Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

INTERNET EXPLORER CONTINUALLY OPENS


  • Please log in to reply
3 replies to this topic

#1 Mook24

Mook24

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 25 March 2011 - 02:51 PM

Greetings. When I open IE8 with Window it will continue to open "ad infinitum". I have swept w/resident virus and malware programs -- Trend Micro Internet Security, Webroot Spy Sweeper, and Uniblue Registry Booster -- but with no success. I have reset IE8 to its default settings, but still the problem persists.

Originally I used Trend Micro's Hijack This to try to sort through the problem, because it started out as a non-stop redirection of IE8 to "ask.com". I thought I recognized an issue on the Hijack This scan page w/R3, but I ended up deleting R3 altogether (I checked the R3 and mashed the "fix checked" button) Now it repeatedly revists the IE8 MSN.com page.

Anyway, I would sure like to find the solution because using the Windows Task Manager to delete the repeatedly popping up IE's is getting old and annoying.

Let me know what other info is needed to help diagnose the problem. Thanks!!

Edited by Andrew, 25 March 2011 - 06:18 PM.
Mod Edit: Moved from Internet Apps to AII - AA


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:19 PM

Posted 26 March 2011 - 08:25 AM

Before doing anything if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware. Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware as you may need to rename it or use RKill by Grinler.


IMPORTANT NOTE: I do not recommend the routine use of registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Mook24

Mook24
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 26 March 2011 - 02:13 PM

Q7,

The Kapersky TDSSKiller found and cured a foreign object that appears to the rat bastard that affected IE8. I also posted the logs for Malwarbytes (no infections) and HijackThis. Here are the logs:

