AutumnSage

Malicious URL Block, unable to find virus/malware

26 posts in this topic

Hi,

Thanks for any help in advance.

For the past week I've been having issues with my FireFox(version 3.6.12). There is a search toolbar that has google, yahoo, amazon, ebay, comcast search etc that I can search from. I can search using every service but google. When I search with google, I get a Malicious URL Blocked message from my virus software (I have Avast! Version 5.0.677 ) Here is the info the little pop up from Avast gives me:

Object: sear.search-star.net/?={what I searched for here}&sid=1010148100

Infection: URL: Mal

Action: Blocked

Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

I have run both a quick scan and a full scan with avast and neither have picked up anything.

This also seems to occur when I try to search with the google toolbar on Internet Explorer(version 8.0.6) as well. (As typing this I went to open Internet Explorer, which is not my default browser and got a message stating the following: A program on your computer has corrupted your default search provider setting for internet explorer. Internet explorer has reset this setting to your original search provider, Live Search.

Share this post


Link to post
Share on other sites

Hi AutumnSage and Welcome to Malwarebytes Forum!

Sorry for the delay. You still need help?

Share this post


Link to post
Share on other sites

Thanks for replying.

Yes I still need help. I haven't tried any new scans or tried to do any search with the google toolbar since I posted. I haven't even updated Windows (it's been asking me for a day or so now) cause I wanted to see what I had to do/didn't want to change what I posted about so far.

Share this post


Link to post
Share on other sites

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Next

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

In your next reply, please include these log(s):

1.DDS.txt

2.Attach.txt

3.RKU log

Share this post


Link to post
Share on other sites

I have the two DDS scans.

I tried to run the rootkit unhooker and I kept getting this message:

Rootkit Error Loading Driver status code: 0XC000036B

DDS.txt:

DDS (Ver_10-12-05.01) - NTFS_AMD64

Run by KendraK at 23:41:30.02 on Thu 12/09/2010

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22

Microsoft

Share this post


Link to post
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Share this post


Link to post
Share on other sites

Here's the TDSSKiller Scan. It said it didn't find any infected files.

2010/12/11 15:19:03.0321 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/11 15:19:03.0321 ================================================================================

2010/12/11 15:19:03.0321 SystemInfo:

2010/12/11 15:19:03.0321

2010/12/11 15:19:03.0321 OS Version: 6.0.6002 ServicePack: 2.0

2010/12/11 15:19:03.0321 Product type: Workstation

2010/12/11 15:19:03.0321 ComputerName: KENDRAK-PC

2010/12/11 15:19:03.0322 UserName: KendraK

2010/12/11 15:19:03.0322 Windows directory: C:\Windows

2010/12/11 15:19:03.0322 System windows directory: C:\Windows

2010/12/11 15:19:03.0322 Running under WOW64

2010/12/11 15:19:03.0322 Processor architecture: Intel x64

2010/12/11 15:19:03.0322 Number of processors: 8

2010/12/11 15:19:03.0322 Page size: 0x1000

2010/12/11 15:19:03.0322 Boot type: Normal boot

2010/12/11 15:19:03.0322 ================================================================================

2010/12/11 15:19:03.0322 Utility is running under WOW64

2010/12/11 15:19:03.0541 Initialize success

2010/12/11 15:19:06.0481 ================================================================================

2010/12/11 15:19:06.0481 Scan started

2010/12/11 15:19:06.0481 Mode: Manual;

2010/12/11 15:19:06.0481 ================================================================================

2010/12/11 15:19:07.0298 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/12/11 15:19:07.0344 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/12/11 15:19:07.0381 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/12/11 15:19:07.0404 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/12/11 15:19:07.0423 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/12/11 15:19:07.0486 AE1000 (481d9b0da819b1ba425dbb354dbde518) C:\Windows\system32\DRIVERS\ae1000va.sys

2010/12/11 15:19:07.0535 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/12/11 15:19:07.0556 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/12/11 15:19:07.0576 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/12/11 15:19:07.0604 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/12/11 15:19:07.0621 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/12/11 15:19:07.0641 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2010/12/11 15:19:07.0664 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/12/11 15:19:07.0682 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/12/11 15:19:07.0710 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys

2010/12/11 15:19:07.0738 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys

2010/12/11 15:19:07.0753 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys

2010/12/11 15:19:07.0781 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys

2010/12/11 15:19:07.0792 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys

2010/12/11 15:19:07.0823 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/11 15:19:07.0848 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

2010/12/11 15:19:07.0886 AtiHdmiService (08fa104f07b243508ecd8d59007d2b2f) C:\Windows\system32\drivers\AtiHdmi.sys

2010/12/11 15:19:08.0000 atikmdag (29623db7e23b65f0c50ca19d7e0dfd03) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/12/11 15:19:08.0105 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/12/11 15:19:08.0116 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/11 15:19:08.0140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/12/11 15:19:08.0167 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/12/11 15:19:08.0204 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/12/11 15:19:08.0231 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/12/11 15:19:08.0258 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/12/11 15:19:08.0276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/12/11 15:19:08.0334 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/12/11 15:19:08.0420 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/11 15:19:08.0455 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/11 15:19:08.0477 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2010/12/11 15:19:08.0494 CLBStor (fe9e7b984796a2d2198abb04910d16ad) C:\Windows\system32\DRIVERS\CLBStor.sys

2010/12/11 15:19:08.0518 CLBUDF (f9693138bacdfa4513a7f464bd6663fd) C:\Windows\system32\drivers\CLBUDF.sys

2010/12/11 15:19:08.0552 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/12/11 15:19:08.0584 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/12/11 15:19:08.0601 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

2010/12/11 15:19:08.0613 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/12/11 15:19:08.0661 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/12/11 15:19:08.0686 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/12/11 15:19:08.0742 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/12/11 15:19:08.0787 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/11 15:19:08.0817 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/12/11 15:19:08.0856 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/12/11 15:19:08.0896 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/12/11 15:19:08.0934 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/12/11 15:19:08.0964 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/12/11 15:19:08.0997 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/12/11 15:19:09.0023 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/11 15:19:09.0037 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/12/11 15:19:09.0059 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/12/11 15:19:09.0076 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/11 15:19:09.0108 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/12/11 15:19:09.0129 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/11 15:19:09.0155 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/12/11 15:19:09.0203 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/12/11 15:19:09.0243 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/11 15:19:09.0272 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/12/11 15:19:09.0288 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2010/12/11 15:19:09.0314 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/11 15:19:09.0355 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/12/11 15:19:09.0398 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/12/11 15:19:09.0424 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/12/11 15:19:09.0446 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/11 15:19:09.0470 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/12/11 15:19:09.0500 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/12/11 15:19:09.0554 IntcAzAudAddService (05d2502d2e43fb7d5ddf4f1db079c2e0) C:\Windows\system32\drivers\RTKVHD64.sys

2010/12/11 15:19:09.0577 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/12/11 15:19:09.0592 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/11 15:19:09.0626 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/11 15:19:09.0665 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/12/11 15:19:09.0686 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/12/11 15:19:09.0710 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/12/11 15:19:09.0736 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/12/11 15:19:09.0757 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/11 15:19:09.0776 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/12/11 15:19:09.0797 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/12/11 15:19:09.0830 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/11 15:19:09.0850 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/11 15:19:09.0904 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/11 15:19:09.0935 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/12/11 15:19:09.0987 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/11 15:19:10.0024 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/12/11 15:19:10.0056 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/12/11 15:19:10.0085 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/12/11 15:19:10.0105 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/12/11 15:19:10.0126 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/12/11 15:19:10.0166 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/12/11 15:19:10.0201 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/12/11 15:19:10.0223 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/11 15:19:10.0236 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/11 15:19:10.0249 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/11 15:19:10.0262 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/12/11 15:19:10.0300 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/12/11 15:19:10.0331 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/11 15:19:10.0360 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/12/11 15:19:10.0396 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/12/11 15:19:10.0431 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/11 15:19:10.0450 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/11 15:19:10.0462 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/11 15:19:10.0478 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

2010/12/11 15:19:10.0499 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/12/11 15:19:10.0526 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/12/11 15:19:10.0540 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/12/11 15:19:10.0575 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/11 15:19:10.0591 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/11 15:19:10.0622 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/12/11 15:19:10.0658 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/12/11 15:19:10.0678 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/11 15:19:10.0693 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/12/11 15:19:10.0710 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/12/11 15:19:10.0752 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/11 15:19:10.0812 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/12/11 15:19:10.0840 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/11 15:19:10.0862 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/11 15:19:10.0880 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/11 15:19:10.0898 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/12/11 15:19:10.0937 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/11 15:19:10.0973 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/11 15:19:11.0010 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/12/11 15:19:11.0040 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/12/11 15:19:11.0066 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/11 15:19:11.0123 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/12/11 15:19:11.0146 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/12/11 15:19:11.0171 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/12/11 15:19:11.0193 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/12/11 15:19:11.0214 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/12/11 15:19:11.0258 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

2010/12/11 15:19:11.0290 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/12/11 15:19:11.0301 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/12/11 15:19:11.0333 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/12/11 15:19:11.0367 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

2010/12/11 15:19:11.0386 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/12/11 15:19:11.0418 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/12/11 15:19:11.0492 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/11 15:19:11.0517 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2010/12/11 15:19:11.0553 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/11 15:19:11.0596 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/12/11 15:19:11.0635 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/12/11 15:19:11.0656 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/11 15:19:11.0665 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/11 15:19:11.0686 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/11 15:19:11.0724 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/11 15:19:11.0759 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/11 15:19:11.0770 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/11 15:19:11.0789 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/11 15:19:11.0817 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/12/11 15:19:11.0830 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/11 15:19:11.0862 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/12/11 15:19:11.0904 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/11 15:19:11.0936 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys

2010/12/11 15:19:11.0982 RTL8187 (d5abaa870dc0df690cacfef0897e7f38) C:\Windows\system32\DRIVERS\wg111v2.sys

2010/12/11 15:19:12.0002 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/12/11 15:19:12.0044 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys

2010/12/11 15:19:12.0063 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/12/11 15:19:12.0090 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/11 15:19:12.0109 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

2010/12/11 15:19:12.0133 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/12/11 15:19:12.0172 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/12/11 15:19:12.0202 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/12/11 15:19:12.0214 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/12/11 15:19:12.0234 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/12/11 15:19:12.0259 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/12/11 15:19:12.0273 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/12/11 15:19:12.0314 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/12/11 15:19:12.0332 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/12/11 15:19:12.0373 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys

2010/12/11 15:19:12.0397 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/11 15:19:12.0414 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/11 15:19:12.0448 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/11 15:19:12.0470 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/12/11 15:19:12.0492 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/12/11 15:19:12.0503 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/12/11 15:19:12.0569 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/12/11 15:19:12.0604 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/11 15:19:12.0636 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/11 15:19:12.0658 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/12/11 15:19:12.0676 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/12/11 15:19:12.0715 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/11 15:19:12.0751 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/11 15:19:12.0786 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/11 15:19:12.0795 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/12/11 15:19:12.0832 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/11 15:19:12.0851 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/12/11 15:19:12.0890 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/11 15:19:12.0922 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/12/11 15:19:12.0944 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/12/11 15:19:12.0968 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/12/11 15:19:12.0990 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/12/11 15:19:13.0001 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/11 15:19:13.0053 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/11 15:19:13.0077 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/12/11 15:19:13.0103 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/11 15:19:13.0124 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/11 15:19:13.0143 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2010/12/11 15:19:13.0168 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/11 15:19:13.0205 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

2010/12/11 15:19:13.0221 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/11 15:19:13.0243 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/11 15:19:13.0260 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2010/12/11 15:19:13.0296 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/11 15:19:13.0314 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/12/11 15:19:13.0335 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/12/11 15:19:13.0344 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/12/11 15:19:13.0385 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/12/11 15:19:13.0423 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/12/11 15:19:13.0476 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/12/11 15:19:13.0627 wacmoumonitor (f39fc224758290a3193c68c091e6f11a) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

2010/12/11 15:19:13.0900 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

2010/12/11 15:19:13.0922 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/12/11 15:19:13.0932 wacomvhid (53b03e71e88109a5c3c074a33889258a) C:\Windows\system32\DRIVERS\wacomvhid.sys

2010/12/11 15:19:13.0943 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys

2010/12/11 15:19:13.0983 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/11 15:19:13.0991 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/11 15:19:14.0018 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/12/11 15:19:14.0050 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/11 15:19:14.0125 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

2010/12/11 15:19:14.0181 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/12/11 15:19:14.0207 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/11 15:19:14.0239 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/11 15:19:14.0334 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl

2010/12/11 15:19:14.0374 ================================================================================

2010/12/11 15:19:14.0374 Scan finished

2010/12/11 15:19:14.0374 ================================================================================

Share this post


Link to post
Share on other sites

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Share this post


Link to post
Share on other sites

Last night I started the Kaspersky scanner and followed all of your directions. It was updating and got to about 40% and then seemed to start over. By the time I went to bed (about 1 hour later) it was up to about 7% so I let it run overnight and this morning I checked and it was at 3% again. I closed the window, restarted my computer and followed all the directions again. No other programs were running, avast was disabled.

I've tried 3 times this morning and keep getting this message when it started to do the update:

post-61681-1292189211_thumb.png

Share this post


Link to post
Share on other sites

ESET Online Scanner will work:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Share this post


Link to post
Share on other sites

Here's the log:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=f34e39ead10dfa42860b696bdfbf03d4

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-14 04:19:37

# local_time=2010-12-13 11:19:37 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=770 16774141 100 0 0 0 0 0

# compatibility_mode=5892 16776573 100 56 0 128895297 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=200061

# found=9

# cleaned=0

# scan_time=3786

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4S6M8FF\st[1] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[1] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[2] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN0TY13K\version[2].xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQVR1568\version[1].xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d7ebba7 probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6c1315da multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ba76d24-58f95e8f multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\60babc48-72163751 multiple threats (unable to clean) 00000000000000000000000000000000 I

Share this post


Link to post
Share on other sites

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Services

    :Reg

    :Files
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4S6M8FF\st[1]
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[1]
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[2]
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN0TY13K\version[2].xml
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQVR1568\version[1].xml
    C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d7ebba7
    C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6c1315da
    C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ba76d24-58f95e8f
    C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\60babc48-72163751
    ipconfig /flushdns /c


    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Share this post


Link to post
Share on other sites

All processes killed

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4S6M8FF\st[1] moved successfully.

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[1] moved successfully.

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[2] moved successfully.

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN0TY13K\version[2].xml moved successfully.

C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQVR1568\version[1].xml moved successfully.

C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d7ebba7 moved successfully.

C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6c1315da moved successfully.

C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ba76d24-58f95e8f moved successfully.

C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\60babc48-72163751 moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\KendraK\Desktop\cmd.bat deleted successfully.

C:\Users\KendraK\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 538536 bytes

->Temporary Internet Files folder emptied: 91262696 bytes

->Java cache emptied: 9627 bytes

->FireFox cache emptied: 31676686 bytes

->Flash cache emptied: 1358 bytes

User: KendraK

->Temp folder emptied: 2070525916 bytes

->Temporary Internet Files folder emptied: 106099539 bytes

->Java cache emptied: 15170208 bytes

->FireFox cache emptied: 107359482 bytes

->Google Chrome cache emptied: 14062458 bytes

->Flash cache emptied: 2313783 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 81538133 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 40283 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 16438085499 bytes

Total Files Cleaned = 18,081.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 12142010_221234

Files moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hi,

I just did a quick search using the toolbar on my Firefox using the google search. I still received a message from Avast! saying it was a Malicious URL block. The same message as I listed in my first post.

Share this post


Link to post
Share on other sites

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Next

Router Reset

  • Please read this: Malware Silently Alters Wireless Router Settings
  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords
  • Then rest your router to it's factory default settings:
    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"
  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.
  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
      • The option Obtain an IP address automatically should be checked.
      • The option Obtain DNS server address automatically should be checked.

      [*]Click OK twice.

      [*]If you should change any setting reboot the computer.

Share this post


Link to post
Share on other sites

My computer isn't hooked up to the router nor do I have access to the router. My landlord, who lives above me, lets us use his internet. My computer has access with a linksys usb adapter. Can I do something without having access to the router? If I really have to I can probably ask my landlord to do it, but if there's something else I can do I would prefer that.

Here's the log for the gooredfix:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 10:50 on 15/12/2010 (KendraK)

Firefox version 3.6.13 (en-US)

========== GooredScan ==========

Removing Orphan:

"{3D3E8BD6-755B-47CE-BF73-94C18263B97B}"="C:\Users\KendraK\AppData\Local\{3D3E8BD6-755B-47CE-BF73-94C18263B97B}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:43 11/07/2009]

{AB2CE124-6272-4b12-94A9-7303C7397BD1} [22:47 18/08/2010]

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [08:47 16/05/2010]

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [19:12 26/07/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [20:20 07/09/2010]

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [19:46 19/10/2010]

C:\Users\KendraK\Application Data\Mozilla\Firefox\Profiles\ykpnaz2x.default\extensions\

ChoiceGuard@Microsoft [01:41 14/07/2009]

firebug@software.joehewitt.com [11:16 30/11/2010]

firediff@johnjbarton.com [07:24 04/12/2010]

{20a82645-c095-46ed-80e3-08825760534b} [03:06 28/04/2010]

{AE93811A-5C9A-4d34-8462-F7B864FC4696} [18:29 15/11/2010]

{ca0849e8-2c76-42ae-9abe-34e14d337acf} [12:10 15/09/2010]

{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [03:06 28/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:51 21/08/2009]

-=E.O.F=-

Share this post


Link to post
Share on other sites

Your PC is connect to a router, but lets run this tool below:

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Share this post


Link to post
Share on other sites

How is your PC?

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply

Share this post


Link to post
Share on other sites

Well the original ComboFix scan deleted the google from my search toolbar, which was the only search engine on the bar getting the malicious url block.

I'm not sure if this is related but I was playing The Sims 3 and got a message that said "atikmdag stopped responding and has recovered

Share this post


Link to post
Share on other sites
I'm not sure if this is related but I was playing The Sims 3 and got a message that said "atikmdag stopped responding and has recovered

Share this post


Link to post
Share on other sites

In regards to the game issue, I updated my driver last night. I haven't had a chance to test a game yet but from what I read that should fix it. I'll let you know if it doesn't.

Here's the log:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=f34e39ead10dfa42860b696bdfbf03d4

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-21 05:01:40

# local_time=2010-12-21 12:01:40 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=770 16774141 100 0 0 0 0 0

# compatibility_mode=5892 16776573 100 56 0 129502785 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=187599

# found=9

# cleaned=0

# scan_time=3620

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4S6M8FF\st[1] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[1] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[2] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN0TY13K\version[2].xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQVR1568\version[1].xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d7ebba7 probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6c1315da multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ba76d24-58f95e8f multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\_OTM\MovedFiles\12142010_221234\C_Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\60babc48-72163751 multiple threats (unable to clean) 00000000000000000000000000000000 I

Share this post


Link to post
Share on other sites
In regards to the game issue, I updated my driver last night. I haven't had a chance to test a game yet but from what I read that should fix it. I'll let you know if it doesn't.

Don't know what else I can do with the game issues..... :) As it's not malware related. You can reinstall google toolbar at:

http://www.google.com/toolbar/ie/index.html

Some final items:

To remove all of the tools we used and the files and folders they created, please do the following:

Please download OTC.exe by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial for Spywareblaster can be found here.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Share this post


Link to post
Share on other sites

Glad we could help. :welcome:

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.