Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Redirect in Google


  • This topic is locked This topic is locked
30 replies to this topic

#1 marksb1

marksb1

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 31 July 2011 - 10:38 AM

Hi,

Just joined today as I have a virus in my Windows XP SP3 desktop that runs CA Internet Security 2010 (Anti-virus & Spyware only) and a separate Startup Monitor to warn me on attempts to install applications in my Startup Menu/Folder. I have Spybot, but Teatimer was not on.

Problem started on July 27th while at a Forum on cleaning/staining my wood deck. Startup Monitor triggered attempt to install, and clicked "NO", but a pop-up was running a virus check. I knew this was a problem, so I quickly shut down and restarted my computer. When I rebooted, my desktop was blank and couldn't do anything. So I manually shut down the computer and restarted it and it seemed fine. Then went on the internet to search something through the Google tool bar and noticed that I was always being redirected somewhere else. Also, my CA Security Suite update notices kept sending me error messages and that a setting needs to be changed for the updates to install. The AntiSpyware seems to be getting updated, but not the AntiVirus. I also tried to update my SpyBot files, but they too fail to install.

Restarted in Safe Mode and ran HijackThis and noticed that I'm running two Internet Explorers. Also, ran Process Explorer, and noticed two IEXPLORES running and several processes labeled unknown. Decided to try Google in my ISP Homepage and was no longer being redirected. So I completely uninstalled all google applications on my machine and used CCleaner, and other registry cleaners to rid all Google related files.

I researched online about this issue and came across your site where others have had similar problems. I followed some of the recommendations to a point, and did download most of the repair software (SUPERAntispyware, Malwarebytes, DDS, ComboFix, TDSSKiller, Security Check by screen317, StartupLite, and TFC by OldTimer. I've run SUPERAntiSpyware, Malwarebytes, ESET, DDS, and also Sysinternal's Rootkit, but this is where I stopped. There were three trojans and two dozen tracking cookies discovered and have been deleted/quarantined. I have the logs, but will wait to send them per your direction.

My hard drive seems to be more active and my curser momentarily locks, even as I write this. A major concern is whether it is safe to do my online banking or access other sensitive sites (I've refrained from doing so). Would clearly appreciate your help.

BC AdBot (Login to Remove)

 


#2 Mommy2535

Mommy2535

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 31 July 2011 - 11:48 AM

Hi. I am no computer guru, but I wanted to post and let you know that I was just dealing with the same thing. It started about two weeks ago. Any time I went to the google search and clicked on something it would act like the page was loading a redirect me. Very aggrivating!! The only way I could open a link is to click on the "cache". I had trend micro (which just expired) and it was not showing up a virus. My husband has a friend at work that is a computer geek and he said to put comodo antivirus software on the computer. I deleted trend micro and added comodo. It showed up some viruses but did not fix the problem. He said to install malwarebytes, which I did not immediately do. This morning tried to pull up a page and was re-directed to a site that said I may be infected with malware. I emailed "geek buddy" via comodo and he said it was malware. I juat have the free version and had to upgrade for 49.99 for them to manually remove the virus. Instead, I installed the malwarebytes, like my husband's friend said to do. It came up 2 trojan viruses and 1 other virus (which I think is the one that was re-directed me). I had those removed on the site and I am STILL being re-directed on google. I am not sure what else to do? Let me know if you find out any answers. I would prefer not have to pay the 49.99, but I will if that is what will fix the problem. I also am afraid to log in to my online banking, or anywhere that may show my sensitive information. SO FRUSTRATING!!! GOOD LUCK!!

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:19 PM

Posted 31 July 2011 - 01:41 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 31 July 2011 - 03:04 PM

Broni,

I double clicked the icon and clicked "Run". It "collected information" and then followed wirh "Prepared Done!" with a blinking curser, but no Notepad document.

#5 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 31 July 2011 - 03:07 PM

Broni,

Sorry, it hasn't finished yet. Do I post the results here?

