Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google and IE keep redirecting. Maybe a TDSS virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 zaczar

zaczar

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 24 August 2011 - 07:29 AM

Hi,

I have run through the suggestions prior to posting. This includes using the TDSS killer, attempting to use malware bites and antivirus to no avail. (TDSS killer always finds 2 threats which return after reboot....one of which is an exe file listed below.

Each time certain search functions and websites are typed in, we are redirected through "4dayoftheweek.com" to some other website. I have noticed that a new program in task manager has appeared that is 1068811743:540691392.exe, which cannot be terminated. I also cannot run the gmer.exe file.

Thank you so much for your help in advance!

Becky

Here is my DSS file log


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 5:06:33 on 2011-08-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.923 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\1068811743:540691392.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Toolbar Helper: {d44bbb61-e17f-4ae6-a502-8d7e0b29e616} - c:\windows\system32\s1940.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Stumble&Upon: {22d003ce-6952-46c5-80b9-d19b479620ab} - c:\windows\system32\s1940.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_S728.tmp" /EF "HKCU"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: stumbleupon.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://mtstandard.serveftp.net:19141/SysCamInst.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304876804984
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - hxxp://www.bigad.com.au/player/vivid_ocx.jpeg
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
TCP: DhcpNameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{B63C5689-DF50-4937-9EA4-59945EC88276} : DhcpNameServer = 192.168.1.1 68.238.96.12
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: TPSvc - TPSvc.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-8-24 67584]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
S2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-8-8 486280]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys --> c:\windows\system32\drivers\chdrvr01.sys [?]
S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys --> c:\windows\system32\drivers\chdrvr02.sys [?]
S3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys --> c:\windows\system32\drivers\chdrvr03.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-29 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
.
=============== Created Last 30 ================
.
2011-08-24 07:19:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Safe mirror
2011-08-24 07:19:09 -------- d-----w- c:\program files\Cobian Backup 10
2011-08-24 06:55:42 -------- d-----w- C:\TDSSKiller_Quarantine
2011-08-24 06:46:41 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 06:46:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 06:46:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 06:35:41 43408 --sha-w- c:\windows\system32\c_26241.nl_
2011-08-24 05:55:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-08-24 05:55:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-24 03:38:14 -------- d-----w- c:\program files\STOPzilla!
2011-08-24 03:38:13 -------- d-----w- c:\program files\common files\iS3
2011-08-24 03:38:13 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-08-24 03:33:55 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-08-24 03:33:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-23 22:45:22 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-23 22:45:22 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-23 22:45:22 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-23 22:45:20 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-23 22:45:20 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-23 22:45:20 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-23 22:45:20 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-23 22:45:18 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-23 22:45:18 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-23 22:45:18 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-23 22:45:18 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-23 22:45:18 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-23 01:59:46 69632 ----a-w- c:\windows\system32\Clifford Uninstall.exe
2011-08-23 01:59:30 -------- d-----w- c:\program files\Scholastic's Clifford
.
==================== Find3M ====================
.
2011-08-24 07:08:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-24 06:56:59 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-08-24 06:35:21 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2009-09-01 03:30:51 2169915 ----a-w- c:\program files\SetupImgBurn_2.5.0.0.exe
2009-05-15 02:00:47 48943055 ----a-w- c:\program files\4ElementsSetup.exe
2009-04-01 03:00:05 5154304 ----a-w- c:\program files\WindowsDefender.msi
2009-03-27 01:28:53 63049904 ----a-w- c:\program files\avg_free_stf_en_85_285a1462.exe
2009-02-21 22:55:23 84663688 ----a-w- c:\program files\Setup_FlipShare.exe
2009-02-21 17:45:18 4732800 ----a-w- c:\program files\FlipVideoFWUpdate.exe
2008-12-05 03:32:23 2972904 ----a-w- c:\program files\ccsetup214.exe
2008-11-19 00:07:54 1123696 ----a-w- c:\program files\ActiveSetupN.exe
2008-11-16 15:54:32 1277688 ----a-w- c:\program files\couponprinter.exe
2008-11-16 15:24:50 46807103 ----a-w- c:\program files\FlipVideoUpdater37.exe
2008-11-15 01:22:13 7824960 ----a-w- c:\program files\picasa3-setup.exe
2008-11-13 14:38:25 4594616 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2008-10-15 03:44:45 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-07 02:19:29 46829456 ----a-w- c:\program files\zlsSetup_70_483_000_en.exe
2008-09-21 16:12:46 382352 ----a-w- c:\program files\jxpiinstall.exe
2008-08-09 16:36:25 1495112 ----a-w- c:\program files\install_flash_player(2).exe
2008-07-18 04:50:14 3192653 ----a-w- c:\program files\audacity-win-unicode-1.3.5.exe
2007-11-04 19:36:14 168464 ----a-w- c:\program files\Control_Manager_v4.2(32bit).exe
2007-03-22 01:19:52 643072 ----a-w- c:\program files\RipIt4Me.exe
2007-01-15 15:36:30 118784 ----a-w- c:\program files\FixVTS.exe
2007-01-04 03:42:15 19711696 ----a-w- c:\program files\lcsetup15.exe
2006-08-11 00:40:00 2327233 ----a-w- c:\program files\audacity-win-1.2.4b.exe
2006-08-05 16:24:20 5037072 ----a-w- c:\program files\spybotsd14.exe
2006-01-12 01:02:40 8554009 ----a-w- c:\program files\AdbeRdr705_enu_full.exe
2005-12-13 03:06:30 899414 ----a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2005-06-06 23:43:25 2417824 ----a-w- c:\program files\winzip90.exe
.
============= FINISH: 5:07:13.60 ===============

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:38 PM

Posted 25 August 2011 - 03:32 PM

Hello zaczar,

Welcome to Bleeping Computer.

Please remove your TDSSKiller and download the latest version or download and save TDSSKiller to another directory.

  • Please download DummyCreator.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      C:\WINDOWS\1068811743
    • Press Create button and post the result.
  • Important: Restart the computer.
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#3 zaczar

zaczar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 26 August 2011 - 08:30 PM

Hi,

I started the process that you listed and did the first shut down. When the computer rebooted, I got a message that check disk was initializing. Then the computer became unresponsive. After a series of reboots, each reboot gave me some strange thing. Once the mouse wouldn't work, next the keyboard. Finally, in frustration, I hit F11, created a backup of the system and files, and started completely over!

I downloaded Zone Alarm's Security plus from another computer onto a flash drive. When the computer came back on line, the first thing I did was change the administrator name/password, download windows updates, and install Zone Alarm. I performed a full disk scan and another reboot. (I used AVG prior to this).

So far everything seems to be going ok. Now I need to put all of my programs in place again.

After doing all of this, do I still need to worry about the virus in the registry?

Thanks for all your help!

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:38 PM

Posted 27 August 2011 - 03:03 AM

Finally, in frustration, I hit F11, created a backup of the system and files, and started completely over!

After doing all of this, do I still need to worry about the virus in the registry?

You don't need to worry about the registry but there are other area's to worry about depending on what you mean by "started completely over".

#5 zaczar

zaczar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 27 August 2011 - 11:41 AM

Well, I am trying to figure out how to restore my files (backed up using PC Angel) right now. I am having to reinstall my programs, and all of my windows user accounts have to be reestablished. The screen, file structure, and "example files" were just like they were when the computer was new.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:38 PM

Posted 27 August 2011 - 12:57 PM

So I feel you don't need my assistant any more. I'm going to close this topic.

Please tell me if you have any malware related question before I close the topic.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:38 PM

Posted 31 August 2011 - 07:31 AM

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users