984 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/08 18:23:48.0171 0984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/08 18:23:48.0906 0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/08 18:23:49.0687 0984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/08 18:23:50.0656 0984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/08 18:23:51.0671 0984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/08 18:23:52.0671 0984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/08 18:23:53.0656 0984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/08 18:23:54.0734 0984 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/08 18:23:55.0656 0984 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/08 18:23:56.0656 0984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/08 18:23:57.0703 0984 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/02/08 18:23:59.0281 0984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/08 18:24:01.0203 0984 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/02/08 18:24:05.0093 0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/08 18:24:06.0625 0984 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/08 18:24:07.0859 0984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/08 18:24:08.0718 0984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/08 18:24:09.0000 0984 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/08 18:24:09.0046 0984 ================================================================================
2011/02/08 18:24:09.0046 0984 Scan finished
2011/02/08 18:24:09.0046 0984 ================================================================================
2011/02/08 18:24:09.0078 3700 Detected object count: 1
2011/02/08 18:43:03.0703 3700 \HardDisk0 - will be cured after reboot
2011/02/08 18:43:03.0718 3700 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/08 18:43:13.0921 4064 Deinitialize success


*******************************************************************
Ran MBAM - no threats found - log below


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5717

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/8/2011 7:09:52 PM
mbam-log-2011-02-08 (19-09-52).txt

Scan type: Quick scan
Objects scanned: 187961
Time elapsed: 17 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 08 February 2011 - 09:18 PM

Hello, looks good. I would still like to do an online scan and see if things clear up.

There will be a small period of slowness after malware removal,but that should only be a day,maybe 2.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 das_FW

das_FW
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:11:39 PM

Posted 09 February 2011 - 09:56 AM

Here are the export and log file from ESET

C:\Documents and Settings\Donald\Application Data\Sun\Java\Deployment\cache\6.0\18\17376d2-4795e78e multiple threats deleted - quarantined
C:\Documents and Settings\Donald\Application Data\Sun\Java\Deployment\cache\6.0\62\772442be-74a07b06 a variant of Java/Agent.A trojan deleted - quarantined
C:\WINDOWS\Temp\wuhv\setup.exe a variant of Win32/TrojanDownloader.FraudLoad.NAJ trojan cleaned by deleting - quarantined


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=ebb1b0751b005544af1fb12f579fef4a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-09 07:39:47
# local_time=2011-02-09 01:39:48 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 10918782 10918782 0 0
# compatibility_mode=5121 16776533 100 96 16367013 49232451 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=165088
# found=3
# cleaned=3
# scan_time=9860
C:\Documents and Settings\Donald\Application Data\Sun\Java\Deployment\cache\6.0\18\17376d2-4795e78e multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Donald\Application Data\Sun\Java\Deployment\cache\6.0\62\772442be-74a07b06 a variant of Java/Agent.A trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\wuhv\setup.exe a variant of Win32/TrojanDownloader.FraudLoad.NAJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 09 February 2011 - 11:24 AM

Hello, are the rediects gone? What antivirus is installed/?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 das_FW

das_FW
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:11:39 PM

Posted 09 February 2011 - 06:42 PM

Yes, the redirects appear to be gone. I searched Google just now and all search result links actually went to the appropriate site.

I have AT&T Internet Security Suite powered by McAfee for Antivirus and Firewall.

Also installed are the SUPERAntiSpyware we downloaded and installed a few days ago and AdAware by LavaSoft - both of these are running in the system tray.
MalwareBytes and Spybot Search and Destroy are also installed, but I don't think they are running except on demand.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 09 February 2011 - 08:17 PM

Ok, this looks good here. I think you should remove adaware and or SAS from being active and keep them as on demand like MBAm/ I thnk all 3 of them running together will cause system slowness as they consume resources. Personally I am no longer a big fan of Adaware and spybot any longer. I don't care for their detectin rates per resouces used. (my opinion).

When was the last time you looked at Defragmenting your Hard drive?
How to Defragment Your Disk Drive Volumes in Windows XP


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 das_FW

das_FW
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:11:39 PM

Posted 09 February 2011 - 10:38 PM

Thanks so much again.

I checked degfrag - only 2% and Windows said it wasn't needed.
Turned off SAS and left Ad-Aware running because it was the only one I had that had some real-time protection in the free version. Also, double-checked the auto-update settings in it and McAfee and both are turned on.
Installed SpywareBlaster and configured all the protections recommended in the linked article.
Also did the restore and clean-up processes you recommended.
Going to reboot and check performance again, but I think it looks like I'm good to go.

I appreciate your help so much and hopefully, I'm much better protection against or if another attack comes.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 09 February 2011 - 10:46 PM

Great,you made good choices there and I think you are in good shape. I would say to scan weekly after updating. Don;t forget to update SpywareBlaster as it just runs by it self with no real reminders.

Good luck out there and thanks for dropping by.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·