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:19 PM

Posted 31 July 2011 - 03:11 PM

If you're talking about Security Check wait until it's done and then post the log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 31 July 2011 - 04:44 PM

Broni,

Enclosed are the logs of Checkup, Result.txt and Malwarebytes. I'll follow up with your other directives shortly. I'd like to mention that when I restarted my computer after Malwarebytes, I noticed again that during shutdown my desktop would momentarily flash off and then reappear before continuing with shutdown. Seems to me that I'm running two systems simultaniously, but i could be wrong. Here are the logs so far:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
CA Anti-Virus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
MVPS Hosts File
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
EasyCleaner
Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

CA CA Internet Security Suite CA Anti-Virus ISafe.exe
CA CA Internet Security Suite CA Anti-Virus VetMsg.exe
CA CA Internet Security Suite CA Anti-Virus CAVRID.exe
``````````End of Log````````````

************************************************************************************************************************

MiniToolBox by Farbar
Ran by Mark (administrator) on 31-07-2011 at 16:25:46
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 0scan.com
127.0.0.1 www.0scan.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com

There are 15013 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MSBUJTAS-1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-12-3F-CE-3C-92
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 173.3.0.115
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 173.3.0.1
DHCP Server . . . . . . . . . . . : 10.240.180.53
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
Lease Obtained. . . . . . . . . . : Sunday, July 31, 2011 8:33:19 AM
Lease Expires . . . . . . . . . . : Tuesday, August 02, 2011 8:33:19 AM
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: google.com
Addresses: 74.125.93.147, 74.125.93.106, 74.125.93.104, 74.125.93.99
74.125.93.103, 74.125.93.105


Pinging google.com [74.125.93.104] with 32 bytes of data:

Reply from 74.125.93.104: bytes=32 time=75ms TTL=51
Reply from 74.125.93.104: bytes=32 time=69ms TTL=51

Ping statistics for 74.125.93.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 69ms, Maximum = 75ms, Average = 72ms
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:

Reply from 72.30.2.43: bytes=32 time=97ms TTL=52
Reply from 72.30.2.43: bytes=32 time=113ms TTL=51

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 97ms, Maximum = 113ms, Average = 105ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f ce 3c 92 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 173.3.0.1 173.3.0.115 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
173.3.0.0 255.255.252.0 173.3.0.115 173.3.0.115 20
173.3.0.115 255.255.255.255 127.0.0.1 127.0.0.1 20
173.3.255.255 255.255.255.255 173.3.0.115 173.3.0.115 20
224.0.0.0 240.0.0.0 173.3.0.115 173.3.0.115 20
255.255.255.255 255.255.255.255 173.3.0.115 173.3.0.115 1
Default Gateway: 173.3.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/31/2011 00:41:30 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00ca26ef.
Processing media-specific event for [explorer.exe!ws!]

Error: (07/30/2011 11:44:32 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x8004ff0acommon client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (07/30/2011 11:44:31 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (07/30/2011 07:24:33 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/30/2011 11:07:29 AM) (Source: MsiInstaller) (User: Mark)Mark
Description: The installation of C:\Documents and Settings\Mark\Application Data\Sun\Java\jre1.6.0_26\jre1.6.0_26-pfrom23.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (07/30/2011 06:56:23 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19088, fault address 0x000d990f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/30/2011 01:46:24 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00ca26ef.
Processing media-specific event for [explorer.exe!ws!]

Error: (07/28/2011 01:11:23 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19088, fault address 0x001bad17.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/27/2011 07:05:55 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/02/2011 11:18:03 AM) (Source: MsiInstaller) (User: Mark)Mark
Description: Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_Other_32' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Mark\LOCALS~1\Temp\dd_NET_Framework30_Setup43D2.txt.


System errors:
=============
Error: (07/31/2011 08:32:18 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/31/2011 08:29:15 AM) (Source: DCOM) (User: Mark)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2011 08:28:55 AM) (Source: DCOM) (User: Mark)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2011 00:39:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
SASDIFSV
SASKUTIL
VET-FILT
VET-REC
VETEFILE
VETMONNT

Error: (07/31/2011 00:38:45 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/30/2011 03:10:42 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/30/2011 03:10:26 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (07/30/2011 02:18:41 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/30/2011 00:45:41 PM) (Source: Service Control Manager) (User: )
Description: The SABProcEnum service failed to start due to the following error:
%%2

Error: (07/30/2011 00:42:09 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/25/2011 07:47:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 167 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/01/2010 07:10:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 111 seconds with 60 seconds of active time. This session ended with a crash.

Error: (08/27/2010 09:05:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/10/2010 09:14:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3911 seconds with 720 seconds of active time. This session ended with a crash.

Error: (04/18/2010 08:39:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 93 seconds with 60 seconds of active time. This session ended with a crash.

Error: (02/27/2010 09:41:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 375 seconds with 120 seconds of active time. This session ended with a crash.

Error: (12/29/2009 00:10:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 118 seconds with 60 seconds of active time. This session ended with a crash.

Error: (08/06/2009 03:54:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 1022.07 MB
Available physical RAM: 345.61 MB
Total Pagefile: 2456.1 MB
Available Pagefile: 1794.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.1 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.3 GB) (Free:40.33 GB) NTFS

========================= Users: ========================================

User accounts for \\MSBUJTAS-1

Administrator Connie Guest
HelpAssistant Mark Sarah
Steven SUPPORT_388945a0


== End of log ==

************************************************************************************************************************

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/31/2011 5:12:42 PM
mbam-log-2011-07-31 (17-12-42).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|)
Objects scanned: 269407
Time elapsed: 38 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*****************************************************************************************************************

I appreciate your help. Continuing.....

#8 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 31 July 2011 - 06:45 PM

Broni,

I can not post the gmer.log file because it is to big and your site won't let me submit it. What should I do?

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:19 PM

Posted 31 July 2011 - 07:39 PM

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 31 July 2011 - 08:28 PM

http://www.filedropper.com/04-gmer07-31-11_4

Broni,

Is this what you mean? I also posted all files to date in the Virus, Malware....Section.

Additional information that may be pertinent:

- Remembered that when I described restarting in Safe Mode in my original post, I Went to a Restore Point from 2-days earlier.
- The gmer.log is a 2nd run as I aborted the 1st run because I forgot to disable my CA Internet Security Suite.
- This curser keeps freezing while I type (have to click it with my mouse to get it going again), and whenever I open my home page on the internet, it no longer opens in full screen, so I have to manually expand it in the top right corner. I'm sure there is a way to set it, but can't remember where it is.

Anyway, awaiting your next instructions...

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:19 PM

Posted 31 July 2011 - 11:15 PM

I also posted all files to date in the Virus, Malware....Section.

You can't do this.
You'll have to decide in which forum you'll want to proceed.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 01 August 2011 - 03:46 PM

Broni,

Sorry, I thought that was what I was supposed to do when I couldn't send the gmer.log file because it was too big. I prefer to continue with you.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:19 PM

Posted 01 August 2011 - 07:54 PM

In that case, you have to post reply in malware removal forum stating that you don't need any more help at this moment (important!).

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 marksb1

marksb1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 02 August 2011 - 12:15 AM

Broni,

Results of TDSSKiller:

2011/08/02 00:56:54.0015 3140 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 00:56:54.0453 3140 ================================================================================
2011/08/02 00:56:54.0453 3140 SystemInfo:
2011/08/02 00:56:54.0453 3140
2011/08/02 00:56:54.0453 3140 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/02 00:56:54.0453 3140 Product type: Workstation
2011/08/02 00:56:54.0453 3140 ComputerName: MSBUJTAS-1
2011/08/02 00:56:54.0453 3140 UserName: Mark
2011/08/02 00:56:54.0453 3140 Windows directory: C:\WINDOWS
2011/08/02 00:56:54.0453 3140 System windows directory: C:\WINDOWS
2011/08/02 00:56:54.0453 3140 Processor architecture: Intel x86
2011/08/02 00:56:54.0453 3140 Number of processors: 2
2011/08/02 00:56:54.0453 3140 Page size: 0x1000
2011/08/02 00:56:54.0453 3140 Boot type: Normal boot
2011/08/02 00:56:54.0453 3140 ================================================================================
2011/08/02 00:56:55.0812 3140 Initialize success
2011/08/02 00:57:07.0703 2444 ================================================================================
2011/08/02 00:57:07.0703 2444 Scan started
2011/08/02 00:57:07.0703 2444 Mode: Manual;
2011/08/02 00:57:07.0703 2444 ================================================================================
2011/08/02 00:57:08.0968 2444 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/02 00:57:09.0062 2444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 00:57:09.0109 2444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/02 00:57:09.0156 2444 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/02 00:57:09.0203 2444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 00:57:09.0265 2444 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/02 00:57:09.0343 2444 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/02 00:57:09.0375 2444 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/02 00:57:09.0406 2444 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/02 00:57:09.0437 2444 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/02 00:57:09.0484 2444 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/02 00:57:09.0531 2444 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/02 00:57:09.0578 2444 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/02 00:57:09.0609 2444 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/02 00:57:09.0656 2444 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/02 00:57:09.0718 2444 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/02 00:57:09.0750 2444 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/02 00:57:09.0781 2444 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/02 00:57:09.0843 2444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 00:57:09.0875 2444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 00:57:09.0968 2444 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/02 00:57:10.0203 2444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 00:57:10.0265 2444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 00:57:10.0312 2444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 00:57:10.0390 2444 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/02 00:57:10.0390 2444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 00:57:10.0437 2444 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/02 00:57:10.0484 2444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 00:57:10.0515 2444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 00:57:10.0531 2444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/02 00:57:10.0625 2444 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/02 00:57:10.0671 2444 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/02 00:57:10.0750 2444 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/08/02 00:57:10.0812 2444 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/08/02 00:57:10.0890 2444 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/08/02 00:57:10.0937 2444 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/02 00:57:11.0015 2444 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/02 00:57:11.0046 2444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/02 00:57:11.0109 2444 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/08/02 00:57:11.0125 2444 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/02 00:57:11.0156 2444 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/08/02 00:57:11.0187 2444 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/08/02 00:57:11.0218 2444 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/08/02 00:57:11.0234 2444 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/08/02 00:57:11.0265 2444 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/08/02 00:57:11.0296 2444 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/08/02 00:57:11.0328 2444 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/08/02 00:57:11.0468 2444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/02 00:57:11.0703 2444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/02 00:57:11.0734 2444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/02 00:57:11.0781 2444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/02 00:57:11.0843 2444 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/08/02 00:57:11.0906 2444 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/08/02 00:57:11.0968 2444 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/08/02 00:57:12.0031 2444 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/02 00:57:12.0093 2444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/02 00:57:12.0109 2444 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/02 00:57:12.0140 2444 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/02 00:57:12.0296 2444 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/02 00:57:12.0343 2444 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/08/02 00:57:12.0406 2444 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/02 00:57:12.0484 2444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/02 00:57:12.0531 2444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/02 00:57:12.0562 2444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/02 00:57:12.0609 2444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/02 00:57:12.0640 2444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/02 00:57:12.0687 2444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/02 00:57:12.0718 2444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/02 00:57:12.0781 2444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/02 00:57:12.0812 2444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/02 00:57:12.0875 2444 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/02 00:57:12.0921 2444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/02 00:57:12.0953 2444 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/02 00:57:13.0000 2444 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/02 00:57:13.0062 2444 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/08/02 00:57:13.0250 2444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/02 00:57:13.0281 2444 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/02 00:57:13.0328 2444 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/02 00:57:13.0359 2444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/02 00:57:13.0453 2444 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/02 00:57:13.0578 2444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/02 00:57:13.0640 2444 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/02 00:57:13.0687 2444 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/02 00:57:13.0750 2444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/02 00:57:13.0781 2444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/02 00:57:13.0843 2444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/02 00:57:13.0859 2444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/02 00:57:13.0921 2444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/02 00:57:13.0984 2444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/02 00:57:14.0046 2444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/02 00:57:14.0109 2444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/02 00:57:14.0171 2444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/02 00:57:14.0187 2444 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/02 00:57:14.0265 2444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/02 00:57:14.0296 2444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/02 00:57:14.0390 2444 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/02 00:57:14.0421 2444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/02 00:57:14.0484 2444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/02 00:57:14.0515 2444 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/02 00:57:14.0640 2444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/02 00:57:14.0687 2444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/02 00:57:14.0718 2444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/02 00:57:14.0781 2444 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/02 00:57:14.0828 2444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/02 00:57:14.0906 2444 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/02 00:57:14.0968 2444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/02 00:57:15.0015 2444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/02 00:57:15.0031 2444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/02 00:57:15.0062 2444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/02 00:57:15.0109 2444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/02 00:57:15.0140 2444 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/02 00:57:15.0187 2444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/02 00:57:15.0234 2444 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/02 00:57:15.0265 2444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/02 00:57:15.0296 2444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/02 00:57:15.0328 2444 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/02 00:57:15.0359 2444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/02 00:57:15.0406 2444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/02 00:57:15.0484 2444 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/02 00:57:15.0515 2444 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/08/02 00:57:15.0562 2444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/02 00:57:15.0578 2444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/02 00:57:15.0625 2444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/02 00:57:15.0718 2444 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/02 00:57:15.0968 2444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/02 00:57:16.0156 2444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/02 00:57:16.0218 2444 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/08/02 00:57:16.0296 2444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/02 00:57:16.0359 2444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/02 00:57:16.0421 2444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/02 00:57:16.0453 2444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/02 00:57:16.0484 2444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/02 00:57:16.0531 2444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/02 00:57:16.0625 2444 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/02 00:57:16.0656 2444 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/02 00:57:16.0718 2444 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/08/02 00:57:16.0781 2444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/02 00:57:16.0812 2444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/02 00:57:16.0843 2444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/02 00:57:16.0875 2444 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/02 00:57:16.0921 2444 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/02 00:57:16.0953 2444 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/02 00:57:17.0000 2444 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/02 00:57:17.0031 2444 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/02 00:57:17.0062 2444 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/02 00:57:17.0093 2444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/02 00:57:17.0125 2444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/02 00:57:17.0156 2444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/02 00:57:17.0171 2444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/02 00:57:17.0203 2444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/02 00:57:17.0234 2444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/02 00:57:17.0250 2444 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/02 00:57:17.0390 2444 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/02 00:57:17.0453 2444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/02 00:57:17.0671 2444 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/02 00:57:17.0687 2444 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/02 00:57:17.0781 2444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/02 00:57:17.0828 2444 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/02 00:57:17.0859 2444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/02 00:57:17.0890 2444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/02 00:57:18.0000 2444 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
2011/08/02 00:57:18.0156 2444 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/02 00:57:18.0218 2444 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/02 00:57:18.0281 2444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/02 00:57:18.0343 2444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/02 00:57:18.0421 2444 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/02 00:57:18.0468 2444 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/02 00:57:18.0546 2444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/02 00:57:18.0578 2444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/02 00:57:18.0625 2444 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/02 00:57:18.0656 2444 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/02 00:57:18.0703 2444 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/02 00:57:18.0828 2444 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/02 00:57:18.0875 2444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/02 00:57:18.0937 2444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/02 00:57:19.0062 2444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/02 00:57:19.0093 2444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/02 00:57:19.0140 2444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/02 00:57:19.0203 2444 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/02 00:57:19.0265 2444 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2011/08/02 00:57:19.0312 2444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/02 00:57:19.0343 2444 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/02 00:57:19.0406 2444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/02 00:57:19.0500 2444 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/02 00:57:19.0546 2444 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/02 00:57:19.0593 2444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/02 00:57:19.0671 2444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/02 00:57:19.0687 2444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/02 00:57:19.0750 2444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/02 00:57:19.0781 2444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/02 00:57:19.0843 2444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/02 00:57:19.0906 2444 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/02 00:57:19.0968 2444 VET-FILT (e6287f6c77e71adfc6badb106cd30e7d) C:\WINDOWS\system32\drivers\VET-FILT.sys
2011/08/02 00:57:20.0015 2444 VET-REC (cb98d6c1ade8a891cbbfd9beb1774f48) C:\WINDOWS\system32\drivers\VET-REC.sys
2011/08/02 00:57:20.0046 2444 VETEBOOT (c079f80582c31728029f3efcdfeaf221) C:\WINDOWS\system32\drivers\VETEBOOT.sys
2011/08/02 00:57:20.0109 2444 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys
2011/08/02 00:57:20.0250 2444 VETFDDNT (05bdabe6664f48c54a6d3c538c8f2cc1) C:\WINDOWS\system32\drivers\VETFDDNT.sys
2011/08/02 00:57:20.0281 2444 VETMONNT (f5897ff7eb733670f92e798ef5358b88) C:\WINDOWS\system32\drivers\VETMONNT.sys
2011/08/02 00:57:20.0343 2444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/02 00:57:20.0375 2444 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/02 00:57:20.0421 2444 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/02 00:57:20.0484 2444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/02 00:57:20.0515 2444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/02 00:57:20.0562 2444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/02 00:57:20.0656 2444 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/02 00:57:20.0781 2444 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/02 00:57:20.0828 2444 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/02 00:57:20.0859 2444 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/02 00:57:20.0906 2444 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/08/02 00:57:20.0921 2444 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/08/02 00:57:20.0937 2444 Boot (0x1200) (91553ee5f485b5c3e5913db5349fc7ce) \Device\Harddisk0\DR0\Partition0
2011/08/02 00:57:20.0937 2444 ================================================================================
2011/08/02 00:57:20.0937 2444 Scan finished
2011/08/02 00:57:20.0937 2444 ================================================================================
2011/08/02 00:57:20.0953 0676 Detected object count: 1
2011/08/02 00:57:20.0953 0676 Actual detected object count: 1
2011/08/02 00:57:47.0156 0676 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/08/02 00:57:47.0156 0676 \Device\Harddisk0\DR0 - ok
2011/08/02 00:57:47.0156 0676 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:19 PM

Posted 02 August 2011 - 12:17 AM

How is redirection?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users