Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect rage ggrrrrr


  • Please log in to reply
30 replies to this topic

#1 simplee

simplee

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 05 July 2011 - 04:25 AM

good morning
about 3 months ago i started getting redirected around the net.
when i do a search,i get the results page ok but clicking from there i get redirected quite a lot(especially today trying to get to this site!).
the sites i get redirected to seem to be genuine sites,ebay-google-amazon etc. i am also seeing a lot of odd adverts for fantasy animated games.
i have put up with it for the most part but once or twice now i have had a rather"sexy" redirect, i dont mind!! but my daughter has been banned from using the computer now as i dont know if it will pop up again while she is using it.
i have formatted and reinstalled windows 4-5 times.oh what fun that is!
i have tried
firefox(favourite)
ie8
opera(at the moment)
safari
google
bing
all have had the same problems.
when this problem first started i was using paretologic(which cost a fortune), i have since dumped this and am using microsoft security essentials. no different.
ihave tried
malewarebytes
cccleaner
tdsskiller
spybot
no joy--i have tried some in safe mode too but cant remember which ones.

bleeping computers(good name)and they are!
thanks
lee

windows xp professional
version 2002
service pack 3 build 2600
system model p5kc
system type x86
processor x86 family 6 model 15 stepping 13 genuineintel~2409 mhz
bios version american megatrends inc 0903. 2007
smbios version 2.4
windows directory c:\windows
system directory c:\windows\system32

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:39 AM

Posted 05 July 2011 - 05:02 AM

Can you post the logs from Malwarebytes and TDSSKiller?

#3 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 05 July 2011 - 05:40 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/07/2011 21:28:45
mbam-log-2011-07-03 (21-28-45).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 195572
Time elapsed: 1 hour(s), 15 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


i will get the tdsskiller one posted too

Edited by simplee, 05 July 2011 - 07:25 AM.


#4 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 05 July 2011 - 06:04 AM

2011/07/05 12:01:46.0578 2720 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/05 12:01:46.0781 2720 ================================================================================
2011/07/05 12:01:46.0781 2720 SystemInfo:
2011/07/05 12:01:46.0781 2720
2011/07/05 12:01:46.0781 2720 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/05 12:01:46.0781 2720 Product type: Workstation
2011/07/05 12:01:46.0781 2720 ComputerName: LEE11
2011/07/05 12:01:46.0781 2720 UserName: lee
2011/07/05 12:01:46.0781 2720 Windows directory: C:\WINDOWS
2011/07/05 12:01:46.0781 2720 System windows directory: C:\WINDOWS
2011/07/05 12:01:46.0781 2720 Processor architecture: Intel x86
2011/07/05 12:01:46.0781 2720 Number of processors: 2
2011/07/05 12:01:46.0781 2720 Page size: 0x1000
2011/07/05 12:01:46.0781 2720 Boot type: Normal boot
2011/07/05 12:01:46.0781 2720 ================================================================================
2011/07/05 12:01:48.0125 2720 Initialize success
2011/07/05 12:01:52.0656 3568 ================================================================================
2011/07/05 12:01:52.0656 3568 Scan started
2011/07/05 12:01:52.0656 3568 Mode: Manual;
2011/07/05 12:01:52.0656 3568 ================================================================================
2011/07/05 12:01:53.0593 3568 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/05 12:01:53.0640 3568 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/05 12:01:53.0687 3568 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/05 12:01:53.0734 3568 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/05 12:01:53.0843 3568 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/05 12:01:53.0906 3568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/05 12:01:53.0921 3568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/05 12:01:53.0968 3568 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
2011/07/05 12:01:54.0156 3568 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/05 12:01:54.0234 3568 AtiHDAudioService (0d6b8359677d05142b624f09c28d643a) C:\WINDOWS\system32\drivers\AtihdXP3.sys
2011/07/05 12:01:54.0265 3568 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/05 12:01:54.0312 3568 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/05 12:01:54.0343 3568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/05 12:01:54.0390 3568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/05 12:01:54.0406 3568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/05 12:01:54.0437 3568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/05 12:01:54.0437 3568 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/05 12:01:54.0562 3568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/05 12:01:54.0593 3568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/05 12:01:54.0625 3568 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/05 12:01:54.0640 3568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/05 12:01:54.0687 3568 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/05 12:01:54.0718 3568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/05 12:01:54.0750 3568 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/05 12:01:54.0765 3568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/05 12:01:54.0781 3568 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/05 12:01:54.0796 3568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/05 12:01:54.0828 3568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/05 12:01:54.0843 3568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/05 12:01:54.0875 3568 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/05 12:01:54.0890 3568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/05 12:01:54.0937 3568 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/07/05 12:01:54.0984 3568 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/05 12:01:55.0000 3568 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/05 12:01:55.0062 3568 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/05 12:01:55.0109 3568 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/05 12:01:55.0125 3568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/05 12:01:55.0265 3568 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/05 12:01:55.0390 3568 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/05 12:01:55.0421 3568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/05 12:01:55.0453 3568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/05 12:01:55.0468 3568 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/05 12:01:55.0500 3568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/05 12:01:55.0515 3568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/05 12:01:55.0546 3568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/05 12:01:55.0578 3568 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/05 12:01:55.0593 3568 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/05 12:01:55.0609 3568 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/05 12:01:55.0640 3568 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/05 12:01:55.0671 3568 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/05 12:01:55.0703 3568 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/05 12:01:55.0750 3568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/05 12:01:55.0781 3568 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/05 12:01:55.0796 3568 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/05 12:01:55.0843 3568 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/05 12:01:55.0859 3568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/05 12:01:55.0890 3568 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/07/05 12:01:55.0968 3568 MpKsl16889455 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0D1D186-F596-47DF-8F83-18168FB2EECB}\MpKsl16889455.sys
2011/07/05 12:01:56.0015 3568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/05 12:01:56.0062 3568 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/05 12:01:56.0093 3568 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/05 12:01:56.0109 3568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/05 12:01:56.0125 3568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/05 12:01:56.0140 3568 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/05 12:01:56.0171 3568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/05 12:01:56.0218 3568 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/07/05 12:01:56.0234 3568 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/05 12:01:56.0281 3568 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/05 12:01:56.0296 3568 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/05 12:01:56.0312 3568 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/05 12:01:56.0328 3568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/05 12:01:56.0343 3568 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/05 12:01:56.0359 3568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/05 12:01:56.0406 3568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/05 12:01:56.0437 3568 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/05 12:01:56.0453 3568 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/05 12:01:56.0484 3568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/05 12:01:56.0546 3568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/05 12:01:56.0578 3568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/05 12:01:56.0593 3568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/05 12:01:56.0593 3568 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/05 12:01:56.0640 3568 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/05 12:01:56.0656 3568 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/05 12:01:56.0687 3568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/05 12:01:56.0703 3568 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/05 12:01:56.0734 3568 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/05 12:01:56.0765 3568 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/05 12:01:56.0875 3568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/05 12:01:56.0890 3568 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/05 12:01:56.0921 3568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/05 12:01:57.0000 3568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/05 12:01:57.0015 3568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/05 12:01:57.0031 3568 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/05 12:01:57.0046 3568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/05 12:01:57.0062 3568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/05 12:01:57.0078 3568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/05 12:01:57.0109 3568 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/05 12:01:57.0140 3568 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/05 12:01:57.0171 3568 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/05 12:01:57.0234 3568 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/05 12:01:57.0250 3568 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/05 12:01:57.0265 3568 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/05 12:01:57.0312 3568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/05 12:01:57.0359 3568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/05 12:01:57.0375 3568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/05 12:01:57.0406 3568 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/05 12:01:57.0421 3568 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/05 12:01:57.0437 3568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/05 12:01:57.0515 3568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/05 12:01:57.0578 3568 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/05 12:01:57.0609 3568 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/05 12:01:57.0625 3568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/05 12:01:57.0640 3568 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/05 12:01:57.0703 3568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/05 12:01:57.0750 3568 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/05 12:01:57.0781 3568 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/05 12:01:57.0812 3568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/05 12:01:57.0812 3568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/05 12:01:57.0859 3568 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/05 12:01:57.0890 3568 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/05 12:01:57.0937 3568 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/05 12:01:57.0984 3568 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/05 12:01:57.0984 3568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/05 12:01:58.0031 3568 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/05 12:01:58.0078 3568 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/05 12:01:58.0109 3568 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/05 12:01:58.0203 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/05 12:01:58.0328 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/07/05 12:01:58.0343 3568 Boot (0x1200) (988eefde45d28c25c46423c93e49145e) \Device\Harddisk0\DR0\Partition0
2011/07/05 12:01:58.0359 3568 Boot (0x1200) (3389f8c74a420acba3208f05a441a1f6) \Device\Harddisk1\DR1\Partition0
2011/07/05 12:01:58.0359 3568 ================================================================================
2011/07/05 12:01:58.0359 3568 Scan finished
2011/07/05 12:01:58.0359 3568 ================================================================================
2011/07/05 12:01:58.0375 2548 Detected object count: 0
2011/07/05 12:01:58.0375 2548 Actual detected object count: 0

#5 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 05 July 2011 - 07:39 AM

hi
i'm off to work soon so i will check for any replies when i come home tonight before i go to bed.
thanks

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:39 AM

Posted 05 July 2011 - 10:08 AM

Can you please update Malwarebytes Anti-Malware and redo the scan?

#7 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 05 July 2011 - 09:27 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7030

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/07/2011 01:27:27
mbam-log-2011-07-06 (01-27-27).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 234472
Time elapsed: 1 hour(s), 26 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


off to bed now, see ya later

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:39 AM

Posted 07 July 2011 - 04:34 AM

You have not updated Malwarebytes it is still showing and older software version. Malwarebytes is up to 1.51.1200

Edited by cryptodan, 07 July 2011 - 04:39 AM.


#9 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 07 July 2011 - 05:13 AM

ok i`ll update again

#10 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 07 July 2011 - 07:11 AM

hi
i had trouble updating to this version, i had to uninstall and reinstall



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/07/2011 13:05:53
mbam-log-2011-07-07 (13-05-52).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 223421
Time elapsed: 1 hour(s), 25 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:39 AM

Posted 07 July 2011 - 09:45 AM

Lets try some more things:

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.

      Scan with SUPERAntiSpyware as follows:[list]
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#12 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 08 July 2011 - 01:59 AM

here is the first one...........


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2011 at 01:03 AM

Application Version : 4.55.1000

Core Rules Database Version : 7386
Trace Rules Database Version: 5198

Scan type : Complete Scan
Total Scan Time : 01:21:28

Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 4739
Registry threats detected : 0
File items scanned : 71223
File threats detected : 0

#13 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 08 July 2011 - 03:44 AM

and the next............


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2011 at 09:12 AM

Application Version : 4.55.1000

Core Rules Database Version : 7386
Trace Rules Database Version: 5198

Scan type : Complete Scan
Total Scan Time : 01:09:35

Memory items scanned : 563
Memory threats detected : 0
Registry items scanned : 4739
Registry threats detected : 0
File items scanned : 71250
File threats detected : 0

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:39 AM

Posted 08 July 2011 - 04:47 AM

Can you run Gmer?

#15 simplee

simplee
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 08 July 2011 - 05:05 AM

here is gmer...i have an ati radeon 2900gt graphics card if that has anything to do with this result!



GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-08 10:56:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD2500AAKS-00B3A0 rev.01.03A01
Running: noy22q3w.exe; Driver: C:\DOCUME~1\lee\LOCALS~1\Temp\pxtdapog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6BFE000, 0x2A12DC, 0xE8000020]

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users