2011/03/26 13:04:23.0843 3860 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/26 13:04:23.0984 3860 ================================================================================
2011/03/26 13:04:23.0984 3860 SystemInfo:
2011/03/26 13:04:23.0984 3860
2011/03/26 13:04:23.0984 3860 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/26 13:04:23.0984 3860 Product type: Workstation
2011/03/26 13:04:23.0984 3860 ComputerName: GATEWAY-CUKC5E3
2011/03/26 13:04:23.0984 3860 UserName: Owner
2011/03/26 13:04:23.0984 3860 Windows directory: C:\WINDOWS
2011/03/26 13:04:23.0984 3860 System windows directory: C:\WINDOWS
2011/03/26 13:04:23.0984 3860 Processor architecture: Intel x86
2011/03/26 13:04:23.0984 3860 Number of processors: 2
2011/03/26 13:04:23.0984 3860 Page size: 0x1000
2011/03/26 13:04:23.0984 3860 Boot type: Unknown 3
2011/03/26 13:04:23.0984 3860 ================================================================================
2011/03/26 13:04:24.0609 3860 Initialize success
2011/03/26 13:04:52.0000 2280 ================================================================================
2011/03/26 13:04:52.0000 2280 Scan started
2011/03/26 13:04:52.0000 2280 Mode: Manual;
2011/03/26 13:04:52.0000 2280 ================================================================================
2011/03/26 13:04:55.0328 2280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/26 13:04:55.0453 2280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/26 13:04:55.0578 2280 actccid (10e8eb6dfd825d21d2a4667c13833ed8) C:\WINDOWS\system32\DRIVERS\actccid.sys
2011/03/26 13:04:55.0812 2280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/26 13:04:55.0921 2280 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/26 13:04:56.0000 2280 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/26 13:04:56.0421 2280 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/26 13:04:56.0750 2280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/26 13:04:56.0859 2280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/26 13:04:57.0000 2280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/26 13:04:57.0109 2280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/26 13:04:57.0203 2280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/26 13:04:57.0296 2280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/26 13:04:57.0437 2280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/26 13:04:57.0546 2280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/26 13:04:57.0640 2280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/26 13:04:57.0875 2280 COMMONFX (8ed4497e4cc0c030eac8e2ffa1dd9679) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2011/03/26 13:04:58.0000 2280 COMMONFX.SYS (8ed4497e4cc0c030eac8e2ffa1dd9679) C:\WINDOWS\System32\drivers\COMMONFX.SYS
2011/03/26 13:04:58.0187 2280 ctac32k (c1e3b24ca4871bd2a8c3b95110e78721) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/03/26 13:04:58.0421 2280 ctaud2k (13e797253ea98c2574c878de78ca691e) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/03/26 13:04:58.0609 2280 CTAUDFX (ab3456984b59d1425befc0d457d41dd4) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2011/03/26 13:04:58.0812 2280 CTAUDFX.SYS (ab3456984b59d1425befc0d457d41dd4) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
2011/03/26 13:04:58.0937 2280 ctdvda2k (d5e38c394787c1fbfc70e0c50345c25c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/03/26 13:04:59.0078 2280 CTERFXFX (b4297863e9fce34c0493fca66f0970a2) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2011/03/26 13:04:59.0203 2280 CTERFXFX.SYS (b4297863e9fce34c0493fca66f0970a2) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
2011/03/26 13:04:59.0296 2280 ctprxy2k (d19ab3a7df104250429000f26e0d4049) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/03/26 13:04:59.0406 2280 CTSBLFX (d665da6b6aea45b9db090096f2aef023) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2011/03/26 13:04:59.0609 2280 CTSBLFX.SYS (d665da6b6aea45b9db090096f2aef023) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
2011/03/26 13:04:59.0734 2280 ctsfm2k (27c23069325acdc27021671424f11bc1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/03/26 13:04:59.0953 2280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/26 13:05:00.0109 2280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/26 13:05:00.0265 2280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/26 13:05:00.0375 2280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/26 13:05:00.0484 2280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/26 13:05:00.0656 2280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/26 13:05:00.0781 2280 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/26 13:05:00.0921 2280 emupia (d03a26d94f3a24cc6c32d70bd63baeaa) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/03/26 13:05:01.0062 2280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/26 13:05:01.0156 2280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/26 13:05:01.0265 2280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/26 13:05:01.0359 2280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/26 13:05:01.0468 2280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/26 13:05:01.0562 2280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/26 13:05:01.0640 2280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/26 13:05:01.0765 2280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/26 13:05:01.0921 2280 ha10kx2k (f5f17b523e467fa3dda7d9a40d296961) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/03/26 13:05:02.0171 2280 hap16v2k (42c81f4691681ded6e1fc639aabed570) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/03/26 13:05:02.0281 2280 hap17v2k (29ee8f6fcd5e9b206c0d91923e882f6a) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/03/26 13:05:02.0437 2280 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/26 13:05:02.0640 2280 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/26 13:05:02.0781 2280 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/26 13:05:02.0875 2280 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/26 13:05:02.0968 2280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/26 13:05:03.0140 2280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/03/26 13:05:03.0265 2280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/26 13:05:03.0453 2280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/26 13:05:03.0562 2280 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/26 13:05:03.0656 2280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/26 13:05:03.0781 2280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/26 13:05:03.0890 2280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/26 13:05:04.0015 2280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/26 13:05:04.0109 2280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/26 13:05:04.0218 2280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/26 13:05:04.0343 2280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/26 13:05:04.0453 2280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/26 13:05:04.0562 2280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/26 13:05:04.0640 2280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/26 13:05:04.0781 2280 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2011/03/26 13:05:04.0890 2280 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/03/26 13:05:05.0000 2280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/26 13:05:05.0125 2280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/26 13:05:05.0218 2280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/26 13:05:05.0328 2280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/26 13:05:05.0468 2280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/26 13:05:05.0640 2280 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/03/26 13:05:05.0859 2280 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/03/26 13:05:05.0968 2280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/26 13:05:06.0125 2280 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/26 13:05:06.0250 2280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/26 13:05:06.0359 2280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/26 13:05:06.0453 2280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/26 13:05:06.0562 2280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/26 13:05:06.0656 2280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/26 13:05:06.0781 2280 Mtlmnt5 (8bc576bf81628ad9b03621bd381eb3c8) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/03/26 13:05:06.0937 2280 Mtlstrm (b5f8b93fa9556a371f20721c80b70cd3) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/03/26 13:05:07.0187 2280 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/26 13:05:07.0281 2280 NaiAvFilter1 (affd46144d763d9046673dd2d012cff9) C:\WINDOWS\system32\drivers\naiavf5x.sys
2011/03/26 13:05:07.0453 2280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/26 13:05:07.0546 2280 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/26 13:05:07.0656 2280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/26 13:05:07.0750 2280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/26 13:05:07.0875 2280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/26 13:05:07.0953 2280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/26 13:05:08.0062 2280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/26 13:05:08.0203 2280 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/26 13:05:08.0312 2280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/26 13:05:08.0453 2280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/26 13:05:08.0609 2280 NtMtlFax (d4c9a61408da38652267648d51739fdb) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/03/26 13:05:08.0703 2280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/26 13:05:09.0125 2280 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/26 13:05:09.0687 2280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/26 13:05:09.0781 2280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/26 13:05:09.0921 2280 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/26 13:05:10.0015 2280 ossrv (4b8aabb697ae81a61395a19ce4447d49) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/03/26 13:05:10.0171 2280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/26 13:05:10.0265 2280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/26 13:05:10.0343 2280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/26 13:05:10.0453 2280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/26 13:05:10.0609 2280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/26 13:05:10.0703 2280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/26 13:05:11.0218 2280 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/03/26 13:05:11.0328 2280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/26 13:05:11.0437 2280 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/26 13:05:11.0546 2280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/26 13:05:11.0625 2280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/26 13:05:11.0734 2280 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/26 13:05:12.0109 2280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/26 13:05:12.0218 2280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/26 13:05:12.0328 2280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/26 13:05:12.0421 2280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/26 13:05:12.0531 2280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/26 13:05:12.0625 2280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/26 13:05:12.0734 2280 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/26 13:05:12.0906 2280 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\System32\DRIVERS\RecAgent.sys
2011/03/26 13:05:13.0015 2280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/26 13:05:13.0171 2280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/26 13:05:13.0296 2280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/26 13:05:13.0390 2280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/26 13:05:13.0531 2280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/26 13:05:13.0703 2280 Slntamr (9d3805cbf16056359a52dfb37a71aa49) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/03/26 13:05:13.0875 2280 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/03/26 13:05:14.0000 2280 SlWdmSup (3b4a3b282f62fe5d75127d22b26909ed) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/03/26 13:05:14.0171 2280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/26 13:05:14.0265 2280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/26 13:05:14.0390 2280 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/26 13:05:14.0500 2280 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/03/26 13:05:14.0609 2280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/26 13:05:14.0703 2280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/26 13:05:15.0062 2280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/26 13:05:15.0234 2280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/26 13:05:15.0359 2280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/26 13:05:15.0515 2280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/26 13:05:15.0625 2280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/26 13:05:15.0734 2280 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
2011/03/26 13:05:15.0875 2280 tmcfw (fcfa40e475ff5549f5cd335f4046aba4) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2011/03/26 13:05:16.0015 2280 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/03/26 13:05:16.0125 2280 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2011/03/26 13:05:16.0265 2280 tmpreflt (9cbbe54780770fdb7aaa73be530e4d80) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2011/03/26 13:05:16.0359 2280 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/03/26 13:05:16.0453 2280 tmxpflt (6cc393305bd60056ca09a4c8032a169a) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2011/03/26 13:05:16.0640 2280 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/03/26 13:05:16.0734 2280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/26 13:05:16.0937 2280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/26 13:05:17.0078 2280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/26 13:05:17.0218 2280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/26 13:05:17.0328 2280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/26 13:05:17.0453 2280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/26 13:05:17.0546 2280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/26 13:05:17.0640 2280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/26 13:05:17.0718 2280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/26 13:05:17.0812 2280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/26 13:05:17.0968 2280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/26 13:05:18.0125 2280 vsapint (bbdd84ca629c1f7c8172b4405867f196) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2011/03/26 13:05:18.0359 2280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/26 13:05:18.0562 2280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/26 13:05:18.0718 2280 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/26 13:05:18.0828 2280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/26 13:05:18.0953 2280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/26 13:05:19.0046 2280 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/26 13:05:19.0125 2280 ================================================================================
2011/03/26 13:05:19.0125 2280 Scan finished
2011/03/26 13:05:19.0125 2280 ================================================================================
2011/03/26 13:05:19.0125 0580 Detected object count: 1
2011/03/26 13:06:48.0375 0580 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/26 13:06:48.0375 0580 \HardDisk0 - ok
2011/03/26 13:06:48.0375 0580 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/26 13:11:35.0671 1300 Deinitialize success

Here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6176

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/26/2011 2:45:27 PM
mbam-log-2011-03-26 (14-45-27).txt

Scan type: Quick scan
Objects scanned: 41095
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by quietman7, 26 March 2011 - 03:29 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:19 PM

Posted 26 March 2011 - 03:31 PM

I have removed your HijackThis log as they are not permitted in this forum.


This is the pertinent section of the log which indicates a TDSS rootkit infected the Master Boot Record (MBR) and that it will be cured after reboot.

2011/03/26 13:05:19.0046 2280 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/26 13:05:19.0125 2280 ================================================================================
2011/03/26 13:05:19.0125 2280 Scan finished
2011/03/26 13:05:19.0125 2280 ================================================================================
2011/03/26 13:05:19.0125 0580 Detected object count: 1
2011/03/26 13:06:48.0375 0580 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/26 13:06:48.0375 0580 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

This particular malware alters the MBR of the system drive to ensure persistent execution of malicious code. Essentially, it overwrites the MBR of the hard disk with its own code and stores a copy of the original MBR at another sector using rootkit techniques to hide itself. For more specific analysis and explanation of the infection, please refer to:Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users