Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirect malware

Unread postby Tatzumi » March 13th, 2011, 10:02 pm

Hi guys, I have been trying to remove this virus/malware that makes all my internet searches in Firefox or IE to redirect me to a random website, I have ran Spy bot, Malware Bytes, AVG, and none of them seems to work. I also tryed to run HIJACKTHIS, but I also seem to have a problem running HIJACKTHIS as an administrator on window 7 64bit.

I ran the DSS tool and I get the following report:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Daniel at 22:11:06.46 on Sun 03/13/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6117 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\DAODx.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\AMBSpiE.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\World of Warcraft\WoW.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Daniel\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0gtNElKTUg"&"inst=NzctNTYwODY5MzE5LVhPMTArMTI"&"prod=90"&"ver=10.0.1204
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jwax8tiu.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-7 39480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-3-7 1301504]
R3 VMfilt;VMfilt;C:\Windows\System32\drivers\VMfilt64.sys [2011-3-7 25600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-17 401696]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-3-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-12 79360]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-7 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-6-12 136616]
.
=============== Created Last 30 ================
.
2011-03-14 04:02:45 65536 ----a-w- C:\Windows\SysWow64\Lycosa.cpl
2011-03-14 01:08:30 388096 ----a-r- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-14 01:08:30 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-13 04:23:47 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-03-13 04:23:35 -------- d-----w- C:\Program Files\Creative
2011-03-13 04:22:32 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-03-13 04:22:32 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-03-13 04:22:32 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-03-13 04:22:32 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-03-13 04:22:22 -------- d-----w- C:\Program Files (x86)\ASUS
2011-03-13 04:22:13 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-03-13 04:22:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-03-13 04:22:13 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-03-13 04:22:13 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-03-13 04:22:12 724992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-03-13 04:22:12 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-03-13 04:22:12 184452 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-03-13 04:17:07 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2011-03-13 04:16:39 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx
2011-03-13 04:16:39 53248 ------w- C:\Windows\Ctregrun.exe
2011-03-13 04:15:27 -------- d-----w- C:\Program Files (x86)\Creative
2011-03-13 04:15:08 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2011-03-13 04:14:02 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-13 04:14:02 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-03-13 04:14:02 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-13 04:14:02 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-13 04:14:01 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-13 04:14:01 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-13 04:14:01 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-13 04:14:01 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-12 19:36:15 -------- d-----r- C:\Users\Daniel\Podcasts
2011-03-12 19:36:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2011-03-12 19:35:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2011-03-12 19:35:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2011-03-12 19:35:53 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2011-03-12 19:35:51 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2011-03-12 19:35:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2011-03-12 19:35:45 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2011-03-12 19:33:45 547840 ----a-w- C:\Windows\SysWow64\PortableDeviceApi.dll
2011-03-12 19:33:44 758272 ----a-w- C:\Windows\System32\PortableDeviceApi.dll
2011-03-12 19:33:07 -------- d-----w- C:\Windows\PCHEALTH
2011-03-12 07:12:54 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Azureus
2011-03-12 07:07:40 -------- d-----w- C:\Program Files (x86)\Vuze
2011-03-09 20:22:44 -------- d-----w- C:\Program Files (x86)\Steam
2011-03-09 20:22:44 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-03-09 02:01:11 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-09 02:01:11 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 02:01:11 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 02:01:11 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-09 02:01:11 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 02:01:11 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 02:01:11 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 02:01:11 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 02:01:09 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 02:01:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 02:01:09 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 02:01:09 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-08 01:49:29 -------- d-----w- C:\Users\Daniel\AppData\Roaming\AVG10
