Hi folks. Hope I'm doin this right - it's my first post to a board. Random redirects, sometimes to apparently innocent sites. Random attacks from Fake Antivirus Webpage Request, sometimes apparently coming from my own C: drive. I had a fake antivirus infection a couple of months ago. Thought I cleared it - hah! I have Norton 360, AntiMalware, AntiSpyware and eset scanner. This last finds two files that it does not like but can't deal with. XP SP3, 2 Gig RAM, nominal 160 Gig, in two partitions, C= 104 G with 33 free, NTFS, D= 7G FAT. This is a Compaq so it has System Recovery on the D: drive. I do believe update are all current (XP, Java, Adobe etc, but my router has no protection (because I am too far from the neighbors to allow eavesdropping). Log files for Malware and gmer follow, DDS is 20 Meg and Attach is 16 Meg. Plwase advise how to submit Thanks, Alex.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4718
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/29/2010 4:50:32 PM
mbam-log-2010-09-29 (16-50-32).txt
Scan type: Quick scan
Objects scanned: 158041
Time elapsed: 13 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-29 22:48:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uxtcqkog.sys
---- System - GMER 1.0.15 ----
SSDT 8A074528 ZwAlertResumeThread
SSDT 8A074920 ZwAlertThread
SSDT 8A0650F8 ZwAllocateVirtualMemory
SSDT 8A072678 ZwAssignProcessToJobObject
SSDT 89F60C78 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB3F21210]
SSDT 8A19B5F0 ZwCreateMutant
SSDT 8A2CB8B8 ZwCreateSymbolicLinkObject
SSDT 8A274410 ZwCreateThread
SSDT 8A0727F0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB3F21490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB3F219F0]
SSDT 8A075728 ZwDuplicateObject
SSDT 8A1672A8 ZwFreeVirtualMemory
SSDT 8A073B70 ZwImpersonateAnonymousToken
SSDT 8A074268 ZwImpersonateThread
SSDT 89E4DB58 ZwLoadDriver
SSDT 8A271ED0 ZwMapViewOfSection
SSDT 8A073990 ZwOpenEvent
SSDT 8A07B708 ZwOpenProcess
SSDT 8A0760B0 ZwOpenProcessToken
SSDT 8A0730C8 ZwOpenSection
SSDT 8A0797A0 ZwOpenThread
SSDT 8A2851C8 ZwProtectVirtualMemory
SSDT 8A0749F8 ZwResumeThread
SSDT 8A0759F0 ZwSetContextThread
SSDT 8A1598D0 ZwSetInformationProcess
SSDT 8A072E90 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB3F21C40]
SSDT 8A0738B8 ZwSuspendProcess
SSDT 8A074CB0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB3DE7620]
SSDT 8A0753D0 ZwTerminateThread
SSDT 8A075B68 ZwUnmapViewOfSection
SSDT 8A1331B8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB67E63A0, 0x59FFE5, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4718
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/29/2010 4:50:32 PM
mbam-log-2010-09-29 (16-50-32).txt
Scan type: Quick scan
Objects scanned: 158041
Time elapsed: 13 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-29 22:48:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uxtcqkog.sys
---- System - GMER 1.0.15 ----
SSDT 8A074528 ZwAlertResumeThread
SSDT 8A074920 ZwAlertThread
SSDT 8A0650F8 ZwAllocateVirtualMemory
SSDT 8A072678 ZwAssignProcessToJobObject
SSDT 89F60C78 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB3F21210]
SSDT 8A19B5F0 ZwCreateMutant
SSDT 8A2CB8B8 ZwCreateSymbolicLinkObject
SSDT 8A274410 ZwCreateThread
SSDT 8A0727F0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB3F21490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB3F219F0]
SSDT 8A075728 ZwDuplicateObject
SSDT 8A1672A8 ZwFreeVirtualMemory
SSDT 8A073B70 ZwImpersonateAnonymousToken
SSDT 8A074268 ZwImpersonateThread
SSDT 89E4DB58 ZwLoadDriver
SSDT 8A271ED0 ZwMapViewOfSection
SSDT 8A073990 ZwOpenEvent
SSDT 8A07B708 ZwOpenProcess
SSDT 8A0760B0 ZwOpenProcessToken
SSDT 8A0730C8 ZwOpenSection
SSDT 8A0797A0 ZwOpenThread
SSDT 8A2851C8 ZwProtectVirtualMemory
SSDT 8A0749F8 ZwResumeThread
SSDT 8A0759F0 ZwSetContextThread
SSDT 8A1598D0 ZwSetInformationProcess
SSDT 8A072E90 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB3F21C40]
SSDT 8A0738B8 ZwSuspendProcess
SSDT 8A074CB0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB3DE7620]
SSDT 8A0753D0 ZwTerminateThread
SSDT 8A075B68 ZwUnmapViewOfSection
SSDT 8A1331B8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB67E63A0, 0x59FFE5, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----