Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected by Google

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirected by Google

Unread postby twinkel_toez » July 17th, 2010, 2:10 am

I keep being redirected by google, if i click on a search result. Many thanks for the help so far, and below are the required details.

Hope someone can help.

Tina

HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:02:37, on 17/07/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\User\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O1 - Hosts: 89.149.193.57 www.google.com
O1 - Hosts: 89.149.193.57 us.search.yahoo.com
O1 - Hosts: 89.149.193.57 uk.search.yahoo.com
O1 - Hosts: 89.149.193.57 search.yahoo.com
O1 - Hosts: 89.149.193.57 www.google.com.br
O1 - Hosts: 89.149.193.57 www.google.it
O1 - Hosts: 89.149.193.57 www.google.es
O1 - Hosts: 89.149.193.57 www.google.co.jp
O1 - Hosts: 89.149.193.57 www.google.com.mx
O1 - Hosts: 89.149.193.57 www.google.ca
O1 - Hosts: 89.149.193.57 www.google.com.au
O1 - Hosts: 89.149.193.57 www.google.nl
O1 - Hosts: 89.149.193.57 www.google.co.za
O1 - Hosts: 89.149.193.57 www.google.be
O1 - Hosts: 89.149.193.57 www.google.gr
O1 - Hosts: 89.149.193.57 www.google.at
O1 - Hosts: 89.149.193.57 www.google.se
O1 - Hosts: 89.149.193.57 www.google.ch
O1 - Hosts: 89.149.193.57 www.google.pt
O1 - Hosts: 89.149.193.57 www.google.dk
O1 - Hosts: 89.149.193.57 www.google.fi
O1 - Hosts: 89.149.193.57 www.google.ie
O1 - Hosts: 89.149.193.57 www.google.no
O1 - Hosts: 89.149.193.57 www.google.de
O1 - Hosts: 89.149.193.57 www.google.fr
O1 - Hosts: 89.149.193.57 www.google.co.uk
O1 - Hosts: 89.149.193.57 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe"
O4 - HKLM\..\Run: [Lexmark S300-S400 Series Fax Server] "C:\Program Files\Lexmark S300-S400 Series\fm3032.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: VideoCam Suite 2.0.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
O23 - Service: lxea_device - - C:\Windows\system32\lxeacoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8797 bytes

Unistaller

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AutoCAD LT 2007 - English
Autodesk DWF Viewer
Bejeweled Twist 1.0
Canon iP6600D
FUJIFILM FinePixViewer S Ver.2.1
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Lexmark 1200 Series
Lexmark Printable Web
Lexmark S300-S400 Series
Lexmark Toolbar
LightScribe System Software 1.12.33.2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Norton Internet Security
PowerDVD
Rapport
Rapport
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
VideoCam Suite 2.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Remote Toolbar
Vuze Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinZip 14.0
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm
Advertisement
Register to Remove

Re: Redirected by Google

Unread postby km2357 » July 19th, 2010, 2:37 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.



Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 19th, 2010, 3:53 pm

Hi

thanks for your reply.

I have tried the 1st step as requested, but am unsure as the what a script blocker might be. I run this as stated, but it says in nopepad, it cannot run in dos mode.

Please can you let me know what should i do, as i dont want to run step 2.

Thanks

Tina
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 19th, 2010, 7:43 pm

A script blocker would be for example your Anti-Virus.

Try Right-Clicking DDS.scr then choosing Run As Administrator and see if you can get the DDS logs. If you do, go ahead and post them in your next post/reply.

If DDS doesn't work, I'd like for you to do the following:


Step # 1 Download and Run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Right-click on RSIT.exe and choose Run as Administrator to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 20th, 2010, 10:30 am

Hi

thanks for your help. I did not have an option to run as administrator, so i tried the other link you provided for the DDS and it worked.

Therefore both reports are attached as requested.

With regards to the GMER, when i scanned with it it kept shutting my computer down. Therefore i have completed this process.

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 9:46:49.07 on 20/07/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.893.190 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [Lexmark S300-S400 Series Fax Server] "c:\program files\lexmark s300-s400 series\fm3032.exe" /s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 89.149.193.57 www.google.com
Hosts: 89.149.193.57 us.search.yahoo.com
Hosts: 89.149.193.57 uk.search.yahoo.com
Hosts: 89.149.193.57 search.yahoo.com
Hosts: 89.149.193.57 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100719.001\IDSvix86.sys [2010-7-20 344112]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-26 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-26 234888]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-4 117640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-6 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-4 48688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 135664]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-4-13 98984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.scr=AutoCADLTScriptFile

=============== Created Last 30 ================

2010-07-15 15:26:56 0 d-----w- c:\program files\Trend Micro
2010-07-15 06:36:44 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-14 20:10:46 98816 ----a-w- c:\windows\sed.exe
2010-07-14 20:10:46 77312 ----a-w- c:\windows\MBR.exe
2010-07-14 20:10:46 256512 ----a-w- c:\windows\PEV.exe
2010-07-14 20:10:46 161792 ----a-w- c:\windows\SWREG.exe
2010-07-14 18:09:27 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
2010-07-14 18:07:48 0 d-----w- c:\programdata\Malwarebytes
2010-07-13 13:25:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-13 08:22:55 0 dc-h--w- c:\programdata\~0
2010-07-13 08:21:50 0 d-----w- c:\programdata\Lavasoft
2010-07-12 17:02:09 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-12 17:02:09 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 16:47:43 0 d-----w- c:\users\user\appdata\roaming\widestream
2010-07-12 16:46:21 0 d-----w- c:\program files\Widestream6
2010-07-12 16:45:18 0 d-----w- c:\users\user\appdata\roaming\OfferBox
2010-07-11 21:53:33 0 d-----w- c:\program files\Yahoo!
2010-07-03 07:03:22 0 d-----w- c:\users\user\appdata\roaming\Trusteer
2010-07-03 07:02:53 0 d-----w- c:\program files\Trusteer
2010-07-03 06:30:21 0 d-----w- c:\programdata\Trusteer
2010-06-24 02:01:59 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:01:59 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:01:58 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:01:57 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:01:56 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 15:05:19 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 15:05:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 18:28:49 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-30 18:28:49 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-30 18:28:00 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-29 02:03:00 98504 ----a-w- c:\windows\fonts\consola.ttf
2010-04-29 02:03:00 97752 ----a-w- c:\windows\fonts\leelawad.ttf
2010-04-29 02:03:00 89656 ----a-w- c:\windows\fonts\browa.ttf
2010-04-29 02:03:00 64648 ----a-w- c:\windows\fonts\upckb.ttf
2010-04-29 02:03:00 57100 ----a-w- c:\windows\fonts\upclbi.ttf
2010-04-29 02:03:00 56752 ----a-w- c:\windows\fonts\upcli.ttf
2010-04-29 02:03:00 5178844 ----a-w- c:\windows\fonts\kaiu.ttf
2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
2009-02-21 17:27:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-12 21:09:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-12 21:09:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-12 21:09:14 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-02-16 08:37:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-13 21:28:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041320100414\index.dat

============= FINISH: 9:48:44.51 ===============


Attach in next reply
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby twinkel_toez » July 20th, 2010, 10:31 am

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 21/02/2009 13:16:32
System Uptime: 19/07/2010 23:29:55 (10 hours ago)

Motherboard: TOSHIBA | | Satellite L30
Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | U23 | 1466/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 34.785 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP158: 12/07/2010 14:59:06 - Installed Rapport
RP159: 12/07/2010 17:45:37 - Installed Widestream6.
RP160: 12/07/2010 22:43:14 - Removed Widestream6.
RP161: 14/07/2010 19:03:49 - Removed OfferBox.
RP162: 15/07/2010 07:40:04 - Windows Update
RP163: 15/07/2010 16:26:07 - Installed HiJackThis
RP164: 16/07/2010 16:37:17 - Removed HiJackThis
RP165: 16/07/2010 16:52:14 - Installed HiJackThis
RP166: 18/07/2010 21:30:45 - Scheduled Checkpoint
RP167: 19/07/2010 15:21:14 - Scheduled Checkpoint

==== Hosts File Hijack ======================

Hosts: 89.149.193.57 www.google.com
Hosts: 89.149.193.57 us.search.yahoo.com
Hosts: 89.149.193.57 uk.search.yahoo.com
Hosts: 89.149.193.57 search.yahoo.com
Hosts: 89.149.193.57 www.google.com.br
Hosts: 89.149.193.57 www.google.it
Hosts: 89.149.193.57 www.google.es
Hosts: 89.149.193.57 www.google.co.jp
Hosts: 89.149.193.57 www.google.com.mx
Hosts: 89.149.193.57 www.google.ca
Hosts: 89.149.193.57 www.google.com.au
Hosts: 89.149.193.57 www.google.nl
Hosts: 89.149.193.57 www.google.co.za
Hosts: 89.149.193.57 www.google.be
Hosts: 89.149.193.57 www.google.gr
Hosts: 89.149.193.57 www.google.at
Hosts: 89.149.193.57 www.google.se
Hosts: 89.149.193.57 www.google.ch
Hosts: 89.149.193.57 www.google.pt
Hosts: 89.149.193.57 www.google.dk
Hosts: 89.149.193.57 www.google.fi
Hosts: 89.149.193.57 www.google.ie
Hosts: 89.149.193.57 www.google.no
Hosts: 89.149.193.57 www.google.de
Hosts: 89.149.193.57 www.google.fr
Hosts: 89.149.193.57 www.google.co.uk
Hosts: 89.149.193.57 www.bing.com

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AutoCAD LT 2007 - English
Autodesk DWF Viewer
Bejeweled Twist 1.0
Canon iP6600D
FUJIFILM FinePixViewer S Ver.2.1
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Lexmark 1200 Series
Lexmark Printable Web
Lexmark S300-S400 Series
Lexmark Toolbar
LightScribe System Software 1.12.33.2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Norton Internet Security
PowerDVD
Rapport
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
VideoCam Suite 2.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Remote Toolbar
Vuze Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinZip 14.0

==== Event Viewer Messages From Past Week ========

19/07/2010 09:26:33, Error: EventLog [6008] - The previous system shutdown at 09:24:02 on 19/07/2010 was unexpected.
17/07/2010 12:31:19, Error: Service Control Manager [7034] - The lxea_device service terminated unexpectedly. It has done this 1 time(s).
16/07/2010 17:08:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
16/07/2010 17:08:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LightScribeService Direct Disc Labeling Service service to connect.
16/07/2010 17:08:19, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/07/2010 17:05:39, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
16/07/2010 17:02:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
14/07/2010 21:12:32, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
13/07/2010 14:34:29, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
13/07/2010 14:29:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
13/07/2010 14:29:48, Error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/07/2010 14:08:46, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 20th, 2010, 2:54 pm

With regards to the GMER, when i scanned with it it kept shutting my computer down.


Ok, since GMER is giving you trouble, we'll try another rootkit scanner. Before we do that, we have some other things to do:


Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these vendors NOW:

1)Antivir PersonalEdition Classic
2)avast! Home Edition

Download and install only one!


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze

Vuze Remote Toolbar

Vuze Toolbar


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Reboot your computer after you have uninstalled the programs above.

Please run DDS when finished and post the log back here.


Finally, please do the following:
  • Download a diagnostic tool (MGADiag.exe) from >here< and save this to your Desktop.
  • Double-click on MGADiag.exe.
  • When the program has finished, click on the Validation tab and then click on Copy to Clipboard
  • Please post the results in your next reply.


In your next post/reply, I need to see the following:

1. A fresh DDS Log taken after you've uninstalled the P2P programs
2. The MGADiag Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 20th, 2010, 5:35 pm

Hi there

I do have an Anti-virus programme, this being Norton Internet Security. I did disable to run the programme you said though.

New DDS reports as requested.

DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 22:28:11.43 on 20/07/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.893.100 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Windows\System32\bgsvcgen.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [Lexmark S300-S400 Series Fax Server] "c:\program files\lexmark s300-s400 series\fm3032.exe" /s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 89.149.193.57 www.google.com
Hosts: 89.149.193.57 us.search.yahoo.com
Hosts: 89.149.193.57 uk.search.yahoo.com
Hosts: 89.149.193.57 search.yahoo.com
Hosts: 89.149.193.57 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100719.001\IDSvix86.sys [2010-7-20 344112]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-6 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-4 48688]

============== File Associations ===============

.scr=AutoCADLTScriptFile

=============== Created Last 30 ================

2010-07-20 14:20:21 204020035 ----a-w- c:\windows\MEMORY.DMP
2010-07-15 15:26:56 0 d-----w- c:\program files\Trend Micro
2010-07-15 06:36:44 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-14 20:10:46 98816 ----a-w- c:\windows\sed.exe
2010-07-14 20:10:46 77312 ----a-w- c:\windows\MBR.exe
2010-07-14 20:10:46 256512 ----a-w- c:\windows\PEV.exe
2010-07-14 20:10:46 161792 ----a-w- c:\windows\SWREG.exe
2010-07-14 18:09:27 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
2010-07-14 18:07:48 0 d-----w- c:\programdata\Malwarebytes
2010-07-13 13:25:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-13 08:22:55 0 dc-h--w- c:\programdata\~0
2010-07-13 08:21:50 0 d-----w- c:\programdata\Lavasoft
2010-07-12 17:02:09 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-12 17:02:09 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 16:47:43 0 d-----w- c:\users\user\appdata\roaming\widestream
2010-07-12 16:46:21 0 d-----w- c:\program files\Widestream6
2010-07-12 16:45:18 0 d-----w- c:\users\user\appdata\roaming\OfferBox
2010-07-11 21:53:33 0 d-----w- c:\program files\Yahoo!
2010-07-03 07:03:22 0 d-----w- c:\users\user\appdata\roaming\Trusteer
2010-07-03 07:02:53 0 d-----w- c:\program files\Trusteer
2010-07-03 06:30:21 0 d-----w- c:\programdata\Trusteer
2010-06-24 02:01:59 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:01:59 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:01:58 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:01:57 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:01:56 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 15:05:19 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 15:05:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 18:28:49 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-30 18:28:49 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-30 18:28:00 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-29 02:03:00 98504 ----a-w- c:\windows\fonts\consola.ttf
2010-04-29 02:03:00 97752 ----a-w- c:\windows\fonts\leelawad.ttf
2010-04-29 02:03:00 89656 ----a-w- c:\windows\fonts\browa.ttf
2010-04-29 02:03:00 64648 ----a-w- c:\windows\fonts\upckb.ttf
2010-04-29 02:03:00 57100 ----a-w- c:\windows\fonts\upclbi.ttf
2010-04-29 02:03:00 56752 ----a-w- c:\windows\fonts\upcli.ttf
2010-04-29 02:03:00 5178844 ----a-w- c:\windows\fonts\kaiu.ttf
2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
2009-02-21 17:27:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-12 21:09:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-12 21:09:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-12 21:09:14 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-02-16 08:37:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-13 21:28:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041320100414\index.dat

============= FINISH: 22:31:24.38 ===============
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby twinkel_toez » July 20th, 2010, 5:37 pm

Attach report

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 21/02/2009 13:16:32
System Uptime: 20/07/2010 22:22:24 (0 hours ago)

Motherboard: TOSHIBA | | Satellite L30
Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | U23 | 1466/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 33.744 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Hosts File Hijack ======================

Hosts: 89.149.193.57 www.google.com
Hosts: 89.149.193.57 us.search.yahoo.com
Hosts: 89.149.193.57 uk.search.yahoo.com
Hosts: 89.149.193.57 search.yahoo.com
Hosts: 89.149.193.57 www.google.com.br
Hosts: 89.149.193.57 www.google.it
Hosts: 89.149.193.57 www.google.es
Hosts: 89.149.193.57 www.google.co.jp
Hosts: 89.149.193.57 www.google.com.mx
Hosts: 89.149.193.57 www.google.ca
Hosts: 89.149.193.57 www.google.com.au
Hosts: 89.149.193.57 www.google.nl
Hosts: 89.149.193.57 www.google.co.za
Hosts: 89.149.193.57 www.google.be
Hosts: 89.149.193.57 www.google.gr
Hosts: 89.149.193.57 www.google.at
Hosts: 89.149.193.57 www.google.se
Hosts: 89.149.193.57 www.google.ch
Hosts: 89.149.193.57 www.google.pt
Hosts: 89.149.193.57 www.google.dk
Hosts: 89.149.193.57 www.google.fi
Hosts: 89.149.193.57 www.google.ie
Hosts: 89.149.193.57 www.google.no
Hosts: 89.149.193.57 www.google.de
Hosts: 89.149.193.57 www.google.fr
Hosts: 89.149.193.57 www.google.co.uk
Hosts: 89.149.193.57 www.bing.com

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AutoCAD LT 2007 - English
Autodesk DWF Viewer
Bejeweled Twist 1.0
Canon iP6600D
FUJIFILM FinePixViewer S Ver.2.1
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Lexmark 1200 Series
Lexmark Printable Web
Lexmark S300-S400 Series
Lexmark Toolbar
LightScribe System Software 1.12.33.2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Norton Internet Security
PowerDVD
Rapport
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
VideoCam Suite 2.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool

==== End Of File ===========================
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby twinkel_toez » July 20th, 2010, 5:50 pm

I downloaded and ran the MGADiag as requested but when i click the copy button, it does nothing. I cannot even highlight the selected data to post on here.

Tina
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 20th, 2010, 8:08 pm

Ok, let's try this instead:

Scan with WVCheck:

Please download WVCheck and save it to the desktop.

  • Right-click on WVCheck.exe and choose Run as Administrator and then follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.

Also, I'll be away from my computer most of the day tomorrow (Wednesday, July 21st). So, if I do need to reply to you, it'll be sometime Wednesday night.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 21st, 2010, 5:37 am

Hi again

WV Check report below.

Windows Validation Check
Log Created On: 1032_21-07-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 1
Windows Mode: Normal


WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-07-21 09:26:09
Last Success Time for Update Download: 2010-07-14 18:33:27
Last Success Time for Update Installation: 2010-07-15 06:56:32


WVCheck's File Dump
-------------------
WVCheck found no known bad files.


WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - b974d9f06dc7d1908e825dc201681269


-------- End of File, program close at 1035_21-07-2010 --------
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 21st, 2010, 11:12 pm

The WVCheck Log looks good. :)


Step # 1 Download and run SysProt

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

  • Right-click on Sysprot.exe and choose Run As Administrator to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items only:
      Process
      Kernel Modes
      SSDT
      Kernel Hooks
      Hidden Files
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 22nd, 2010, 4:03 pm

thankgod something looks good with the computer....lol

SysProt log below

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 392
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 460
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 524
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 608
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 852
Hidden: No
Window Visible: No

Name: C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PID: 1016
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Ati2evxx.exe
PID: 1056
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1076
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1188
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1212
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1232
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1268
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Ati2evxx.exe
PID: 1352
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1464
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1780
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1804
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 1860
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 1876
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 1912
Hidden: No
Window Visible: No

Name: C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PID: 240
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PID: 464
Hidden: No
Window Visible: No

Name: C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
PID: 520
Hidden: No
Window Visible: No

Name: C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
PID: 780
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 1180
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 1504
Hidden: No
Window Visible: Yes

Name: C:\Program Files\FinePixViewerS\QuickDCF2.exe
PID: 1904
Hidden: No
Window Visible: No

Name: C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
PID: 1980
Hidden: No
Window Visible: No

Name: C:\Windows\System32\bgsvcgen.exe
PID: 1572
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2052
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 2072
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lxczcoms.exe
PID: 2504
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lxeacoms.exe
PID: 2552
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
PID: 2568
Hidden: No
Window Visible: No

Name: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PID: 2608
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PID: 2736
Hidden: No
Window Visible: No

Name: C:\Windows\System32\IoctlSvc.exe
PID: 2812
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2824
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 2844
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2888
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2932
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 2964
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dllhost.exe
PID: 3812
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PID: 1852
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wuauclt.exe
PID: 4152
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Contacts\wlcomm.exe
PID: 4460
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 720
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 6356
Hidden: No
Window Visible: No

Name: C:\Users\User\Desktop\SysProt\SysProt\SysProt.exe
PID: 3476
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\User\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 9E5F5000
Module End: 9E600000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 81E46000
Module End: 821FF000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 81E13000
Module End: 81E46000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8040C000
Module End: 80414000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80414000
Module End: 80474000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80474000
Module End: 80485000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80485000
Module End: 8048D000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8048D000
Module End: 804CE000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 804CE000
Module End: 805AE000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80604000
Module End: 80680000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 80680000
Module End: 8068D000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 8068D000
Module End: 806D3000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 806D3000
Module End: 806DC000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 806DC000
Module End: 806E4000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 806E4000
Module End: 8070B000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8070B000
Module End: 8071A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 8071A000
Module End: 8071D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 8071D000
Module End: 80727000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80727000
Module End: 80736000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 80736000
Module End: 80780000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 80780000
Module End: 80787000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 80787000
Module End: 80795000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pcmcia.sys
Service Name: pcmcia
Module Base: 80795000
Module End: 807C2000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 807C2000
Module End: 807D2000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 807D2000
Module End: 807DA000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 807DA000
Module End: 807F8000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 805AE000
Module End: 805E0000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 805E0000
Module End: 805F0000
Hidden: No

Module Name: C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS
Service Name: SymEFA
Module Base: 85E04000
Module End: 85E53000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 85E53000
Module End: 85EC4000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 85EC4000
Module End: 85FCF000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 86006000
Module End: 86040000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 86040000
Module End: 86129000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 86129000
Module End: 86144000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 86205000
Module End: 86314000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 86314000
Module End: 8634D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TVALZ_O.SYS
Service Name: TVALZ
Module Base: 8634D000
Module End: 86352000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 86352000
Module End: 8635A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8635A000
Module End: 86369000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 86369000
Module End: 86390000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 86390000
Module End: 863A1000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 863A1000
Module End: 863C2000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 863C2000
Module End: 863CB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 863EB000
Module End: 863F6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 863F6000
Module End: 863FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 86144000
Module End: 86153000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\atikmdag.sys
Service Name: atikmdag
Module Base: 8A001000
Module End: 8A514000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8A514000
Module End: 8A5B3000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8A5B3000
Module End: 8A5C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 8A5C0000
Module End: 8A5CA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 86153000
Module End: 86191000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8A5CA000
Module End: 8A5D9000
Hidden: No

Module Name: C:\Windows\System32\Drivers\cdrbsdrv.SYS
Service Name: cdrbsdrv
Module Base: 8A5D9000
Module End: 8A5E2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8A5E2000
Module End: 8A5FA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 86191000
Module End: 861A3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 861A3000
Module End: 861B6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 861B6000
Module End: 861C1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 861C1000
Module End: 861CC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Rtnicxp.sys
Service Name: RTL8023xp
Module Base: 861CC000
Module End: 861DD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\athr.sys
Service Name: athr
Module Base: 8A806000
Module End: 8A8C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 8A8C0000
Module End: 8A8C4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8A8C4000
Module End: 8A8F2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8A8F2000
Module End: 8A933000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8A933000
Module End: 8A93E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8A93E000
Module End: 8A955000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8A955000
Module End: 8A960000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8A960000
Module End: 8A983000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8A983000
Module End: 8A992000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8A992000
Module End: 8A9A6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8A9A6000
Module End: 8A9BB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8A9BB000
Module End: 8A9CB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8A9CB000
Module End: 8A9CD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8A9CD000
Module End: 8A9F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 861DD000
Module End: 861E7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 861E7000
Module End: 861F4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 89E07000
Module End: 89E3B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 89E3B000
Module End: 89E4C000
Hidden: No

Module Name: C:\Windows\system32\drivers\HdAudio.sys
Service Name: HdAudAddService
Module Base: 89E4C000
Module End: 89E8B000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 89E8B000
Module End: 89EB8000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 89EB8000
Module End: 89EDD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\AGRSM.sys
Service Name: AgereSoftModem
Module Base: 89EDD000
Module End: 89FD8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 89FD8000
Module End: 89FDA000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 89FDA000
Module End: 89FE7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS
Service Name: SRTSP
Module Base: 8AA0A000
Module End: 8AA5D000
Hidden: No

Module Name: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
Service Name: SymEvent
Module Base: 8ABA9000
Module End: 8ABCE000
Hidden: No

Module Name: C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS
Service Name: SRTSPX
Module Base: 8ABE2000
Module End: 8ABEC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8AA00000
Module End: 8AA07000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 89FE7000
Module End: 89FF3000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8CC01000
Module End: 8CC22000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8CC22000
Module End: 8CC2A000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8CC2A000
Module End: 8CC32000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8CC3D000
Module End: 8CC4B000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8CC4B000
Module End: 8CC54000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8CC54000
Module End: 8CC6A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
Service Name: SYMTDI
Module Base: 8CC6A000
Module End: 8CC9E000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS
Service Name: SYMNDISV
Module Base: 8CC9E000
Module End: 8CCAC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS
Service Name: SYMFW
Module Base: 8CCAC000
Module End: 8CCC1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8CCC1000
Module End: 8CCD5000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8CCD5000
Module End: 8CD1D000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8CD1D000
Module End: 8CD4F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8CD4F000
Module End: 8CD65000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SymIMv.sys
Service Name: SymIM
Module Base: 8CD65000
Module End: 8CD6E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8CD6E000
Module End: 8CD7C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8CD7C000
Module End: 8CD8F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8CD8F000
Module End: 8CDCB000
Hidden: No

Module Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
Service Name: RapportPG
Module Base: 8CDCB000
Module End: 8CDF3000
Hidden: No

Module Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys
Service Name: RapportKELL
Module Base: 805F0000
Module End: 805FE000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8CDF3000
Module End: 8CDFD000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: 8F064000
Module End: 8F0C2000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Service Name: EraserUtilRebootDrv
Module Base: 8F0C2000
Module End: 8F0DF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8F0DF000
Module End: 8F0F6000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys
Service Name: ccHP
Module Base: 8F0F6000
Module End: 8F171000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
Service Name: BHDrvx86
Module Base: 8F171000
Module End: 8F1B3000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8F1B3000
Module End: 8F1C0000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8F1C0000
Module End: 8F1CB000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8F1CB000
Module End: 8F1D3000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8F1D3000
Module End: 8F1DD000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 863CB000
Module End: 863E6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 8F1EC000
Module End: 8F1FC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9AA0E000
Module End: 9AA38000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9AA38000
Module End: 9AA42000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9AA42000
Module End: 9AA55000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 9AA55000
Module End: 9AB04000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9AB04000
Module End: 9AB71000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9AB71000
Module End: 9AB8E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9AB8E000
Module End: 9ABA7000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9ABA7000
Module End: 9ABBC000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9ABBC000
Module End: 9ABDC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9ABDC000
Module End: 9ABFB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 9E408000
Module End: 9E441000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9E441000
Module End: 9E459000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 9E459000
Module End: 9E480000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9E480000
Module End: 9E4CE000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9E4CE000
Module End: 9E5AC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 9E5AC000
Module End: 9E5B6000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9E5B6000
Module End: 9E5C2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 9E5C2000
Module End: 9E5D8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\asyncmac.sys
Service Name: AsyncMac
Module Base: 9E5D8000
Module End: 9E5E1000
Hidden: No

Module Name: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100720.001\IDSvix86.sys
Service Name: IDSVix86
Module Base: 8F000000
Module End: 8F058000
Hidden: No

Module Name: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100721.020\NAVEX15.SYS
Service Name: NAVEX15
Module Base: 8AA5D000
Module End: 8ABA9000
Hidden: No

Module Name: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100721.020\NAVENG.SYS
Service Name: NAVENG
Module Base: 9E5E1000
Module End: 9E5F5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8ABF5000
Module End: 8ABFC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8CC32000
Module End: 8CC3D000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlertResumeThread
Address: 85775578
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 85775658
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 85777330
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlpcConnectPort
Address: 857060D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAssignProcessToJobObject
Address: 857788D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateFile
Address: 8CDCC704
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwCreateMutant
Address: 85778E80
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 85779E38
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 85742CC0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDebugActiveProcess
Address: 857789B8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteFile
Address: 8CDCC864
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwDeleteKey
Address: 8CDD0086
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwDeleteValueKey
Address: 8CDD00B8
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwDuplicateObject
Address: 857790F8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwFreeVirtualMemory
Address: 85777150
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 85778F70
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 85775498
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 85708F90
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: 8CDD021A
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwMapViewOfSection
Address: 85777050
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 85778DA0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenFile
Address: 8CDCC7C8
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwOpenProcess
Address: 857792D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcessToken
Address: 85777400
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 85778BE0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 857791E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwProtectVirtualMemory
Address: 857787E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryValueKey
Address: 8CDD0190
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwRenameKey
Address: 8CDD00FA
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwReplaceKey
Address: 8CDD012C
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwRestoreKey
Address: 8CDD015E
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwResumeThread
Address: 857624E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 857758F8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationFile
Address: 8CDCC8C4
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwSetInformationProcess
Address: 857759D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 85778A98
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: 8CDD001E
Driver Base: 8CDCB000
Driver End: 8CDF3000
Driver Name: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Function Name: ZwSuspendProcess
Address: 85778CC0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 85775738
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 857793F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 85775818
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 85775AC8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 85777240
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThreadEx
Address: 85779F28
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\298EFB03.TMP
Status: Access denied

Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\35383825.TMP
Status: Access denied

Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\535603B7.TMP
Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\298EFB03.TMP
Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\35383825.TMP
Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\535603B7.TMP
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 22nd, 2010, 7:44 pm

Step # 1 Download HostsXpert

Download HostsXpert and unzip it to your desktop.

Open HostsXpert that you earlier unzipped on your Desktop.

  • Click "Make Hosts Writable?" upper right corner (if available)
  • Click "Restore Microsoft's Original Hosts File" and then click OK
  • Close HostsXpert

Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually


Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware