Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

The Redirect Virus [Solved]

Started by krystine , Aug 26 2010 03:22 PM

  • This topic is locked This topic is locked

#16
krystine
Posted 30 August 2010 - 04:34 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I seem to have the virus again. Is it possible my system went to a restore point before I had a chance to delete the old ones? I was just going through the steps you suggested now but decided to triple check before I turned off system restore/rebooted/turned it back on. Should I do the eset scan again?
edit: I tried but it says "Cannot get update. Is proxy configured?"

Edited by krystine, 30 August 2010 - 05:05 PM.

  • 0

Advertisements

#17
emeraldnzl
Posted 30 August 2010 - 05:48 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again krystine.

before I turned off system restore/rebooted/turned it back on


Yep, leave System Restore for now.

Let's do this instead:

It is a pretty big download but is very useful at detecting\cleaning rootkits or whatever it finds.

Please click here to download VRT Tool by Kaspersky.
  • Save it to your desktop
  • Double click the setup file to run it
  • Accept the agreement
  • A pop up window will appear.
  • On the Autoscan panel check all items
  • Click on Start Scan
  • When finished (this can take some time... just be patient and let it do its job) click the Report button
  • Click the + button left top to expand the critical events
  • Highlight Ctrl A and copy Ctrl C
  • Save to Notepad Ctrl V
Copy and past the report back here.

Click exit to uninstall Kaspersky VRT. Click yes to the prompts to complete the process.

Note: This tool will self uninstall when you click Exit so please save the log before closing it.
  • 0

#18
krystine
Posted 31 August 2010 - 07:32 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Autoscan: completed 7 minutes ago (events: 2, objects: 564113, time: 03:19:42)
8/31/2010 5:59:22 PM Task started
8/31/2010 9:19:04 PM Task completed
  • 0

#19
emeraldnzl
Posted 31 August 2010 - 08:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Are the symptoms still there and if so, please remind me of exactly what is happening? :)
  • 0

#20
krystine
Posted 31 August 2010 - 08:44 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
The symptoms are still here. When I perform a google search I can barely visit any of the results. I either end up at 'k-directory.com' (or the like) or I just stay at a white loading page. Occasionally the page loads correctly but instantly goes white.
  • 0

#21
emeraldnzl
Posted 31 August 2010 - 09:03 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm...

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#22
krystine
Posted 01 September 2010 - 03:16 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
2010/09/01 17:15:30.0871 TDSS rootkit removing tool 2.4.1.4 Aug 31 2010 16:55:25
2010/09/01 17:15:30.0871 ================================================================================
2010/09/01 17:15:30.0871 SystemInfo:
2010/09/01 17:15:30.0871
2010/09/01 17:15:30.0871 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/01 17:15:30.0871 Product type: Workstation
2010/09/01 17:15:30.0871 ComputerName: KRYSTINE-PC
2010/09/01 17:15:30.0871 UserName: Krystine
2010/09/01 17:15:30.0871 Windows directory: C:\Windows
2010/09/01 17:15:30.0871 System windows directory: C:\Windows
2010/09/01 17:15:30.0871 Running under WOW64
2010/09/01 17:15:30.0871 Processor architecture: Intel x64
2010/09/01 17:15:30.0871 Number of processors: 4
2010/09/01 17:15:30.0871 Page size: 0x1000
2010/09/01 17:15:30.0871 Boot type: Normal boot
2010/09/01 17:15:30.0871 ================================================================================
2010/09/01 17:15:30.0871 Utility is running under WOW64, functionality is limited.
2010/09/01 17:15:31.0604 Initialize success
2010/09/01 17:15:32.0790 ================================================================================
2010/09/01 17:15:32.0790 Scan started
2010/09/01 17:15:32.0790 Mode: Manual;
2010/09/01 17:15:32.0790 ================================================================================
2010/09/01 17:15:33.0289 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/01 17:15:33.0305 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/01 17:15:33.0336 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/01 17:15:33.0383 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/01 17:15:33.0414 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/01 17:15:33.0445 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/01 17:15:33.0492 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/09/01 17:15:33.0523 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/01 17:15:33.0554 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/01 17:15:33.0601 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/01 17:15:33.0617 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/01 17:15:33.0632 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/01 17:15:33.0664 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/01 17:15:33.0695 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/01 17:15:33.0726 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/01 17:15:33.0757 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/09/01 17:15:33.0820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/09/01 17:15:33.0851 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/01 17:15:33.0882 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/01 17:15:33.0898 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/01 17:15:34.0022 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/01 17:15:34.0147 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
2010/09/01 17:15:34.0194 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\System32\Drivers\avgmfx64.sys
2010/09/01 17:15:34.0210 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\System32\Drivers\avgtdia.sys
2010/09/01 17:15:34.0272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/09/01 17:15:34.0303 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/09/01 17:15:34.0350 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/09/01 17:15:34.0428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/01 17:15:34.0475 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/01 17:15:34.0490 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/01 17:15:34.0522 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/01 17:15:34.0568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/09/01 17:15:34.0584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/01 17:15:34.0600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/01 17:15:34.0631 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/01 17:15:34.0646 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/01 17:15:34.0693 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/01 17:15:34.0709 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/01 17:15:34.0756 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/01 17:15:34.0802 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/09/01 17:15:34.0849 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/01 17:15:34.0865 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/01 17:15:34.0912 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/09/01 17:15:34.0943 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/01 17:15:34.0974 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/01 17:15:35.0005 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/01 17:15:35.0083 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/09/01 17:15:35.0146 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/09/01 17:15:35.0192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/09/01 17:15:35.0224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/09/01 17:15:35.0302 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/09/01 17:15:35.0348 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/01 17:15:35.0411 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
2010/09/01 17:15:35.0489 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/09/01 17:15:35.0582 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/01 17:15:35.0614 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/01 17:15:35.0660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/09/01 17:15:35.0692 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/09/01 17:15:35.0723 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/01 17:15:35.0770 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/09/01 17:15:35.0801 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/09/01 17:15:35.0816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/01 17:15:35.0863 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/09/01 17:15:35.0926 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/09/01 17:15:35.0941 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/01 17:15:35.0988 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/01 17:15:36.0019 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/01 17:15:36.0050 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/01 17:15:36.0097 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/01 17:15:36.0160 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/09/01 17:15:36.0191 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/01 17:15:36.0206 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/01 17:15:36.0222 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/01 17:15:36.0253 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/01 17:15:36.0300 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/01 17:15:36.0362 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/01 17:15:36.0409 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/09/01 17:15:36.0440 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/01 17:15:36.0456 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/01 17:15:36.0503 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/01 17:15:36.0550 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/01 17:15:36.0612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/01 17:15:36.0628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/01 17:15:36.0674 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/01 17:15:36.0815 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/01 17:15:36.0830 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/09/01 17:15:36.0893 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/09/01 17:15:36.0908 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/01 17:15:36.0940 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/01 17:15:36.0971 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/01 17:15:36.0986 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/01 17:15:37.0033 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/01 17:15:37.0064 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/01 17:15:37.0096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/09/01 17:15:37.0174 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/01 17:15:37.0252 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/01 17:15:37.0267 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/01 17:15:37.0298 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/01 17:15:37.0330 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/01 17:15:37.0345 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/09/01 17:15:37.0392 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/01 17:15:37.0423 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/01 17:15:37.0486 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/09/01 17:15:37.0517 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/01 17:15:37.0548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/01 17:15:37.0579 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/01 17:15:37.0610 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/09/01 17:15:37.0642 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/01 17:15:37.0673 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/01 17:15:37.0720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/01 17:15:37.0751 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/01 17:15:37.0782 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/01 17:15:37.0813 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/01 17:15:37.0860 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/01 17:15:37.0891 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/01 17:15:37.0922 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/09/01 17:15:37.0969 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/01 17:15:38.0000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/01 17:15:38.0047 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/01 17:15:38.0063 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/01 17:15:38.0094 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/09/01 17:15:38.0141 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/09/01 17:15:38.0172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/01 17:15:38.0203 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/09/01 17:15:38.0219 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/01 17:15:38.0250 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/09/01 17:15:38.0328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/01 17:15:38.0375 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/09/01 17:15:38.0406 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/01 17:15:38.0437 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/01 17:15:38.0468 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/01 17:15:38.0500 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/01 17:15:38.0515 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/09/01 17:15:38.0546 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/01 17:15:38.0578 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/01 17:15:38.0671 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/01 17:15:38.0702 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/09/01 17:15:38.0734 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/01 17:15:38.0796 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/09/01 17:15:38.0843 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/09/01 17:15:38.0874 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/01 17:15:38.0890 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/01 17:15:38.0921 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/01 17:15:38.0936 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/01 17:15:39.0046 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/09/01 17:15:39.0061 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/09/01 17:15:39.0108 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/09/01 17:15:39.0139 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/01 17:15:39.0155 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/01 17:15:39.0202 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/09/01 17:15:39.0233 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/09/01 17:15:39.0389 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/01 17:15:39.0420 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/09/01 17:15:39.0467 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/01 17:15:39.0514 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/01 17:15:39.0545 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/01 17:15:39.0592 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/01 17:15:39.0607 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/01 17:15:39.0638 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/01 17:15:39.0670 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/01 17:15:39.0701 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/01 17:15:39.0732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/01 17:15:39.0779 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/01 17:15:39.0794 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/01 17:15:39.0826 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/01 17:15:39.0872 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/09/01 17:15:39.0904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/01 17:15:39.0935 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/01 17:15:39.0966 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/09/01 17:15:40.0013 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/09/01 17:15:40.0091 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2010/09/01 17:15:40.0153 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2010/09/01 17:15:40.0169 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2010/09/01 17:15:40.0247 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/01 17:15:40.0309 rt70x64 (794abff6ca8f113ae523f20edee2fe04) C:\Windows\system32\DRIVERS\netr7064.sys
2010/09/01 17:15:40.0356 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/09/01 17:15:40.0403 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/01 17:15:40.0450 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/01 17:15:40.0528 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/09/01 17:15:40.0574 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/01 17:15:40.0590 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/09/01 17:15:40.0637 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/01 17:15:40.0684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/01 17:15:40.0699 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/01 17:15:40.0730 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/01 17:15:40.0746 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/01 17:15:40.0808 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/01 17:15:40.0840 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/01 17:15:40.0855 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/09/01 17:15:40.0918 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/09/01 17:15:41.0027 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/09/01 17:15:41.0027 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/09/01 17:15:41.0042 sptd - detected Locked file (1)
2010/09/01 17:15:41.0074 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2010/09/01 17:15:41.0120 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/01 17:15:41.0152 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/01 17:15:41.0214 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/01 17:15:41.0276 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/09/01 17:15:41.0308 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/09/01 17:15:41.0339 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/01 17:15:41.0479 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2010/09/01 17:15:41.0526 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/01 17:15:41.0573 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/01 17:15:41.0604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/09/01 17:15:41.0620 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/09/01 17:15:41.0651 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/01 17:15:41.0682 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/01 17:15:41.0776 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/01 17:15:41.0822 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/01 17:15:41.0854 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/01 17:15:41.0885 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/01 17:15:41.0947 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/01 17:15:41.0978 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/01 17:15:41.0994 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/01 17:15:42.0072 USBAAPL64 (5cf1ead086176dd3348e920a40bed03d) C:\Windows\system32\Drivers\usbaapl64.sys
2010/09/01 17:15:42.0103 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/01 17:15:42.0134 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/01 17:15:42.0166 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/01 17:15:42.0197 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/01 17:15:42.0228 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/01 17:15:42.0244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/01 17:15:42.0275 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/01 17:15:42.0306 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/01 17:15:42.0353 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/01 17:15:42.0384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/01 17:15:42.0431 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/09/01 17:15:42.0462 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/01 17:15:42.0478 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/01 17:15:42.0524 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/09/01 17:15:42.0556 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/09/01 17:15:42.0587 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/01 17:15:42.0618 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/09/01 17:15:42.0665 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/01 17:15:42.0680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/01 17:15:42.0727 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/09/01 17:15:42.0774 wacmoumonitor (6b6718dc4b4597ec10f4f8c614282ee1) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2010/09/01 17:15:42.0805 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2010/09/01 17:15:42.0836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/01 17:15:42.0883 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
2010/09/01 17:15:42.0914 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/01 17:15:42.0930 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/01 17:15:43.0008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/09/01 17:15:43.0055 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/01 17:15:43.0148 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/01 17:15:43.0180 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/09/01 17:15:43.0289 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/09/01 17:15:43.0336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/01 17:15:43.0398 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/01 17:15:43.0492 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/09/01 17:15:43.0523 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/01 17:15:43.0632 ================================================================================
2010/09/01 17:15:43.0632 Scan finished
2010/09/01 17:15:43.0632 ================================================================================
2010/09/01 17:15:43.0648 Detected object count: 1
2010/09/01 17:15:45.0925 Locked file(sptd) - User select action: Skip
  • 0