2011-03-08 01:48:55 -------- d--h--w- C:\PROGRA~3\Common Files
2011-03-08 01:48:09 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-08 01:47:30 -------- d-----w- C:\Program Files (x86)\AVG
2011-03-08 01:42:44 -------- d-----w- C:\PROGRA~3\MFAData
2011-03-08 01:19:09 -------- d-----w- C:\Users\Daniel\AppData\Roaming\LolClient
2011-03-07 22:42:57 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-03-07 22:42:57 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-03-07 22:42:57 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-03-07 22:42:57 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-03-07 22:42:57 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-03-07 22:40:29 -------- d-----w- C:\Riot Games
2011-03-07 22:27:55 -------- d-----w- C:\Users\Daniel\AppData\Local\PMB Files
2011-03-07 22:27:54 -------- d-----w- C:\PROGRA~3\PMB Files
2011-03-07 22:27:46 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-03-07 21:18:03 -------- d-----w- C:\Program Files\Ventrilo
2011-03-07 21:17:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-03-07 21:08:09 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2011-03-07 19:49:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-03-07 19:49:25 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-03-07 19:41:05 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes
2011-03-07 19:40:57 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-07 19:40:57 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-07 19:40:54 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-07 19:40:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-07 18:57:39 -------- d-----w- C:\Windows\SysWow64\Wat
2011-03-07 18:57:39 -------- d-----w- C:\Windows\System32\Wat
2011-03-07 11:32:13 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-03-07 11:32:13 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-03-07 11:29:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-07 11:29:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-03-07 11:29:46 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-03-07 11:29:46 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-07 11:29:46 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-07 11:29:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-03-07 11:29:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-07 11:29:46 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-03-07 11:29:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-03-07 11:29:46 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-03-07 11:19:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-07 11:16:48 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-03-07 11:15:59 -------- d-----w- C:\Program Files (x86)\VIA
2011-03-07 11:15:29 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{586E484A-149E-4C50-BBC4-00256956156E}\mpengine.dll
2011-03-07 11:14:34 -------- d-----w- C:\Program Files (x86)\NEC Electronics
2011-03-07 11:13:10 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-03-07 11:13:10 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-03-07 11:13:09 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-03-07 11:13:09 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-03-07 11:10:00 -------- d-----w- C:\Program Files (x86)\Marvell
2011-03-07 11:07:36 39480 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-03-07 11:07:29 121872 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys
2011-03-07 11:07:03 -------- d-----w- C:\Program Files\ATI
2011-03-07 11:06:21 -------- d-----w- C:\Program Files\ATI Technologies
2011-03-07 11:04:04 -------- d-----w- C:\Program Files (x86)\AMD
2011-03-07 10:56:24 15872 ----a-w- C:\Windows\AsTaskSched.dll
2011-03-07 10:54:37 -------- d-sh--w- C:\Windows\Installer
2011-03-07 10:54:33 -------- d-----w- C:\Users\Daniel\AppData\Local\Downloaded Installations
2011-03-07 10:51:41 -------- d-----w- C:\Users\Daniel\AppData\Local\Diagnostics
2011-03-07 10:49:09 -------- d-----w- C:\Users\Daniel\AppData\Local\VirtualStore
2011-03-07 10:31:37 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-03-07 10:30:56 0 ----a-w- C:\Windows\ativpsrm.bin
2011-03-07 10:27:10 -------- d-----w- C:\Windows\Panther
2011-03-07 10:18:12 -------- d-----w- C:\Windows.old
.
==================== Find3M ====================
.
2011-03-13 04:25:10 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-03-13 04:25:10 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-03-13 04:25:10 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-03-13 04:25:10 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-18 06:15:38 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:32:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:11:32.06 ===============


Any help would be greatly appreciated.
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm
Advertisement
Register to Remove

Re: Google redirect malware

Unread postby deltalima » March 14th, 2011, 9:45 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby deltalima » March 14th, 2011, 9:53 am

Hi Tatzumi,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Azureus


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Please run a new scan with DDS and post both the logs DDS.txt and Attach.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 15th, 2011, 3:05 pm

I know you are the expert but I just recently downloaded VUZE, and the problem I have been having I have had for several months before, in any I did what you told me and here's the new DDS report:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Daniel at 15:01:53.54 on Tue 03/15/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6985 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\DAODx.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Windows\system32\AMBSpiE.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Daniel\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
mRun-x64: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jwax8tiu.default\
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-7 39480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-3-7 1301504]
R3 VMfilt;VMfilt;C:\Windows\System32\drivers\VMfilt64.sys [2011-3-7 25600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-17 401696]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-3-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-12 79360]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-7 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-6-12 136616]
.
=============== Created Last 30 ================
.
2011-03-15 04:50:21 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-15 04:50:18 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7097CAD1-06BC-4A68-BAEE-5ABEC448DF16}\mpengine.dll
2011-03-15 04:50:18 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-14 04:02:45 65536 ----a-w- C:\Windows\SysWow64\Lycosa.cpl
2011-03-14 01:08:30 388096 ----a-r- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-14 01:08:30 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-13 04:23:47 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-03-13 04:23:35 -------- d-----w- C:\Program Files\Creative
2011-03-13 04:22:32 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-03-13 04:22:32 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-03-13 04:22:32 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-03-13 04:22:32 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-03-13 04:22:22 -------- d-----w- C:\Program Files (x86)\ASUS
2011-03-13 04:22:13 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-03-13 04:22:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-03-13 04:22:13 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-03-13 04:22:13 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-03-13 04:22:12 724992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-03-13 04:22:12 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-03-13 04:22:12 184452 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-03-13 04:17:07 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2011-03-13 04:16:39 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx
2011-03-13 04:16:39 53248 ------w- C:\Windows\Ctregrun.exe
2011-03-13 04:15:27 -------- d-----w- C:\Program Files (x86)\Creative
2011-03-13 04:15:08 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2011-03-13 04:14:02 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-13 04:14:02 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-03-13 04:14:02 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-13 04:14:02 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-13 04:14:01 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-13 04:14:01 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-13 04:14:01 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-13 04:14:01 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-12 19:36:15 -------- d-----r- C:\Users\Daniel\Podcasts
2011-03-12 19:36:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR
2011-03-12 19:35:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT
2011-03-12 19:35:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2011-03-12 19:35:53 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2011-03-12 19:35:51 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2011-03-12 19:35:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2011-03-12 19:35:45 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2011-03-12 19:33:45 547840 ----a-w- C:\Windows\SysWow64\PortableDeviceApi.dll
2011-03-12 19:33:44 758272 ----a-w- C:\Windows\System32\PortableDeviceApi.dll
2011-03-12 19:33:07 -------- d-----w- C:\Windows\PCHEALTH
2011-03-12 07:12:54 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Azureus
2011-03-09 20:22:44 -------- d-----w- C:\Program Files (x86)\Steam
2011-03-09 20:22:44 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-03-09 02:01:11 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-09 02:01:11 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 02:01:11 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 02:01:11 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-09 02:01:11 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 02:01:11 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 02:01:11 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 02:01:11 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 02:01:09 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 02:01:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 02:01:09 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 02:01:09 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-08 01:49:29 -------- d-----w- C:\Users\Daniel\AppData\Roaming\AVG10
2011-03-08 01:48:55 -------- d--h--w- C:\PROGRA~3\Common Files
2011-03-08 01:48:09 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-08 01:47:30 -------- d-----w- C:\Program Files (x86)\AVG
2011-03-08 01:42:44 -------- d-----w- C:\PROGRA~3\MFAData
2011-03-08 01:19:09 -------- d-----w- C:\Users\Daniel\AppData\Roaming\LolClient
2011-03-07 22:42:57 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-03-07 22:42:57 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-03-07 22:42:57 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-03-07 22:42:57 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-03-07 22:42:57 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-03-07 22:40:29 -------- d-----w- C:\Riot Games
2011-03-07 22:27:55 -------- d-----w- C:\Users\Daniel\AppData\Local\PMB Files
2011-03-07 22:27:54 -------- d-----w- C:\PROGRA~3\PMB Files
2011-03-07 22:27:46 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-03-07 21:18:03 -------- d-----w- C:\Program Files\Ventrilo
2011-03-07 21:17:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-03-07 21:08:09 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2011-03-07 19:49:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-03-07 19:49:25 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-03-07 19:41:05 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes
2011-03-07 19:40:57 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-07 19:40:57 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-07 19:40:54 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-07 19:40:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-07 18:57:39 -------- d-----w- C:\Windows\SysWow64\Wat
2011-03-07 18:57:39 -------- d-----w- C:\Windows\System32\Wat
2011-03-07 11:32:13 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-03-07 11:32:13 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-03-07 11:29:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-07 11:29:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-03-07 11:29:46 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-03-07 11:29:46 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-07 11:29:46 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-07 11:29:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-03-07 11:29:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-07 11:29:46 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-03-07 11:29:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-03-07 11:29:46 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-03-07 11:19:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-07 11:16:48 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-03-07 11:15:59 -------- d-----w- C:\Program Files (x86)\VIA
2011-03-07 11:14:34 -------- d-----w- C:\Program Files (x86)\NEC Electronics
2011-03-07 11:13:10 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-03-07 11:13:10 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-03-07 11:13:09 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-03-07 11:13:09 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-03-07 11:10:00 -------- d-----w- C:\Program Files (x86)\Marvell
2011-03-07 11:07:36 39480 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-03-07 11:07:29 121872 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys
2011-03-07 11:07:03 -------- d-----w- C:\Program Files\ATI
2011-03-07 11:06:21 -------- d-----w- C:\Program Files\ATI Technologies
2011-03-07 11:04:04 -------- d-----w- C:\Program Files (x86)\AMD
2011-03-07 10:56:24 15872 ----a-w- C:\Windows\AsTaskSched.dll
2011-03-07 10:54:37 -------- d-sh--w- C:\Windows\Installer
2011-03-07 10:54:33 -------- d-----w- C:\Users\Daniel\AppData\Local\Downloaded Installations
2011-03-07 10:51:41 -------- d-----w- C:\Users\Daniel\AppData\Local\Diagnostics
2011-03-07 10:49:09 -------- d-----w- C:\Users\Daniel\AppData\Local\VirtualStore
2011-03-07 10:31:37 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-03-07 10:30:56 0 ----a-w- C:\Windows\ativpsrm.bin
2011-03-07 10:27:10 -------- d-----w- C:\Windows\Panther
2011-03-07 10:18:12 -------- d-----w- C:\Windows.old
.
==================== Find3M ====================
.
2011-03-13 04:25:10 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-03-13 04:25:10 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-03-13 04:25:10 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-03-13 04:25:10 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-18 06:15:38 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:32:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 15:02:12.52 ===============


Thanks for all the help so far...
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 15th, 2011, 3:22 pm

Hi Tatzumi,

Please also post the Attach.txt log from the DDS scan.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 15th, 2011, 5:38 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/7/2011 2:48:45 AM
System Uptime: 3/15/2011 2:21:48 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Crosshair IV Formula
Processor: AMD Phenom(tm) II X6 1090T Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 95.04 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 877.389 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 95.001 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 3/9/2011 1:20:02 AM - Windows Update
RP10: 3/9/2011 12:22:19 PM - Installed Steam
RP11: 3/12/2011 11:32:44 AM - Windows Update
RP13: 3/12/2011 11:33:56 AM - Installed Zune 4.7
RP14: 3/12/2011 9:14:47 PM - Installed Creative MediaSource 5
RP15: 3/12/2011 9:16:47 PM - Installed Creative Software AutoUpdate
RP16: 3/12/2011 9:22:15 PM - Installed Plug9
RP17: 3/12/2011 9:23:06 PM - Installed Sound Blaster X-Fi MB
RP19: 3/13/2011 6:08:02 PM - Installed HiJackThis
RP20: 3/13/2011 6:24:11 PM - Removed AVG 2011
RP21: 3/13/2011 6:25:31 PM - Removed AVG 2011
RP18: 3/13/2011 9:02:09 PM - Installed Razer Lycosa
RP22: 3/14/2011 9:49:56 PM - Windows Update
RP23: 3/15/2011 5:01:06 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
AMD OverDrive
AMD USB Filter Driver
Batman: Arkham Asylum GOTY Edition
Creative MediaSource 5
HiJackThis
League of Legends
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.15)
NEC Electronics USB 3.0 Host Controller Driver
Pando Media Booster
Platform
Razer Lycosa
Sound Blaster X-Fi MB
Steam
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
.
==== Event Viewer Messages From Past Week ========
.
3/15/2011 2:54:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/15/2011 2:54:13 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/15/2011 2:53:39 PM, Error: atikmdag [43029] - Display is not active
3/15/2011 1:35:14 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
.
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 15th, 2011, 5:53 pm

Hi Tatzumi,

The log shows that you uninstalled AVG 2011 and you now have no antivirus installed, is this correct?

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Right click the TDSSKiller icon and select Run as Administrator then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 15th, 2011, 6:20 pm

Yes I uninstalled because I was told that HIJACKTHIS can have porblem working with AVG and SPYBOTSEARCH and DESTROY.
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 15th, 2011, 6:22 pm

OK, we will need to install an antivirus program as top priority. Please run TDSSKiller and post the log first.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 15th, 2011, 6:36 pm

2011/03/15 18:35:22.0361 1452 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/15 18:35:25.0431 1452 ================================================================================
2011/03/15 18:35:25.0431 1452 SystemInfo:
2011/03/15 18:35:25.0431 1452
2011/03/15 18:35:25.0431 1452 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/15 18:35:25.0431 1452 Product type: Workstation
2011/03/15 18:35:25.0432 1452 ComputerName: DANIEL-PC
2011/03/15 18:35:25.0432 1452 UserName: Daniel
2011/03/15 18:35:25.0432 1452 Windows directory: C:\Windows
2011/03/15 18:35:25.0432 1452 System windows directory: C:\Windows
2011/03/15 18:35:25.0432 1452 Running under WOW64
2011/03/15 18:35:25.0432 1452 Processor architecture: Intel x64
2011/03/15 18:35:25.0432 1452 Number of processors: 6
2011/03/15 18:35:25.0432 1452 Page size: 0x1000
2011/03/15 18:35:25.0432 1452 Boot type: Normal boot
2011/03/15 18:35:25.0432 1452 ================================================================================
2011/03/15 18:35:31.0447 1452 Initialize success
2011/03/15 18:35:33.0156 2984 ================================================================================
2011/03/15 18:35:33.0156 2984 Scan started
2011/03/15 18:35:33.0156 2984 Mode: Manual;
2011/03/15 18:35:33.0156 2984 ================================================================================
2011/03/15 18:35:33.0976 2984 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/15 18:35:34.0149 2984 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/15 18:35:34.0175 2984 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/15 18:35:34.0224 2984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/15 18:35:34.0249 2984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/15 18:35:34.0463 2984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/15 18:35:34.0497 2984 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/15 18:35:34.0547 2984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/15 18:35:34.0714 2984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/15 18:35:34.0745 2984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/15 18:35:34.0833 2984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/15 18:35:34.0880 2984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/15 18:35:35.0022 2984 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/15 18:35:35.0035 2984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/15 18:35:35.0064 2984 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/15 18:35:35.0141 2984 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/15 18:35:35.0346 2984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/15 18:35:35.0357 2984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/15 18:35:35.0376 2984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/15 18:35:35.0388 2984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/15 18:35:35.0450 2984 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/03/15 18:35:35.0728 2984 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/15 18:35:36.0069 2984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/15 18:35:36.0130 2984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/15 18:35:36.0348 2984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/15 18:35:36.0393 2984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/15 18:35:36.0413 2984 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/15 18:35:36.0593 2984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/15 18:35:36.0614 2984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/15 18:35:36.0648 2984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/15 18:35:36.0660 2984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/15 18:35:36.0672 2984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/15 18:35:36.0684 2984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/15 18:35:36.0720 2984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/15 18:35:36.0870 2984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/15 18:35:36.0922 2984 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/15 18:35:36.0969 2984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/15 18:35:37.0095 2984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/15 18:35:37.0213 2984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/15 18:35:37.0244 2984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/15 18:35:37.0274 2984 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/15 18:35:37.0312 2984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/15 18:35:37.0424 2984 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/15 18:35:37.0466 2984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/15 18:35:37.0676 2984 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/15 18:35:37.0715 2984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/15 18:35:37.0747 2984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/15 18:35:37.0817 2984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/15 18:35:37.0993 2984 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/15 18:35:38.0113 2984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/15 18:35:38.0364 2984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/15 18:35:38.0394 2984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/15 18:35:38.0415 2984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/15 18:35:38.0445 2984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/15 18:35:38.0477 2984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/15 18:35:38.0681 2984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/15 18:35:38.0699 2984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/15 18:35:38.0725 2984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/15 18:35:38.0739 2984 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/15 18:35:38.0779 2984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/15 18:35:38.0801 2984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/15 18:35:38.0997 2984 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/15 18:35:39.0028 2984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/15 18:35:39.0075 2984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/15 18:35:39.0219 2984 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/15 18:35:39.0361 2984 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/15 18:35:39.0405 2984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/15 18:35:39.0416 2984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/15 18:35:39.0465 2984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/15 18:35:39.0512 2984 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/15 18:35:39.0532 2984 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/15 18:35:39.0704 2984 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/15 18:35:39.0760 2984 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/15 18:35:39.0801 2984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/15 18:35:39.0975 2984 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/15 18:35:40.0015 2984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/15 18:35:40.0052 2984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/15 18:35:40.0086 2984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/15 18:35:40.0100 2984 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/15 18:35:40.0115 2984 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/15 18:35:40.0128 2984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/15 18:35:40.0299 2984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/15 18:35:40.0365 2984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/15 18:35:40.0398 2984 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/15 18:35:40.0442 2984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/15 18:35:40.0574 2984 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/15 18:35:40.0615 2984 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/15 18:35:40.0682 2984 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/15 18:35:40.0705 2984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/15 18:35:40.0891 2984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/15 18:35:40.0941 2984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/15 18:35:40.0953 2984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/15 18:35:40.0964 2984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/15 18:35:40.0998 2984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/15 18:35:41.0010 2984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/15 18:35:41.0029 2984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/15 18:35:41.0076 2984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/15 18:35:41.0129 2984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/15 18:35:41.0289 2984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/15 18:35:41.0314 2984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/15 18:35:41.0376 2984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/15 18:35:41.0388 2984 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/15 18:35:41.0400 2984 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/15 18:35:41.0419 2984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/15 18:35:41.0455 2984 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/15 18:35:41.0505 2984 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/15 18:35:41.0627 2984 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/15 18:35:41.0649 2984 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/15 18:35:41.0725 2984 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/15 18:35:41.0747 2984 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/15 18:35:41.0862 2984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/15 18:35:41.0889 2984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/15 18:35:41.0909 2984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/15 18:35:41.0983 2984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/15 18:35:42.0167 2984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/15 18:35:42.0193 2984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/15 18:35:42.0213 2984 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/15 18:35:42.0268 2984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/15 18:35:42.0293 2984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/15 18:35:42.0379 2984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/15 18:35:42.0470 2984 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/03/15 18:35:42.0529 2984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/15 18:35:42.0641 2984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/15 18:35:42.0706 2984 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/15 18:35:42.0787 2984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/15 18:35:42.0851 2984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/15 18:35:42.0883 2984 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/15 18:35:42.0897 2984 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/15 18:35:42.0908 2984 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/15 18:35:42.0919 2984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/15 18:35:42.0953 2984 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/15 18:35:43.0091 2984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/15 18:35:43.0142 2984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/15 18:35:43.0174 2984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/15 18:35:43.0223 2984 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/15 18:35:43.0307 2984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/15 18:35:43.0390 2984 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/03/15 18:35:43.0409 2984 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/03/15 18:35:43.0445 2984 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/15 18:35:43.0493 2984 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/15 18:35:43.0518 2984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/15 18:35:43.0592 2984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/15 18:35:43.0617 2984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/15 18:35:43.0643 2984 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/15 18:35:43.0693 2984 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/15 18:35:43.0725 2984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/15 18:35:43.0776 2984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/15 18:35:43.0788 2984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/15 18:35:43.0825 2984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/15 18:35:43.0936 2984 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/15 18:35:43.0991 2984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/15 18:35:44.0042 2984 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/15 18:35:44.0083 2984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/15 18:35:44.0289 2984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/15 18:35:44.0310 2984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/15 18:35:44.0338 2984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/15 18:35:44.0411 2984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/15 18:35:44.0602 2984 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/15 18:35:44.0626 2984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/15 18:35:44.0648 2984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/15 18:35:44.0668 2984 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/15 18:35:44.0703 2984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/15 18:35:44.0737 2984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/15 18:35:44.0900 2984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/15 18:35:44.0940 2984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/15 18:35:44.0952 2984 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/15 18:35:44.0987 2984 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/15 18:35:45.0018 2984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/15 18:35:45.0033 2984 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/15 18:35:45.0056 2984 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/15 18:35:45.0266 2984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/15 18:35:45.0305 2984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/15 18:35:45.0351 2984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/15 18:35:45.0362 2984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/15 18:35:45.0385 2984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/15 18:35:45.0397 2984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/15 18:35:45.0426 2984 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/15 18:35:45.0437 2984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/15 18:35:45.0456 2984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/15 18:35:45.0467 2984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/15 18:35:45.0518 2984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/15 18:35:45.0557 2984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/15 18:35:45.0628 2984 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/15 18:35:45.0795 2984 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/15 18:35:45.0820 2984 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/15 18:35:45.0886 2984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/15 18:35:46.0042 2984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/15 18:35:46.0159 2984 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/15 18:35:46.0358 2984 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/15 18:35:46.0405 2984 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/15 18:35:46.0438 2984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/15 18:35:46.0448 2984 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/15 18:35:46.0478 2984 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/15 18:35:46.0490 2984 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/15 18:35:46.0523 2984 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/15 18:35:46.0681 2984 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/15 18:35:46.0734 2984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/15 18:35:46.0772 2984 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/15 18:35:46.0813 2984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/15 18:35:46.0972 2984 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/15 18:35:46.0999 2984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/15 18:35:47.0114 2984 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/03/15 18:35:47.0206 2984 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/15 18:35:47.0290 2984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/15 18:35:47.0380 2984 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/15 18:35:47.0445 2984 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/03/15 18:35:47.0514 2984 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/15 18:35:47.0667 2984 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/15 18:35:47.0712 2984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/15 18:35:47.0732 2984 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/15 18:35:47.0786 2984 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/15 18:35:48.0004 2984 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/15 18:35:48.0041 2984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/15 18:35:48.0092 2984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/15 18:35:48.0120 2984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/15 18:35:48.0282 2984 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/15 18:35:48.0519 2984 VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys
2011/03/15 18:35:48.0572 2984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/15 18:35:48.0593 2984 VMfilt (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\VMfilt64.sys
2011/03/15 18:35:48.0607 2984 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/15 18:35:48.0751 2984 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/15 18:35:48.0776 2984 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/15 18:35:48.0924 2984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/15 18:35:48.0946 2984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/15 18:35:49.0002 2984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/15 18:35:49.0045 2984 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/15 18:35:49.0053 2984 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/15 18:35:49.0267 2984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/15 18:35:49.0324 2984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/15 18:35:49.0371 2984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/15 18:35:49.0403 2984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/15 18:35:49.0634 2984 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/03/15 18:35:49.0686 2984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/15 18:35:49.0722 2984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/15 18:35:49.0754 2984 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/15 18:35:49.0919 2984 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/15 18:35:50.0008 2984 yukonw7 (b2818bfab7817f7e7ee886f58b15b35c) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/03/15 18:35:50.0059 2984 ================================================================================
2011/03/15 18:35:50.0059 2984 Scan finished
2011/03/15 18:35:50.0059 2984 ================================================================================
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 15th, 2011, 6:52 pm

Hi Tatzumi,

No anti-virus

Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Please run a full scan and post the log in your next reply.

Please let me know if you are connected to the Internet through a router, and if so if you have the information you would need to reset the router and configure it so that it would work with your ISP.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 15th, 2011, 8:02 pm

Avira AntiVir Personal
Report file date: Tuesday, March 15, 2011 19:50

Scanning for 2494868 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Daniel
Computer name : DANIEL-PC

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 21:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 21:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 02:49:33
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 02:49:33
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 02:49:33
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 02:49:33
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 02:49:33
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 02:49:33
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 02:49:33
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 02:49:34
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 02:49:34
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 02:49:34
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 02:49:34
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 02:49:35
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 02:49:36
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 02:49:36
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 02:49:37
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 02:49:38
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 02:49:39
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 02:49:40
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 02:49:41
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 02:49:42
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 02:49:42
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 02:49:43
VBASE024.VDF : 7.11.4.184 2048 Bytes 3/14/2011 02:49:43
VBASE025.VDF : 7.11.4.185 2048 Bytes 3/14/2011 02:49:43
VBASE026.VDF : 7.11.4.186 2048 Bytes 3/14/2011 02:49:44
VBASE027.VDF : 7.11.4.187 2048 Bytes 3/14/2011 02:49:44
VBASE028.VDF : 7.11.4.188 2048 Bytes 3/14/2011 02:49:44
VBASE029.VDF : 7.11.4.189 2048 Bytes 3/14/2011 02:49:44
VBASE030.VDF : 7.11.4.190 2048 Bytes 3/14/2011 02:49:44
VBASE031.VDF : 7.11.4.216 78848 Bytes 3/15/2011 02:49:44
Engineversion : 8.2.4.186
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 21:23:26
AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 3/16/2011 02:49:55
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 21:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 21:23:26
AERDL.DLL : 8.1.9.8 639346 Bytes 3/16/2011 02:49:53
AEPACK.DLL : 8.2.4.12 520567 Bytes 3/16/2011 02:49:52
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/16/2011 02:49:51
AEHEUR.DLL : 8.1.2.86 3350903 Bytes 3/16/2011 02:49:51
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/16/2011 02:49:47
AEGEN.DLL : 8.1.5.2 397683 Bytes 3/16/2011 02:49:47
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 21:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 3/16/2011 02:49:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 21:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 21:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 21:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 21:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 21:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 21:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 21:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 21:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 21:23:52

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files (x86)\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, March 15, 2011 19:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'WoW.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'SteamService.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'razerhid.exe' - '1' Module(s) have been scanned
Scan process 'VolPanlu.exe' - '1' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'DAODx.exe' - '1' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '162' files ).



End of the scan: Tuesday, March 15, 2011 19:50
Used time: 00:15 Minute(s)

The scan has been done completely.

0 Scanned directories
615 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
615 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes


I am using a router to connect to the internet however i only know how to do manual resets, I dot know how to set my comp as the main IP or if my comp is the main IP.
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 16th, 2011, 4:04 am

Hi Tatzumi,

Please follow the instructions here to set you computer to use OpenDNS.

Now Reboot and let me know if the browser redirects have stopped.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirect malware

Unread postby Tatzumi » March 16th, 2011, 12:39 pm

I don't understand how to do the following steps, any help would be appreciated:


(Specialy number 6)
6. Click the radio button 'Use the following DNS server addresses:' and type in OpenDNS' addresses in the Preferred DNS server and Alternate DNS server fields.

7. Click OK button, then the Close button, then Close again. Finally, close the Network and Sharing Center window.
At this point, we highly suggest that you flush your DNS resolver cache and web browser caches to ensure that your new DNS configuration settings take immediate effect.
Tatzumi
Regular Member
 
Posts: 15
Joined: March 13th, 2011, 9:39 pm

Re: Google redirect malware

Unread postby deltalima » March 16th, 2011, 2:41 pm

Hi Tatzumi,

6. Click the radio button 'Use the following DNS server addresses:' and type in OpenDNS' addresses in the Preferred DNS server and Alternate DNS server fields.


You need to click on the round spot next to
Use the following DNS server addresses

And then type the numbers shown into the boxes as per the diagram (inside the orange ellipse). Then click OK

If the screen you see does not look like that then please describe what you see.

You can skip section 7 so long as you reboot before testing.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware