Author Topic: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps (Read 39338 times)

mongerlane · « **Reply #15 on:** July 17, 2010, 10:11:59 AM »

PS I tried to disable AVG and Super anti spyware using msconfig before running combofix but it reported them as running.

Dr Jay · « **Reply #16 on:** July 17, 2010, 09:14:31 PM »

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

mongerlane · « **Reply #17 on:** July 18, 2010, 01:08:31 AM »

Hi again. The updated Malwarebytes scan found nothing, posted below. However there are 2 things to mention.

Firstly The Hard drive is still whizzing away merrily.
Secondly, when i tried to run MWB (already installed) after the combo fix run(which required multiple reboots), i got an error message something like Illegal operation on a registry key that has been marked for deletion. This cleared after i again rebooted the machine.

Only processes i can see using any CPU in task manager are
taskmgr, Sidebar, explorer, NclMSBTSrv, dwm, rapportService, asghost

Thanks for your continued support.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4323

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

18/07/2010 07:50:01
mbam-log-2010-07-18 (07-50-01).txt

Scan type: Quick scan
Objects scanned: 152659
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #18 on:** July 18, 2010, 01:38:27 PM »

Download MBRCheck to your desktop.

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

mongerlane · « **Reply #19 on:** July 18, 2010, 03:34:30 PM »

Here is the log from mbr check
As always. Thanks for your help

MBRCheck, version 1.1.1

(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\F: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

Done! Press ENTER to exit...

Dr Jay · « **Reply #20 on:** July 18, 2010, 11:52:57 PM »

Please download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in your C:\ drive.
Please post the contents of that log.

mongerlane · « **Reply #21 on:** July 19, 2010, 04:12:59 AM »

Thanks again. nothing found by TDS killer i think

11:11:15:045 5628   TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
11:11:15:045 5628   ================================================================================
11:11:15:045 5628   SystemInfo:

11:11:15:045 5628   OS Version: 6.0.6002 ServicePack: 2.0
11:11:15:045 5628   Product type: Workstation
11:11:15:045 5628   ComputerName: JOYCE-PC
11:11:15:045 5628   UserName: Joyce
11:11:15:045 5628   Windows directory: C:\windows
11:11:15:045 5628   System windows directory: C:\windows
11:11:15:045 5628   Processor architecture: Intel x86
11:11:15:045 5628   Number of processors: 2
11:11:15:045 5628   Page size: 0x1000
11:11:15:045 5628   Boot type: Normal boot
11:11:15:045 5628   ================================================================================
11:11:44:170 5628   Initialize success
11:11:44:170 5628
11:11:44:170 5628   Scanning   Services ...
11:11:45:340 5628   Raw services enum returned 479 services
11:11:45:356 5628
11:11:45:356 5628   Scanning   Drivers ...
11:11:46:526 5628   Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
11:11:46:588 5628   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
11:11:46:666 5628   ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
11:11:46:744 5628   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
11:11:46:854 5628   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
11:11:46:916 5628   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
11:11:46:978 5628   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
11:11:47:056 5628   AFD (a201207363aa900abf1a388468688570) C:\windows\system32\drivers\afd.sys
11:11:47:212 5628   AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
11:11:47:322 5628   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
11:11:47:384 5628   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
11:11:47:431 5628   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
11:11:47:493 5628   amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
11:11:47:556 5628   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
11:11:47:602 5628   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
11:11:47:649 5628   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
11:11:47:712 5628   arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
11:11:47:774 5628   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
11:11:47:852 5628   AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
11:11:47:914 5628   atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\windows\system32\drivers\atapi.sys
11:11:48:133 5628   atikmdag (5e4232783f05ebae72d22a91907a76f4) C:\windows\system32\DRIVERS\atikmdag.sys
11:11:48:367 5628   AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\windows\system32\DRIVERS\AtiPcie.sys
11:11:48:429 5628   AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\windows\System32\Drivers\avgldx86.sys
11:11:48:492 5628   AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\windows\System32\Drivers\avgmfx86.sys
11:11:48:538 5628   AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\windows\System32\Drivers\avgtdix.sys
11:11:48:616 5628   b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
11:11:48:835 5628   BCM43XX (3f5e7621cdf6867d3d8417d13a098277) C:\windows\system32\DRIVERS\bcmwl6.sys
11:11:49:038 5628   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
11:11:49:100 5628   blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
11:11:49:162 5628   bowser (74b442b2be1260b7588c136177ceac66) C:\windows\system32\DRIVERS\bowser.sys
11:11:49:209 5628   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
11:11:49:256 5628   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
11:11:49:334 5628   Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
11:11:49:412 5628   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
11:11:49:474 5628   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
11:11:49:521 5628   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
11:11:49:599 5628   BthEnum (6d39c954799b63ba866910234cf7d726) C:\windows\system32\DRIVERS\BthEnum.sys
11:11:49:662 5628   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
11:11:49:724 5628   BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\windows\system32\DRIVERS\bthpan.sys
11:11:49:802 5628   BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\windows\system32\Drivers\BTHport.sys
11:11:49:927 5628   BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\windows\system32\Drivers\BTHUSB.sys
11:11:50:005 5628   btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\windows\system32\drivers\btwaudio.sys
11:11:50:083 5628   btwavdt (97062053359f6908e1fb2791bfa54734) C:\windows\system32\drivers\btwavdt.sys
11:11:50:161 5628   btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\windows\system32\DRIVERS\btwrchid.sys
11:11:50:239 5628   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
11:11:50:301 5628   cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
11:11:50:379 5628   circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
11:11:50:473 5628   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
11:11:50:551 5628   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
11:11:50:613 5628   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
11:11:50:660 5628   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
11:11:50:707 5628   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
11:11:50:754 5628   Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
11:11:50:816 5628   DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\windows\system32\Drivers\dfsc.sys
11:11:50:847 5628   disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
11:11:50:910 5628   drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
11:11:51:019 5628   DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\windows\System32\drivers\dxgkrnl.sys
11:11:51:112 5628   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
11:11:51:190 5628   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
11:11:51:284 5628   elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
11:11:51:346 5628   ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
11:11:51:440 5628   exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
11:11:51:549 5628   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
11:11:51:596 5628   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
11:11:51:658 5628   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
11:11:51:721 5628   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
11:11:51:783 5628   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
11:11:51:846 5628   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
11:11:51:908 5628   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
11:11:51:970 5628   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
11:11:52:048 5628   HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
11:11:52:126 5628   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
11:11:52:251 5628   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
11:11:52:360 5628   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
11:11:52:407 5628   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
11:11:52:485 5628   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
11:11:52:563 5628   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
11:11:52:594 5628   hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
11:11:52:672 5628   HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
11:11:52:766 5628   HTTP (f870aa3e254628ebeafe754108d664de) C:\windows\system32\drivers\HTTP.sys
11:11:52:891 5628   hwdatacard (84fd5702d136098e91b2770ba058deda) C:\windows\system32\DRIVERS\ewusbmdm.sys
11:11:52:969 5628   i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
11:11:53:031 5628   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
11:11:53:094 5628   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
11:11:53:156 5628   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
11:11:53:203 5628   intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
11:11:53:265 5628   intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
11:11:53:343 5628   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:11:53:437 5628   IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
11:11:53:499 5628   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
11:11:53:562 5628   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
11:11:53:655 5628   isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
11:11:53:749 5628   iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
11:11:53:796 5628   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
11:11:53:842 5628   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
11:11:53:905 5628   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
11:11:53:967 5628   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
11:11:54:030 5628   klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\windows\system32\drivers\klmd.sys
11:11:54:092 5628   KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
11:11:54:170 5628   Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\windows\system32\DRIVERS\Lbd.sys
11:11:54:248 5628   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
11:11:54:342 5628   LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
11:11:54:435 5628   lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\windows\system32\DRIVERS\lmimirr.sys
11:11:54:513 5628   LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\windows\system32\drivers\LMIRfsDriver.sys
11:11:54:560 5628   LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
11:11:54:591 5628   LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
11:11:54:654 5628   LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
11:11:54:716 5628   luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
11:11:54:794 5628   mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\windows\system32\DRIVERS\mcdbus.sys
11:11:54:856 5628   megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
11:11:54:950 5628   MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
11:11:55:028 5628   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
11:11:55:075 5628   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
11:11:55:122 5628   mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
11:11:55:200 5628   mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
11:11:55:262 5628   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
11:11:55:293 5628   mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
11:11:55:387 5628   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
11:11:55:480 5628   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
11:11:55:574 5628   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
11:11:55:636 5628   mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\windows\system32\DRIVERS\mrxsmb.sys
11:11:55:699 5628   mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:11:55:746 5628   mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:11:55:824 5628   msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\windows\system32\drivers\msahci.sys
11:11:55:870 5628   msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
11:11:55:933 5628   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
11:11:55:980 5628   msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
11:11:56:042 5628   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
11:11:56:089 5628   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
11:11:56:151 5628   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
11:11:56:229 5628   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
11:11:56:292 5628   mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
11:11:56:354 5628   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
11:11:56:416 5628   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
11:11:56:479 5628   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
11:11:56:604 5628   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
11:11:56:682 5628   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
11:11:56:713 5628   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
11:11:56:775 5628   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
11:11:56:806 5628   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
11:11:56:869 5628   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
11:11:56:931 5628   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
11:11:56:978 5628   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
11:11:57:040 5628   nmwcd (357ddb51e03cae598c096d95497373d0) C:\windows\system32\drivers\ccdcmb.sys
11:11:57:118 5628   nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\windows\system32\drivers\ccdcmbo.sys
11:11:57:181 5628   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
11:11:57:259 5628   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
11:11:57:352 5628   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
11:11:57:446 5628   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
11:11:57:477 5628   Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
11:11:57:571 5628   nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
11:11:57:618 5628   nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
11:11:57:664 5628   nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
11:11:57:820 5628   ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\windows\system32\DRIVERS\ohci1394.sys
11:11:57:914 5628   Parport (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys
11:11:57:976 5628   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
11:11:58:023 5628   Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys
11:11:58:117 5628   pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
11:11:58:164 5628   pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
11:11:58:242 5628   pciide (fc175f5ddab666d7f4d17449a547626f) C:\windows\system32\drivers\pciide.sys
11:11:58:288 5628   pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\windows\system32\DRIVERS\pcmcia.sys
11:11:58:413 5628   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
11:11:58:522 5628   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
11:11:58:600 5628   Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\DRIVERS\processr.sys
11:11:58:647 5628   PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
11:11:58:756 5628   ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
11:11:58:850 5628   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
11:11:58:928 5628   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
11:11:59:022 5628   RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\windows\system32\drivers\RapportBuka.sys
11:11:59:131 5628   RapportKELL (915b82d664cd38743a59b3a3524a5d3a) C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys
11:11:59:162 5628   RapportPG (25f126fdd8df81a71ff518c914055cd8) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
11:11:59:240 5628   RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
11:11:59:287 5628   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
11:11:59:365 5628   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
11:11:59:427 5628   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
11:11:59:490 5628   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
11:11:59:552 5628   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
11:11:59:630 5628   rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\windows\system32\drivers\rdpdr.sys
11:11:59:692 5628   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
11:11:59:770 5628   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
11:11:59:864 5628   RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\windows\system32\DRIVERS\rfcomm.sys
11:11:59:958 5628   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
11:12:00:020 5628   RsvLock (07b7213ba5d87f19bc9f1dd3dd2619f2) C:\windows\system32\drivers\RsvLock.sys
11:12:00:098 5628   SafeBoot (fbd8bfd3faf7691f1f1053270af176d6) C:\windows\system32\drivers\SafeBoot.sys
11:12:00:098 5628   Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: fbd8bfd3faf7691f1f1053270af176d6
11:12:00:145 5628   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:12:00:176 5628   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:12:00:238 5628   SbAlg (7852168088eb0022a37d0217788ab639) C:\windows\system32\drivers\SbAlg.sys
11:12:00:270 5628   SbFsLock (f80c0ce3d911b35d6ffe0bd8af608ce6) C:\windows\system32\drivers\SbFsLock.sys
11:12:00:332 5628   sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
11:12:00:394 5628   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
11:12:00:457 5628   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\drivers\serenum.sys
11:12:00:519 5628   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\drivers\serial.sys
11:12:00:597 5628   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
11:12:00:660 5628   sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
11:12:00:722 5628   sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
11:12:00:784 5628   sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
11:12:00:831 5628   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
11:12:00:894 5628   sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
11:12:00:956 5628   SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
11:12:01:003 5628   SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
11:12:01:050 5628   Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
11:12:01:237 5628   SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
11:12:01:393 5628   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
11:12:01:502 5628   srv (0debafcc0e3591fca34f077cab62f7f7) C:\windows\system32\DRIVERS\srv.sys
11:12:01:642 5628   srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\windows\system32\DRIVERS\srv2.sys
11:12:01:767 5628   srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\windows\system32\DRIVERS\srvnet.sys
11:12:01:830 5628   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
11:12:01:892 5628   Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
11:12:01:939 5628   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
11:12:01:986 5628   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
11:12:02:048 5628   SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
11:12:02:157 5628   Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\windows\system32\drivers\tcpip.sys
11:12:02:298 5628   Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\windows\system32\DRIVERS\tcpip.sys
11:12:02:391 5628   tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
11:12:02:469 5628   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
11:12:02:547 5628   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
11:12:02:610 5628   tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
11:12:02:656 5628   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
11:12:02:719 5628   TPM (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys
11:12:02:797 5628   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
11:12:02:859 5628   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
11:12:02:937 5628   tunnel (300db877ac094feab0be7688c3454a9c) C:\windows\system32\DRIVERS\tunnel.sys
11:12:03:000 5628   uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
11:12:03:109 5628   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
11:12:03:187 5628   uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
11:12:03:280 5628   uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
11:12:03:327 5628   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
11:12:03:374 5628   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
11:12:03:421 5628   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
11:12:03:514 5628   upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
11:12:03:561 5628   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
11:12:03:639 5628   usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
11:12:03:717 5628   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
11:12:03:764 5628   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
11:12:03:842 5628   usbohci (ce697fee0d479290d89bec80dfe793b7) C:\windows\system32\DRIVERS\usbohci.sys
11:12:03:904 5628   usbprint (b51e52acf758be00ef3a58ea452fe360) C:\windows\system32\drivers\usbprint.sys
11:12:03:998 5628   usbser (d575246188f63de0accf6eac5fb59e6a) C:\windows\system32\drivers\usbser.sys
11:12:04:060 5628   UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
11:12:04:138 5628   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:12:04:201 5628   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
11:12:04:279 5628   usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
11:12:04:357 5628   vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
11:12:04:435 5628   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
11:12:04:497 5628   viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
11:12:04:575 5628   ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
11:12:04:638 5628   viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
11:12:04:684 5628   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
11:12:04:747 5628   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
11:12:04:840 5628   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
11:12:04:934 5628   vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
11:12:04:996 5628   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
11:12:05:059 5628   Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
11:12:05:074 5628   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
11:12:05:121 5628   Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
11:12:05:199 5628   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
11:12:05:308 5628   WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
11:12:05:402 5628   WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\windows\system32\DRIVERS\wpdusb.sys
11:12:05:449 5628   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
11:12:05:496 5628   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
11:12:05:589 5628   yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\windows\system32\DRIVERS\yk60x86.sys
11:12:05:620 5628
11:12:05:620 5628   Completed
11:12:05:620 5628
11:12:05:620 5628   Results:
11:12:05:620 5628   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
11:12:05:620 5628   File objects infected / cured / cured on reboot:   0 / 0 / 0
11:12:05:620 5628
11:12:05:636 5628   KLMD(ARK) unloaded successfully

Dr Jay · « **Reply #22 on:** July 19, 2010, 12:06:40 PM »

How is the computer running so far? Any more redirects?

mongerlane · « **Reply #23 on:** July 19, 2010, 04:38:10 PM »

Hi again dragonmaster
I have not been surfing during the attempts to remove the malicious software, but just tried for 10 minutes and there were no redirections, whereas previously after a couple of pages i was being redirected . I used both internet explorer and firefox.
I appreciate this help

Dr Jay · « **Reply #24 on:** July 19, 2010, 10:20:02 PM »

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

mongerlane · « **Reply #25 on:** July 20, 2010, 01:38:05 AM »

Hi, Looks like it found 4 , but could only clean 3. Log follows. Thanks

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=70d81600b6172f46acdbd4dcc95c62a6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-20 06:46:24
# local_time=2010-07-20 07:46:24 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 5901959 5901959 0 0
# compatibility_mode=1024 16777215 100 0 10777240 10777240 0 0
# compatibility_mode=5892 16776574 100 100 10931407 117133633 0 0
# compatibility_mode=8192 67108863 100 0 203 203 0 0
# scanned=309428
# found=4
# cleaned=3
# scan_time=7479
C:\Qoobox\Quarantine\C\windows\system32\Drivers\RDPENCDD.sys.vir   Win32/Olmarik.ZC trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\windows\system32\Drivers\RDPENCDD.sys.vir_   Win32/Olmarik.ZC trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Users\Joyce\Desktop\Nero 7 Ultra Edition Enhanced XP & Vista + Keygen [ScottayB]\Nero-7.10.1.2_all_update.exe   Win32/Toolbar.AskSBar application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.0.6001.18000_none_06cf4b56d5c130dc\RDPENCDD.sys   Win32/Olmarik.ZC trojan (error while cleaning)   00000000000000000000000000000000   I

Dr Jay · « **Reply #26 on:** July 20, 2010, 12:58:44 PM »

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:filefind
RDPENCDD.sys

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

mongerlane · « **Reply #27 on:** July 20, 2010, 02:01:55 PM »

Hi again. The log is posted below, Thanks

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:58 on 20/07/2010 by Joyce (Administrator - Elevation successful)

========== filefind ==========

Searching for "RDPENCDD.sys"
C:\Windows\System32\drivers\rdpencdd.sys --a--- 6144 bytes [02:24 21/01/2008] [02:24 21/01/2008] 9D91FE5286F748862ECFFA05F8A0710C

-=End Of File=-

Dr Jay · « **Reply #28 on:** July 20, 2010, 02:04:47 PM »

Blast. We gotta find that.

Download OTL.exe by OldTimer to your Desktop.

Open OTL -- Click None and paste this in the Custom Scans box:

Code: [Select]

/md5start
RDPENCDD.sys
/md5stop

Then click Run Scan. It shall launch a log. Please post it in your next reply.

mongerlane · « **Reply #29 on:** July 20, 2010, 02:20:53 PM »

Sorry if the following info is not required in addition to the previous system look scan that i was asked to post, but i looked in the location the ESET scan found the file that could not be removed and there is an RDPENDCD file there too, but it is a dll file. See the system look result below. Thanks

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:22 on 20/07/2010 by Joyce (Administrator - Elevation successful)

========== filefind ==========

Searching for "RDPENCDD.dll"
C:\Windows\System32\RDPENCDD.dll --a--- 118272 bytes [02:24 21/01/2008] [02:24 21/01/2008] 4707976BDBA8B5999A0006C7609505CB
C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.0.6001.18000_none_06cf4b56d5c130dc\RDPENCDD.dll --a--- 118272 bytes [02:24 21/01/2008] [02:24 21/01/2008] 4707976BDBA8B5999A0006C7609505CB

-=End Of File=-

Computer Hope Forum

News:

Author Topic: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps (Read 39338 times)

mongerlane

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

Dr Jay

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

mongerlane

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

Dr Jay

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

mongerlane

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

Dr Jay

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

mongerlane

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

Dr Jay

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

mongerlane

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

Dr Jay

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

mongerlane

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

Dr Jay

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

mongerlane

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

Dr Jay

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps

mongerlane

Re: Nasty trojan(s) redirecting, came from facebook, followed evilfantasy's steps