problem when clicking on links in firefox...redirected to a different page.

Page 2 of 5 Previous  1, 2, 3, 4, 5  Next

View previous topic View next topic Go down

problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed 30 Mar 2011, 10:13 pm

First topic message reminder :


lately, when I search for a topic and then click on a link provided (in google) I am redirected to a different page. also, in firefox, random pages will open in a new tab all on their own. they are always spam type pages. I have run AVG, super anti-spyware, and maleware bites anti maleware but can't get rid of it. hijack this is included below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:13:25 AM, on 3/30/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\My Computer\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\My Computer\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9fb9d112482d4) (gupdate1c9fb9d112482d4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

--
End of file - 8716 bytes


any disasters you see, please feel free to comment.

thanks,
Jeremy

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down


Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon 04 Apr 2011, 9:56 pm

by the way, it didn't ask to reboot.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Mon 04 Apr 2011, 9:59 pm

I think you clicked the run scan button, you need to click the run fix button after pasting the script.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon 04 Apr 2011, 10:01 pm

oops.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon 04 Apr 2011, 10:07 pm

========== FILES ==========
File\Folder C:WINDOWS\Temp\srv8D4.tmp not found.
C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe moved successfully.
C:\WINDOWS\System32\drivers\1385E.sys moved successfully.
C:\WINDOWS\cadkasdeinst01e.exe moved successfully.
========== SERVICES/DRIVERS ==========
Service srv8D4 stopped successfully!
Service srv8D4 deleted successfully!
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259F616C-A300-44F5-B04A-ED001A26C85C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS not found.
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 04042011_070230

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Wed 06 Apr 2011, 4:43 am

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed 06 Apr 2011, 6:35 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6280

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/5/2011 3:34:04 PM
mbam-log-2011-04-05 (15-34-04).txt

Scan type: Quick scan
Objects scanned: 252894
Time elapsed: 26 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\1453E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\-213E8.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Wed 06 Apr 2011, 9:23 pm

How is your computer running now?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed 06 Apr 2011, 10:03 pm

internet is painstakingly slow. I've tried it connected to my wife's laptop and it runs at normal speed. websites load slowly, youtube videos won't play. super slow.

I can't log off or shut down...the computer freezes during the log off process.

aside from that, things seem fine. here's another hijack this log, just in case something else crept in in the meantime...what do you recommend for anti virus? I use AVG because it's free, and everyone else seems to use it, but I'm open to suggestions.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:02:08 AM, on 4/6/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9fb9d112482d4) (gupdate1c9fb9d112482d4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

--
End of file - 7370 bytes


Last edited by jeremypc on Wed 06 Apr 2011, 10:04 pm; edited 1 time in total (Reason for editing : i forgot a detail)

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 08 Apr 2011, 10:56 am

in order to get any internet access, I need to reboot my computer (by manually turning it off and back on) then, It works like normal for a while, but after an hour or so, it doesn't work at all and I have to go through the manual reboot process all over again. non internet programs operate fine.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri 08 Apr 2011, 6:03 pm

Ok, we try a rootkit scan.

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, dont take any action. It could be a false positive.
  • Click OK and quit the GMER program.
  • Please post the contents of gmer.txt in your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat 09 Apr 2011, 4:17 am

the scan was stopped because GMER found a modifictation to the rootkit (that was the gist of the message)???

either way, I don't think the scan completed as it should have...

here's the log:


GMER 1.0.15.15570 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-08 13:14:58
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 ST380211AS rev.3.AAE
Running: myqodzvz.exe; Driver: C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\ufgyqkog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text KDCOM.DLL!KdSendPacket + FFFFF193 BA4B8345 165 Bytes [FE, FF, 8B, F0, 85, F6, 7C, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 45 BA4B83EB 106 Bytes [8B, CA, B8, 20, 00, 01, 00, ...]
.text KDCOM.DLL!KdSave BA4B8456 80 Bytes [FD, FF, FF, 8B, BD, C0, FC, ...]
.text KDCOM.DLL!KdRestore + 47 BA4B84A7 14 Bytes [56, 68, 6E, 5A, 4F, 00, 56, ...] {PUSH ESI; PUSH 0x4f5a6e; PUSH ESI; PUSH EDI; LEA EAX, [EBP-0x330]}
.text KDCOM.DLL!KdRestore + 56 BA4B84B6 178 Bytes CALL BA3EC8B6
.text KDCOM.DLL!KdRestore + 109 BA4B8569 83 Bytes [10, FF, 75, FC, FF, 75, 0C, ...]
.text KDCOM.DLL!KdRestore + 15D BA4B85BD 16 Bytes CALL 174CA9C4
.text KDCOM.DLL!KdRestore + 16E BA4B85CE 7 Bytes [55, 8B, EC, 8B, 45, 08, FF]
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 5C BA4B8FA8 1 Byte [00]
PAGEKD KDCOM.DLL!KdReceivePacket + 5C BA4B8FA8 47 Bytes [00, 00, FF, D0, 53, FF, 75, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 8C BA4B8FD8 91 Bytes [8B, 4D, C8, BA, 02, 00, 00, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + E8 BA4B9034 2 Bytes [32, F6] {XOR DH, DH}
PAGEKD KDCOM.DLL!KdReceivePacket + EB BA4B9037 55 Bytes [4D, 00, 00, 00, 00, A8, 10, ...]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 20 BA4B91D2 94 Bytes [0B, 3A, 41, 01, 75, 0F, 83, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 7F BA4B9231 59 Bytes [89, 45, F8, FF, 15, 00, 90, ...]
PAGEKD KDCOM.DLL!KdSendPacket + BB BA4B926D 11 Bytes [F3, A4, 8B, 4D, F8, 8B, 79, ...]
PAGEKD KDCOM.DLL!KdSendPacket + C7 BA4B9279 52 Bytes [33, C9, 03, FA, 66, 3B, 4B, ...]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD0Transition] [BA4B971A] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD3Transition] [BA4B9724] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdRestore] [BA4B97C6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdReceivePacket] [BA4B97DC] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize0] [BA4B97A0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSave] [BA4B97BA] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize1] [BA4B97AC] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSendPacket] [BA4B97D2] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [BA4B97C6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 8BFFFFFC
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 43E8E44D
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] E8FFF26E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] FFF7104B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] CC000CC2

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eufs.sys (File System Filter Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 TDL4@MBR code has been found <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Sun 10 Apr 2011, 4:35 pm

aha, OK the nasty bugger you had, has not been removed or has come back.
We try again.
  • Download TDSSKiller by Kaspersky from here and save it to your Desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).

====================

Reboot after this and rerun the GMER scan, please.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon 11 Apr 2011, 9:35 am

2011/04/10 08:44:19.0609 0308 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/10 08:44:19.0625 0308 ================================================================================
2011/04/10 08:44:19.0625 0308 SystemInfo:
2011/04/10 08:44:19.0625 0308
2011/04/10 08:44:19.0625 0308 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/10 08:44:19.0625 0308 Product type: Workstation
2011/04/10 08:44:19.0625 0308 ComputerName: MY-A2A4159540F8
2011/04/10 08:44:19.0640 0308 UserName: Jeremy C
2011/04/10 08:44:19.0640 0308 Windows directory: C:\WINDOWS
2011/04/10 08:44:19.0640 0308 System windows directory: C:\WINDOWS
2011/04/10 08:44:19.0640 0308 Processor architecture: Intel x86
2011/04/10 08:44:19.0640 0308 Number of processors: 1
2011/04/10 08:44:19.0640 0308 Page size: 0x1000
2011/04/10 08:44:19.0640 0308 Boot type: Normal boot
2011/04/10 08:44:19.0640 0308 ================================================================================
2011/04/10 08:44:19.0937 0308 Initialize success
2011/04/10 08:44:32.0515 0240 ================================================================================
2011/04/10 08:44:32.0515 0240 Scan started
2011/04/10 08:44:32.0515 0240 Mode: Manual;
2011/04/10 08:44:32.0515 0240 ================================================================================
2011/04/10 08:44:32.0953 0240 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/10 08:44:33.0062 0240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/10 08:44:33.0250 0240 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/10 08:44:33.0406 0240 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/04/10 08:44:33.0531 0240 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/10 08:44:33.0625 0240 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/04/10 08:44:34.0093 0240 ALCXWDM (34fc779e3ce6964546e02596acc8ff48) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/10 08:44:35.0015 0240 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/04/10 08:44:35.0140 0240 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/10 08:44:35.0250 0240 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/10 08:44:35.0437 0240 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/10 08:44:35.0578 0240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/10 08:44:35.0734 0240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/10 08:44:35.0890 0240 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
2011/04/10 08:44:36.0031 0240 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
2011/04/10 08:44:36.0140 0240 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
2011/04/10 08:44:36.0250 0240 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
2011/04/10 08:44:36.0375 0240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/10 08:44:36.0500 0240 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/10 08:44:36.0734 0240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/10 08:44:36.0843 0240 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/10 08:44:36.0953 0240 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2011/04/10 08:44:37.0062 0240 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/10 08:44:37.0687 0240 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/10 08:44:37.0843 0240 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/10 08:44:38.0031 0240 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/10 08:44:38.0156 0240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/10 08:44:38.0265 0240 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/10 08:44:38.0484 0240 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/10 08:44:38.0640 0240 EUBAKUP (3e5ddbd7405ad6f59f0646a15c754079) C:\WINDOWS\system32\drivers\eubakup.sys
2011/04/10 08:44:38.0781 0240 EuDisk (155666649521732bd4cc1a10823515f0) C:\WINDOWS\system32\DRIVERS\EuDisk.sys
2011/04/10 08:44:38.0906 0240 EUDSKACS (1acc054dfcc3a53cdbc8cfd6b111346f) C:\WINDOWS\system32\drivers\eudskacs.sys
2011/04/10 08:44:39.0031 0240 EUFS (a0dea491ac141207b348013725651044) C:\WINDOWS\system32\drivers\eufs.sys
2011/04/10 08:44:39.0156 0240 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/10 08:44:39.0296 0240 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/10 08:44:39.0406 0240 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/10 08:44:39.0531 0240 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/10 08:44:39.0687 0240 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/10 08:44:39.0859 0240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/10 08:44:39.0968 0240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/10 08:44:40.0109 0240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/04/10 08:44:40.0218 0240 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/10 08:44:40.0375 0240 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/10 08:44:40.0593 0240 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/10 08:44:40.0875 0240 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/10 08:44:41.0015 0240 ialm (afa7c99d211a2aff21a287bc4264cde6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/10 08:44:41.0156 0240 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/10 08:44:41.0390 0240 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/10 08:44:41.0500 0240 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/10 08:44:41.0640 0240 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/10 08:44:41.0750 0240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/10 08:44:41.0859 0240 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/10 08:44:41.0984 0240 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/10 08:44:42.0203 0240 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/10 08:44:42.0312 0240 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/10 08:44:42.0453 0240 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/10 08:44:42.0578 0240 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/10 08:44:42.0687 0240 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/10 08:44:42.0828 0240 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/10 08:44:43.0171 0240 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/04/10 08:44:43.0312 0240 mf (729d83e56c29c510258a6e9e79ffddc3) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/04/10 08:44:43.0421 0240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/10 08:44:43.0546 0240 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/10 08:44:43.0656 0240 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/10 08:44:43.0796 0240 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/10 08:44:43.0906 0240 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/10 08:44:44.0109 0240 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/10 08:44:44.0250 0240 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/10 08:44:44.0406 0240 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/10 08:44:44.0546 0240 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/10 08:44:44.0656 0240 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/10 08:44:44.0796 0240 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/10 08:44:44.0906 0240 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/10 08:44:45.0031 0240 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/10 08:44:45.0171 0240 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/10 08:44:45.0312 0240 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/10 08:44:45.0437 0240 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/10 08:44:45.0578 0240 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/10 08:44:45.0703 0240 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/10 08:44:45.0828 0240 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/10 08:44:45.0953 0240 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/10 08:44:46.0062 0240 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/10 08:44:46.0156 0240 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/10 08:44:46.0281 0240 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/10 08:44:46.0437 0240 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/10 08:44:46.0578 0240 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/10 08:44:46.0750 0240 NuidFltr (e8717d9b0d1919cadafd8896a8e23e17) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/04/10 08:44:46.0843 0240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/10 08:44:46.0953 0240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/10 08:44:47.0062 0240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/10 08:44:47.0171 0240 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/10 08:44:47.0296 0240 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/10 08:44:47.0406 0240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/10 08:44:47.0531 0240 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/10 08:44:47.0734 0240 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/10 08:44:47.0843 0240 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/10 08:44:47.0984 0240 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/04/10 08:44:48.0703 0240 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/04/10 08:44:48.0812 0240 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/10 08:44:48.0968 0240 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/10 08:44:49.0078 0240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/10 08:44:49.0203 0240 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/10 08:44:49.0781 0240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/10 08:44:49.0906 0240 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/10 08:44:50.0046 0240 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/10 08:44:50.0156 0240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/10 08:44:50.0265 0240 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/10 08:44:50.0390 0240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/10 08:44:50.0515 0240 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/10 08:44:50.0656 0240 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/10 08:44:50.0812 0240 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/04/10 08:44:50.0937 0240 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/10 08:44:51.0015 0240 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/10 08:44:51.0093 0240 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/10 08:44:51.0234 0240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/10 08:44:51.0390 0240 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/10 08:44:51.0500 0240 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/10 08:44:51.0656 0240 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/10 08:44:51.0859 0240 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/10 08:44:51.0984 0240 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2011/04/10 08:44:52.0203 0240 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/10 08:44:52.0328 0240 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/10 08:44:52.0500 0240 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/10 08:44:52.0640 0240 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/10 08:44:52.0765 0240 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/10 08:44:52.0890 0240 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/10 08:44:53.0375 0240 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/10 08:44:53.0515 0240 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/10 08:44:53.0656 0240 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/10 08:44:53.0765 0240 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/10 08:44:53.0890 0240 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/10 08:44:54.0109 0240 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/10 08:44:54.0328 0240 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/10 08:44:54.0468 0240 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/10 08:44:54.0625 0240 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/10 08:44:54.0734 0240 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/10 08:44:54.0843 0240 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/10 08:44:54.0953 0240 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/10 08:44:55.0062 0240 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/10 08:44:55.0187 0240 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/10 08:44:55.0296 0240 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/10 08:44:55.0390 0240 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/10 08:44:55.0515 0240 USB_RNDIS_XP (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/04/10 08:44:55.0656 0240 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/10 08:44:55.0859 0240 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/10 08:44:56.0031 0240 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
2011/04/10 08:44:56.0296 0240 VX6000 (23c729c7c2465c901f52979b0a43e0e4) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
2011/04/10 08:44:56.0468 0240 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/10 08:44:56.0593 0240 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/10 08:44:56.0828 0240 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/10 08:44:57.0015 0240 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/10 08:44:57.0171 0240 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/10 08:44:57.0312 0240 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/10 08:44:57.0453 0240 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/10 08:44:57.0546 0240 X4HSX32 (28a27b68984b068567f109204ef74e0d) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
2011/04/10 08:44:57.0656 0240 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/10 08:44:57.0718 0240 ================================================================================
2011/04/10 08:44:57.0718 0240 Scan finished
2011/04/10 08:44:57.0718 0240 ================================================================================
2011/04/10 08:44:57.0734 0252 Detected object count: 1
2011/04/10 08:45:13.0875 0252 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/10 08:45:13.0875 0252 \HardDisk0 - ok
2011/04/10 08:45:13.0875 0252 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon 11 Apr 2011, 9:35 am

GMER 1.0.15.15570 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-10 18:32:30
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 ST380211AS rev.3.AAE
Running: myqodzvz.exe; Driver: C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\ufgyqkog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eufs.sys (File System Filter Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

---- EOF - GMER 1.0.15 ----

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon 11 Apr 2011, 11:49 am

I was able to restart the computer after this...and once I reconnected the internet (I had this pc disconnected and was working with a laptop while online), it worked ok for an hour or so, but now it is super slow again. should I install antivirus? I've been without it since we started. What do you recommend I use?


jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Tue 12 Apr 2011, 6:56 am

Were going to run a disk scan first.
Close all programs before proceding with this.

Go to Start >> Run and copy/paste the following:
Code:
CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30
Your computer will reboot after this.

====================

Download and install Avira anti virus.


Run a full scan and allow it to remove all threats it finds.
Reboot your computer, open Avira and find the log (File report button)
Copy&paste the report in your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Tue 12 Apr 2011, 7:44 am

I ran the disk scan. I saw it start, when I returned, the windows log on screen was up. I see no report. does this mean all is well????
I am starting the Avira process now. I will post the log this evening.
(the link to Avira is the spanish version fyi...I found the english version)


Last edited by jeremypc on Tue 12 Apr 2011, 7:49 am; edited 2 times in total (Reason for editing : additional info)

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed 13 Apr 2011, 10:21 am

Avira has been scanning for 14 hours and is only 8.5% completed...

there are 13 detections, and 2 hidden objects. I can't believe it should be taking this long. is this normal????I'll let it keep going.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed 13 Apr 2011, 9:49 pm

Here are the results of a partial first scan. I stopped the scan before it had finished (almost 16 hours).

Avira AntiVir Personal
Report file date: Tuesday, April 12, 2011 04:48

Scanning for 2544884 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MY-A2A4159540F8

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 20:52:52
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 20:52:52
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 20:52:52
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 20:52:53
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 20:52:53
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 20:52:53
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 20:52:53
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 20:52:53
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 20:52:53
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 20:52:53
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 20:52:55
VBASE014.VDF : 7.11.6.29 2048 Bytes 4/11/2011 20:52:55
VBASE015.VDF : 7.11.6.30 2048 Bytes 4/11/2011 20:52:55
VBASE016.VDF : 7.11.6.31 2048 Bytes 4/11/2011 20:52:55
VBASE017.VDF : 7.11.6.32 2048 Bytes 4/11/2011 20:52:55
VBASE018.VDF : 7.11.6.33 2048 Bytes 4/11/2011 20:52:55
VBASE019.VDF : 7.11.6.34 2048 Bytes 4/11/2011 20:52:55
VBASE020.VDF : 7.11.6.35 2048 Bytes 4/11/2011 20:52:56
VBASE021.VDF : 7.11.6.36 2048 Bytes 4/11/2011 20:52:56
VBASE022.VDF : 7.11.6.37 2048 Bytes 4/11/2011 20:52:56
VBASE023.VDF : 7.11.6.38 2048 Bytes 4/11/2011 20:52:56
VBASE024.VDF : 7.11.6.39 2048 Bytes 4/11/2011 20:52:56
VBASE025.VDF : 7.11.6.40 2048 Bytes 4/11/2011 20:52:57
VBASE026.VDF : 7.11.6.41 2048 Bytes 4/11/2011 20:52:57
VBASE027.VDF : 7.11.6.42 2048 Bytes 4/11/2011 20:52:57
VBASE028.VDF : 7.11.6.43 2048 Bytes 4/11/2011 20:52:57
VBASE029.VDF : 7.11.6.44 2048 Bytes 4/11/2011 20:52:57
VBASE030.VDF : 7.11.6.45 2048 Bytes 4/11/2011 20:52:58
VBASE031.VDF : 7.11.6.53 38400 Bytes 4/11/2011 20:52:58
Engineversion : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/11/2011 20:53:05
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/11/2011 20:53:03
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/11/2011 20:53:03
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/11/2011 20:53:02
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 4/11/2011 20:53:02
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/11/2011 20:53:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.20.2 196982 Bytes 4/11/2011 20:52:59
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, April 12, 2011 04:48

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.
Brmfrmps.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '103' Module(s) have been scanned
Scan process 'alg.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'iPodService.exe' - '28' Module(s) have been scanned
Scan process 'ctfmon.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '46' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'EuWatch.exe' - '15' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '57' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '47' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '27' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '62' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '37' Module(s) have been scanned
Scan process 'Agent.exe' - '63' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '8' Module(s) have been scanned
Scan process 'Explorer.EXE' - '90' Module(s) have been scanned
Scan process 'avshadow.exe' - '24' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '46' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned
Scan process 'spoolsv.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '76' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1791' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\26\5e62b35a-79b1e26a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
--> Applet2.class
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\29\3fc4559d-2cad53b2
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
--> Applet2.class
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\52\237fcef4-2ed142e7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
--> Applet2.class
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srv700.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srv78.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvD3C.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvF98.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvFB4.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvFD0.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9CJT2ZR1\track[1].php
[DETECTION] Contains recognition pattern of the JS/Agent.DZ Java script virus
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E0UBHWC4\manual[1].pdf
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L24VBLQZ\load[1].php
[DETECTION] Is the TR/Agent2.lvv Trojan
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOY750PE\manual[2].pdf
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit

Beginning disinfection:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOY750PE\manual[2].pdf
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '45975481.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L24VBLQZ\load[1].php
[DETECTION] Is the TR/Agent2.lvv Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d177b14.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E0UBHWC4\manual[1].pdf
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '0f5f21c3.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9CJT2ZR1\track[1].php
[DETECTION] Contains recognition pattern of the JS/Agent.DZ Java script virus
[NOTE] The file was moved to the quarantine directory under the name '697f6e2b.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvFD0.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2ce44315.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvFB4.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '53ff7174.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvF98.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1f475d39.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvD3C.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '635f1d69.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srv78.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e053224.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srv700.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '576d09b3.qua'.
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\52\237fcef4-2ed142e7
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
[NOTE] The file was moved to the quarantine directory under the name '38f03a44.qua'.
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\29\3fc4559d-2cad53b2
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
[NOTE] The file was moved to the quarantine directory under the name '4a951c19.qua'.
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\26\5e62b35a-79b1e26a
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
[NOTE] The file was moved to the quarantine directory under the name '47522cd2.qua'.


End of the scan: Tuesday, April 12, 2011 20:35
Used time: 15:45:25 Hour(s)

The scan has been canceled!

10020 Scanned directories
121759 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
13 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
121746 Files not concerned
1063 Archives were scanned
0 Warnings
13 Notes
614821 Objects were scanned with rootkit scan
2 Hidden objects were found


jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed 13 Apr 2011, 9:50 pm

I then ran the scan again and it finished completely in 2 1/2 hours.



Avira AntiVir Personal
Report file date: Tuesday, April 12, 2011 23:22

Scanning for 2549700 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MY-A2A4159540F8

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 20:52:52
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 20:52:52
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 20:52:52
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 20:52:53
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 20:52:53
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 20:52:53
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 20:52:53
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 20:52:53
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 20:52:53
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 20:52:53
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 20:52:55
VBASE014.VDF : 7.11.6.29 2048 Bytes 4/11/2011 20:52:55
VBASE015.VDF : 7.11.6.30 2048 Bytes 4/11/2011 20:52:55
VBASE016.VDF : 7.11.6.31 2048 Bytes 4/11/2011 20:52:55
VBASE017.VDF : 7.11.6.32 2048 Bytes 4/11/2011 20:52:55
VBASE018.VDF : 7.11.6.33 2048 Bytes 4/11/2011 20:52:55
VBASE019.VDF : 7.11.6.34 2048 Bytes 4/11/2011 20:52:55
VBASE020.VDF : 7.11.6.35 2048 Bytes 4/11/2011 20:52:56
VBASE021.VDF : 7.11.6.36 2048 Bytes 4/11/2011 20:52:56
VBASE022.VDF : 7.11.6.37 2048 Bytes 4/11/2011 20:52:56
VBASE023.VDF : 7.11.6.38 2048 Bytes 4/11/2011 20:52:56
VBASE024.VDF : 7.11.6.39 2048 Bytes 4/11/2011 20:52:56
VBASE025.VDF : 7.11.6.40 2048 Bytes 4/11/2011 20:52:57
VBASE026.VDF : 7.11.6.41 2048 Bytes 4/11/2011 20:52:57
VBASE027.VDF : 7.11.6.42 2048 Bytes 4/11/2011 20:52:57
VBASE028.VDF : 7.11.6.43 2048 Bytes 4/11/2011 20:52:57
VBASE029.VDF : 7.11.6.44 2048 Bytes 4/11/2011 20:52:57
VBASE030.VDF : 7.11.6.45 2048 Bytes 4/11/2011 20:52:58
VBASE031.VDF : 7.11.6.66 99840 Bytes 4/12/2011 00:54:59
Engineversion : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/11/2011 20:53:05
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/11/2011 20:53:03
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/11/2011 20:53:03
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/11/2011 20:53:02
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 4/11/2011 20:53:02
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/11/2011 20:53:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.20.2 196982 Bytes 4/11/2011 20:52:59
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, April 12, 2011 23:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'EuWatch.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
Scan process 'Agent.exe' - '1' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1791' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\WINDOWS\Temp\Acr12.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
C:\WINDOWS\Temp\Acr138.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
C:\WINDOWS\Temp\Acr5A.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
C:\WINDOWS\Temp\n.exn
[DETECTION] Is the TR/Agent2.lvv Trojan
C:\_OTL\MovedFiles\04042011_070230\C_Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
[DETECTION] Is the TR/Dldr.FraudLoad.zbdt Trojan
Begin scan in 'E:\'
E:\My Documents\Programs\Pitfall_II.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Click.VBiframe.coi Trojan
--> Pitfall II.exe
[DETECTION] Is the TR/Click.VBiframe.coi Trojan
E:\My Documents\Programs\Pitfall_II\Pitfall II.exe
[DETECTION] Is the TR/Click.VBiframe.coi Trojan

Beginning disinfection:
E:\My Documents\Programs\Pitfall_II\Pitfall II.exe
[DETECTION] Is the TR/Click.VBiframe.coi Trojan
[NOTE] The file was moved to the quarantine directory under the name '459cde58.qua'.
E:\My Documents\Programs\Pitfall_II.zip
[DETECTION] Is the TR/Click.VBiframe.coi Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d0bf1e0.qua'.
C:\_OTL\MovedFiles\04042011_070230\C_Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
[DETECTION] Is the TR/Dldr.FraudLoad.zbdt Trojan
[NOTE] The file was moved to the quarantine directory under the name '0f59ab0e.qua'.
C:\WINDOWS\Temp\n.exn
[DETECTION] Is the TR/Agent2.lvv Trojan
[NOTE] The file was moved to the quarantine directory under the name '6970e48f.qua'.
C:\WINDOWS\Temp\Acr5A.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '2ce9c9ee.qua'.
C:\WINDOWS\Temp\Acr138.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '53f2fb8f.qua'.
C:\WINDOWS\Temp\Acr12.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '1f4ad7c4.qua'.


End of the scan: Wednesday, April 13, 2011 06:26
Used time: 2:24:37 Hour(s)

The scan has been done completely.

24694 Scanned directories
554464 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
554457 Files not concerned
2633 Archives were scanned
0 Warnings
7 Notes


jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Wed 13 Apr 2011, 10:17 pm

OK, were going to try another attempt to run Combofix.

Please download OTH by OldTimer from here and save it to your Desktop (if you use Firefox, right click the link and choose Save Link As ...)

Print the following instructions. You will not have access to them during their execution.
  • Save all your work and close all programs, the next step will stop nearly every process on your computer!
  • Double click OTH.scr to run the tool
  • Click Kill All Processes: your desktop will go blank
  • Press [CTRL]+[SHIFT]+[ESC] to bring up Windows Task Manager and rightclick >> terminate the OTH.scr process under Processes
  • In Task Manager choose File >> New task (Execute), type explorer and hit enter. Your decktop will be back.
  • NOTE: your computer will now be running with minimum processes (e.g. no antivirus).


====================

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop (if you still have it on your desktop from your previous attempts, delete that one and download it again)

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed 13 Apr 2011, 11:20 pm

I followed your steps, twice, and still got the message about AVG when running combofix.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Thu 14 Apr 2011, 1:23 am

*sigh*

Please download aswMBR from here and save it to your desktop.

  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan
  • Please ignore any **Rootkit** entries. I will look at them.
  • Once the scan finishes click Save log to save the log to your Desktop
  • Copy and paste the contents of aswMBR.txt in your next reply

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 15 Apr 2011, 1:32 pm

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-14 22:22:24
-----------------------------
22:22:24.937 OS Version: Windows 5.1.2600 Service Pack 2
22:22:24.937 Number of processors: 1 586 0x409
22:22:24.937 ComputerName: MY-A2A4159540F8 UserName: Jeremy C
22:22:47.921 Initialize success
22:22:57.156 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
22:22:57.156 Disk 0 Vendor: Maxtor_6L120P0 BAH41G10 Size: 117246MB BusType: 3
22:22:57.187 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17
22:22:57.187 Disk 1 Vendor: ST380211AS 3.AAE Size: 76319MB BusType: 3
22:22:59.218 Disk 1 MBR read successfully
22:22:59.218 Disk 1 MBR scan
22:23:01.250 Disk 1 scanning sectors +156280320
22:23:01.281 Disk 1 scanning C:\WINDOWS\system32\drivers
22:23:24.500 Service scanning
22:23:25.750 Disk 1 trace - called modules:
22:23:25.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:23:25.765 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a3bcab8]
22:23:25.765 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\00000068[0x8a411ae8]
22:23:25.765 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8a3d9998]
22:23:26.265 Scan finished successfully

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri 15 Apr 2011, 10:09 pm

Well, the rootkit scan comes up clean.
How is your computer running at the moment?

====================

I would like to see a fresh OTL log.

  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need to use two posts to get it all.


====================

Were going to run a scan with ESET Online Scanner. Please make sure you are logged in as a user with administrator rights and proceed with the following steps:
  • Use Internet Explorer to browse to the ESET Online Scanner webpage
  • Click the green ESET Online Scanner button
  • A popup window will open
  • Accept the terms of use and click Start
  • Internet Explorer probably informs you that ESET tries to install an add-on. Allow that.
  • UNSELECT the Remove all threats option.
  • Click Start
  • When the scan has finished and threats were found, click List of found threats
  • Click Export to text file and save it as e.g. eset.txt on your desktop
  • Click Back
  • Select Uninstall application on close
  • Click Finish. ESET Online Scanner will now uninstall itself
  • Please post the contents of the eset.txt in your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Sponsored content Today at 9:49 am


Sponsored content


Back to top Go down

Page 2 of 5 Previous  1, 2, 3, 4, 5  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum