Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with tdss i think, keeps redirecting me


  • This topic is locked This topic is locked
4 replies to this topic

#1 gersman

gersman

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 29 March 2011 - 12:44 PM

I can't open certain programs, keep being redirected and my internet browsers (firefox and ie) keep freezing. Avast finds nothing as does anti malwarebytes and it won't let me download TDSS killer or run it from removable hard drive.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by comet at 18:25:20.78 on 29/03/2011
Internet Explorer: 8.0.7600.16385
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.jzip.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - c:\progra~1\wif0e7~1\toolbar\jzipdtx.dll
BHO: UrlHelper Class: {41c4aa37-1ddd-4345-b8dc-734e4b38414d} - c:\progra~1\wif0e7~1\datamngr\IEBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - c:\progra~1\wif0e7~1\toolbar\jzipdtx.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [332BigDog] c:\program files\usb camera2\VM332_STI.EXE
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [DATAMNGR] c:\progra~1\wif0e7~1\datamngr\DATAMN~1.EXE
dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wif0e7~1\datamngr\datamngr.dll c:\progra~1\wif0e7~1\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\comet\appdata\roaming\mozilla\firefox\profiles\tug3woxp.default\
FF - prefs.js: browser.search.selectedEngine - jZip Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.jzip.com/
FF - prefs.js: keyword.URL - hxxp://search.jzip.com/web?src=ffb&systemid=102&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Update Service: updater@foxstart.com - c:\program files\mozilla firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
============= SERVICES / DRIVERS ===============
.
R? Bridge0;Bridge0
R? cpuz134;cpuz134
R? gupdate;Google Update Service (gupdate)
R? k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
R? Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc
R? Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc
R? netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
R? PS_MDP;ReadyComm Presentation Space Helper Service
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RtsUIR;Realtek IR Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? WinRing0_1_2_0;WinRing0_1_2_0
R? wsvd;wsvd
S? ACPIVPC;Lenovo Virtual Power Controller Driver
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
S? btwl2cap;Bluetooth L2CAP Service
S? funfrm;funfrm
S? IGRS;IGRS
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? ReadyComm.DirectRouter;ReadyComm.DirectRouter
S? vm332avs;Lenovo Camera2
S? vwififlt;Virtual WiFi Filter Driver
S? wdmirror;wdmirror
.
=============== Created Last 30 ================
.
2011-03-29 16:26:38 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{049dd0dc-8ee9-4f78-a267-be0650470239}\mpengine.dll
2011-03-28 16:40:17 -------- d-----w- c:\users\comet\appdata\local\jZip
2011-03-28 16:40:15 -------- d-----w- c:\program files\Windows jZip Toolbar
2011-03-28 16:40:05 -------- d-----w- c:\program files\jZip
2011-03-28 16:36:11 -------- d-----w- c:\users\comet\appdata\local\WinZip
2011-03-27 18:06:59 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-25 08:39:17 -------- d-----w- c:\users\comet\appdata\roaming\Malwarebytes
2011-03-25 08:39:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 08:39:13 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-25 08:39:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-24 21:36:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-24 21:07:54 -------- d-----w- c:\users\comet\appdata\local\Google
2011-03-24 21:07:48 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-24 21:07:47 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-24 21:06:58 40648 ----a-w- c:\windows\avastSS.scr
2011-03-24 21:06:48 -------- d-----w- c:\program files\AVAST Software
2011-03-24 21:06:48 -------- d-----w- c:\progra~2\AVAST Software
2011-03-22 19:53:46 -------- d--h--w- c:\users\comet\appdata\local\Adobe
.
==================== Find3M ====================
.
.
============= FINISH: 18:28:21.27 ===============

.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.0.1
ALPS Touch Pad Driver
avast! Free Antivirus
Broadcom 802.11 Wireless Driver
Broadcom Gigabit Integrated Controller
Conexant HD Audio
EasyCapture
Energy Management
Football Manager 2011
Google Chrome
Google Update Helper
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
Junk Mail filter update
jZip
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
PC-Doctor for Windows
Power2Go
Realtek USB 2.0 Card Reader
Spotify
Steam
VeriFace
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows jZip Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinZip 15.0
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:09 PM

Posted 30 March 2011 - 01:03 PM

Hi,

My name is Casey and I will be helping you with your malware problems.

As you may have noticed, I am currently in training which means that all of my responses will first be verified by a malware removal coach. As such, there may be a little delay in my responses to you. On the plus side, there will be two sets of eyes looking over your logs.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:09 PM

Posted 31 March 2011 - 08:14 AM

Hi there,

  • Please download OTH.scr to your desktop.
  • Now download OTL to your desktop.
  • Double click the OTH file and select Kill All Processes, your desktop will go blank


    Posted Image


    Then select Start OTL, - OTL will now run:
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

TDSSKiller

:step1: Please find an empty USB stick/pen drive and a malware-free PC.

:step2: On the malware-free PC, please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

:step3: I would like you to download a fresh copy of TDSSKiller on the clean PC, rename the file to Caseyboy.exe, transfer to your infected PC, via the USB stick you've used above, and then try running it. If that works, post me the log.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:09 PM

Posted 03 April 2011 - 08:49 AM

Hi,

This is a 3 day bump.

Hopefully you're still with us but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:09 PM

Posted 05 April 2011 - 05:32 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users