#23
emeraldnzl
Posted 01 September 2010 - 03:38 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Well, no change there.

Lets do this:

  • Download OTL to your desktop.
  • Double click on the icon to run it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[emptyflash]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

When you return please post
  • OTL fix
  • SuperAntiSpyware scan results
  • 0

#24
krystine
Posted 01 September 2010 - 05:22 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL fix

All processes killed
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Krystine
->Flash cache emptied: 1850 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Krystine
->Temp folder emptied: 12614504 bytes
->Temporary Internet Files folder emptied: 2750948 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 92133448 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69396 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 661859 bytes

Total Files Cleaned = 103.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09012010_180850

Files\Folders moved on Reboot...
C:\Users\Krystine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


SuperAntiSpyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/01/2010 at 07:00 PM

Application Version : 4.42.1000

Core Rules Database Version : 5410
Trace Rules Database Version: 3222

Scan type : Complete Scan
Total Scan Time : 00:42:49

Memory items scanned : 775
Memory threats detected : 0
Registry items scanned : 12953
Registry threats detected : 10
File items scanned : 104174
File threats detected : 79

Adware.Tracking Cookie
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\krystine@atdmt[7].txt
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\krystine@atdmt[1].txt
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\krystine@atdmt[2].txt
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\krystine@atdmt[3].txt
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\krystine@atdmt[5].txt
C:\Users\Krystine\AppData\Roaming\Microsoft\Windows\Cookies\krystine@atdmt[6].txt
.adcloudmedia.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.insight.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.insight.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.insight.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.insight.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.insight.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.chitika.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.admarketplace.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.nhl.112.2o7.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.myroitracking.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.kontera.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.kaspersky.122.2o7.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.interclick.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.interclick.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.interclick.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.advertise.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.revsci.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.revsci.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.revsci.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.revsci.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.xiti.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.kontera.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.kontera.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
.stopzilla.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]
xml.trafficengine.net [ C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\cookies.sqlite ]

Trojan.DNS-Changer (Hi-Jacked DNS)
(x86) HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{72B5DE34-F39A-4EF6-B01A-8D412C817851}#NAMESERVER
(x86) HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E39CD003-0F32-4AEB-82C9-0000B1580326}#NAMESERVER
(x86) HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{72B5DE34-F39A-4EF6-B01A-8D412C817851}#NAMESERVER
(x86) HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E39CD003-0F32-4AEB-82C9-0000B1580326}#NAMESERVER
(x86) HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{72B5DE34-F39A-4EF6-B01A-8D412C817851}#NAMESERVER
(x86) HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E39CD003-0F32-4AEB-82C9-0000B1580326}#NAMESERVER
(x86) HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER
(x86) HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER
(x86) HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

Malware.Trace
(x86) HKU\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\XML



I just wanted to say thank you for taking all this time to help me. I would never have been able to do it myself. I'm going to see if my symptoms are still there, and if they're gone, I'm going to do the system restore thing you said on the last page.

Edited by krystine, 01 September 2010 - 05:23 PM.

  • 0

#25
krystine
Posted 01 September 2010 - 06:02 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
For some reason I can't connect to the internet (wirelessly or directly to the router) since that last reboot after the scans, so I don't know if I still have the problem or not. Is it possible something was removed that could cause this? I'm going to have to go to a restore point before the scans because I don't know what else to do about this problem.
  • 0

Advertisements

#26
emeraldnzl
Posted 01 September 2010 - 07:20 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello krystine,

Sorry about the delay in getting back. I had to go out for an hour or two.

If you haven't done so leave the Restore Point one for now.

If SuperAntiSpyware was correct (and I am not yet 100% convinced) and your setup has dns changer (a zlob infection) then it explains what has been happening with your machine.

It's strange though (why am not 100% convinced) that Malwarebytes didn't find it as it usually sees that one. We will carry out a repair as if MBAM can see it though to satisfy ourselves about it.

The reason you cannot connect to the internet may be because of something SAS has done in trying to rid your connection of what it thinks is malware. Following the instructions below will hopefully correct the problem. If not we will move on to other things. :)

Now

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

Also copy this link for router passwords - see below http://www.phenoelit...rg/dpl/dpl.html

Some things here to know.

DNS changer infects your router.

We need to clean your machine again, off line, so that the router can't re-infect your computer.

Before you use the router again we want to re-set it to it's default settings to remove the infection and stop it coming back.

Some routers you can re-set quite easily just by rebooting them others need a different approach. Some types of internet (i.e. DSL connections that use PPPoE in the router), you will need to know the data to re-setup the router itself.

What I am going to do now is give you some instructions that work in most cases.

If however it doesn't work for you, you will lose internet connection and will need to talk to your router provider to ascertain how to re-setup your router.

You have used Malwarebytes before.

If you no-longer have Malwarebytes please download from here.

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have run Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now :)
  • 0

#27
krystine
Posted 01 September 2010 - 08:05 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
The malwarebytes scan didn't find anything.
  • 0

#28
emeraldnzl
Posted 01 September 2010 - 08:29 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Not unexpected; but have you carried out the other actions and, have you got connection now?
  • 0

#29
krystine
Posted 01 September 2010 - 08:40 PM

krystine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Yes I reset my router but I still can't connect.
  • 0

#30
emeraldnzl
Posted 01 September 2010 - 09:19 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello krystine,

  • Go to Start (bottom left of screen) > All Programs > Accessories >
  • RIGHT-click on Command Prompt
  • Select Run As Administrator
  • In the command window type the following and then hit enter:
    ipconfig /flushdns (note the space... it should be there)

Tell me if that has made a difference.

Edited by emeraldnzl, 01 September 2010 - 09:20 PM.
added request to tell me

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP