Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirect

Unread postby Reverse » October 9th, 2011, 1:47 am

In the past day or so my computer was infected by what I'm guessing was a hotlink. This has been a high than normal occurrence past month or so, and normally all it takes is a quick scan through Malware-bytes to resolve the problems. However this time I noticed google starting to randomly redirect my searches, random ad tabs would pop up in FF, and decided to do my normal anti-malware routine through safe mode and after a couple basic searches and reading similar virus reports I'm realizing that extra more meticulous steps are required to clean my PC of this virus. Also there's a new symptom that Windows Security Center has been turned off and is telling me "Windows Security center service can't be turned on." Here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17
Run by Stephen at 22:32:14 on 2011-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1973 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=C:\Users\Stephen\AppData\Local\f4793b42\X
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [googletalk] C:\Users\Stephen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [NCsoft]
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\REGIST~1.LNK - C:\Program Files (x86)\Steam\steamapps\common\assassins creed\Register\RegistrationReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/Messenger ... E_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
TCP: Interfaces\{97B10093-7939-40A5-B4C2-AC5A42B5F7EA} : DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\1itz6mjb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?sk=nf|http://u ... /index.php
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb937ba ... g=en-US&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\GamersFirst\LIVE!\plugins\null\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\1itz6mjb.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: AVG Security Toolbar em:version=7.008.031.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar

em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG2012\Firefox4
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-4-29 1355968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-4 2214504]
S2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-9-27 246600]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-6 1025352]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-09 04:28:54 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-10-08 18:55:28 -------- d-----w- C:\Users\Stephen\AppData\Local\{E5F8274E-E926-4086-9FED-038D81F22666}
2011-10-08 18:54:21 -------- d-----w- C:\Users\Stephen\AppData\Local\{7FBF7B0B-64E8-4FA7-903D-5DA2B682D817}
2011-10-08 16:34:10 -------- d-----w- C:\Program Files\COMODO
2011-10-08 16:32:07 -------- d-----w- C:\ProgramData\Comodo
2011-10-08 16:31:15 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-10-08 15:10:42 -------- d-----w- C:\Users\Stephen\AppData\Local\{7BA937CC-DF12-404B-BF4E-76BD30CE4A10}
2011-10-08 15:10:12 -------- d-----w- C:\Users\Stephen\AppData\Local\{D2B93399-DFCE-4C6F-9996-5934DB4B7B00}
2011-10-08 06:59:12 -------- d-----w- C:\Users\Stephen\AppData\Local\{49BFB640-9E56-4FAE-B30B-E4C356C63442}
2011-10-08 06:58:53 -------- d-----w- C:\Users\Stephen\AppData\Local\{E8673126-7EC0-4D83-B00D-94EED192D0CD}
2011-10-08 06:48:18 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-08 06:46:47 -------- d-----we C:\Windows\system64
2011-10-05 15:39:23 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-09-30 00:32:36 -------- d-----w- C:\Users\Stephen\AppData\Local\{8D3836CD-EDE0-4DAC-89FA-A3A89C4A3658}
2011-09-30 00:32:12 -------- d-----w- C:\Users\Stephen\AppData\Local\{C0C77082-96FD-43EA-97FA-2E2A2B865F0C}
2011-09-28 00:30:42 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2011-09-28 00:30:42 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2011-09-28 00:29:51 -------- d-----w- C:\Users\Stephen\AppData\Roaming\AVG2012
2011-09-28 00:29:20 -------- d-----w- C:\ProgramData\AVG2012
2011-09-22 15:37:05 -------- d-----w- C:\Users\Stephen\AppData\Local\{435FAB85-3B1A-4CC3-A3A0-18A71E3C595E}
2011-09-22 15:36:55 -------- d-----w- C:\Users\Stephen\AppData\Local\{0B1BF4BE-B52A-4F9D-A76E-3636950EAA87}
2011-09-22 03:37:18 -------- d-----w- C:\Users\Stephen\AppData\Local\{E24BB26B-EA09-4287-B140-2AC88B566C24}
2011-09-22 03:37:02 -------- d-----w- C:\Users\Stephen\AppData\Local\{9EA2F241-A06C-46D0-91DF-BBBD4405E842}
2011-09-19 01:45:36 -------- d-----w- C:\Program Files\iPod
2011-09-18 14:57:39 -------- d-----w- C:\Users\Stephen\AppData\Local\{CC6DB9EE-FFBC-41CA-A524-65C90D2D3F44}
2011-09-18 14:57:26 -------- d-----w- C:\Users\Stephen\AppData\Local\{861A8C17-897A-46E4-ABB8-B4BD5B29CAC4}
2011-09-17 18:34:11 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Mount&Blade With Fire and Sword
2011-09-13 13:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-11 18:14:52 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-09-11 18:14:52 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-09-11 18:14:52 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-09-11 18:14:52 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-09-11 18:14:52 -------- d-----w- C:\Program Files (x86)\OpenAL
.
==================== Find3M ====================
.
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-08 13:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-17 22:49:57 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-07-17 22:49:57 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-07-17 22:49:00 281200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-11 08:14:36 375376 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-07-11 08:14:08 29776 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2011-07-11 08:14:06 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2011-07-11 08:14:06 120400 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-07-11 08:13:44 282704 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 22:34:56.87 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/7/2009 6:51:49 PM
System Uptime: 10/8/2011 9:27:34 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78 PLUS
Processor: AMD Phenom(tm) II X4 940 Processor | AM2 | 3008/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 443.775 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP297: 10/8/2011 12:06:06 AM - CheckIfInstallerIsBusy
RP298: 10/8/2011 12:07:49 AM - Windows Live Essentials
RP299: 10/8/2011 8:29:09 AM - Windows Backup
RP300: 10/8/2011 8:33:35 AM - Windows Backup
RP301: 10/8/2011 9:33:35 AM - Installed COMODO Internet Security
RP302: 10/8/2011 12:48:01 PM - Installed DirectX
RP303: 10/8/2011 1:11:43 PM - Windows Backup
RP304: 10/8/2011 1:15:20 PM - Windows Backup
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Akamai NetSession Interface
Alpha Protocol
Apple Application Support
Apple Software Update
Assassin's Creed
Assassin's Creed Brotherhood
Assassin's Creed II
Bastion
BioShock 2
Breath of Death VII
Champions Online: Free For All
Color LaserJet 2600n
Cthulhu Saves the World
Dead Rising 2
Deus Ex: Human Revolution
Dungeons of Dredmor
EdenEternal
GamersFirst LIVE!
Google Talk (remove only)
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mount & Blade: With Fire and Sword
NCsoft Launcher
NVIDIA PhysX
OpenAL
Pando Media Booster
Plants vs. Zombies: Game of the Year
Psychonauts
PunkBuster Services
Puzzle Quest
QuickTime
RAM Defrag (remove only)
Red Faction: Guerrilla
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype™ 4.2
Spiral Knights
System Requirements Lab CYRI
Terraria
The Binding Of Isaac
The Last Remnant
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Vampire: The Masquerade - Bloodlines
Winamp Detector Plug-in
.
==== Event Viewer Messages From Past Week ========
.
10/8/2011 9:35:01 AM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/8/2011 9:28:32 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/8/2011 9:28:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2011 9:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/8/2011 9:28:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/8/2011 9:28:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/8/2011 9:28:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/8/2011 9:27:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 cmdGuard discache spldr Wanarpv6
10/8/2011 9:27:55 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/8/2011 9:27:55 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/8/2011 8:09:29 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/8/2011 8:09:29 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/8/2011 11:53:59 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/8/2011 11:53:47 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
10/8/2011 10:26:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
.
==== End Of File ===========================
Reverse
Active Member
 
Posts: 7
Joined: October 9th, 2011, 1:24 am
Advertisement
Register to Remove

Re: Google Redirect

Unread postby deltalima » October 11th, 2011, 1:58 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby deltalima » October 11th, 2011, 2:10 pm

Hi Reverse,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Rootkit Warning

Your computer has multiple infections, including a rootkit.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

The rootkit in question is named Zero Access and can be dificult to remove, sometimes needing a reformat.

You are strongly advised to do the following:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
    If you don't mind the hassle, change all your account numbers.
  3. From a clean computer, change all your passwords
    (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
  4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of trojan, the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...

To help you understand more, please take some time to read the following articles:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
Back up and restore: frequently asked questions
Restoring your Vista-W7 backups ... Restoring your XP backups

If you wish we can attempt to remove the infection.

Please let me know how you wish to proceed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby Reverse » October 11th, 2011, 6:01 pm

Hello Deltalima,

Thanks for the response. Kinda sucks to hear this however I should mention after I posted the DDS I went into a bit of a worry and ran several scans between Malwarebytes, Hitman Pro, and AVG, which caught a number of Rootkits/Backdoors, as I had was inbetween the posting and the reply, I hope that's not a problem if it is I'll do whatever necessary steps to rectify it. However it's very true that I won't be able to fully trust my computer I had already backuped Users and Libraries a day or two ago and I want to say they were safe from the attack, also the computer itself is not currently storing alot of sensitive data and any passwords I'd consider important I plug in myself and I had not accessed any of those sites. The only concern I have right now with reformatting is that I bought my copy of Windows 7 through A student deal with Digital River and didn't have a backup installation. I'm thinking that the Reformat would be the best option just not sure how I'll easily be able to access of method to reinstall W7. I do have the product key. While I wait on your reply I'll go about calling MS to see what they say and I'll post any update to that here. Thanks again for the reponse
Reverse
Active Member
 
Posts: 7
Joined: October 9th, 2011, 1:24 am

Re: Google Redirect

Unread postby Reverse » October 11th, 2011, 9:08 pm

Here's an update

I found an install CD laying around and was able to reformat and reinstall Windows 7. I made a Backup of my users and Library during the virus attack when I had first thought that a re-install was the best method to make sure my computer was clean. Is there a way I can make sure the backup is alright to use without re-corrupting the PC
Reverse
Active Member
 
Posts: 7
Joined: October 9th, 2011, 1:24 am

Re: Google Redirect

Unread postby deltalima » October 12th, 2011, 3:58 am

Hi Reverse,

Good to hear that the reinstall worked, it is the best solution to this infection.

Is there a way I can make sure the backup is alright to use without re-corrupting the PC


As long as the backup is of data only then you should be OK. Please make sure that you install and update antivirus software before you restore any data then do a full scan once you have restored.

Once you have restored all the data, please run a new scan with DDS and post the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby Reverse » October 12th, 2011, 8:22 pm

Backup ran fine, no viruses from the backup so that all looks good and here are the DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Stephen at 17:19:15 on 2011-10-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2419 [GMT -7:00]
.
AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: C:\Windows\system32\iavlsp.dll
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
TCP: Interfaces\{8D44329C-4D52-4D17-98F8-C3F22718AA44} : DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\glopamtx.default\
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R2 AMP;Active Malware Protection Minifilter Driver;\??\C:\Windows\system32\Drivers\amp.sys --> C:\Windows\system32\Drivers\amp.sys [?]
R2 AMPSE;Active Malware Protection Support Driver;\??\C:\Windows\system32\Drivers\ampse.sys --> C:\Windows\system32\Drivers\ampse.sys [?]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-10-11 722616]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-11 2214504]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2011-1-21 121152]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2011-1-21 119104]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2011-1-21 179008]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-10-12 23:16:10 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1940AC4-2344-464D-A09E-0EDA703B5668}\offreg.dll
2011-10-12 23:04:24 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-12 23:04:24 -------- d-----w- C:\Windows\System32\Wat
2011-10-12 23:02:37 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-10-12 23:02:37 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-10-12 23:02:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-10-12 23:02:37 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-10-12 23:02:37 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-10-12 23:02:36 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-10-12 23:02:36 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-10-12 14:20:10 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-12 14:20:06 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1940AC4-2344-464D-A09E-0EDA703B5668}\mpengine.dll
2011-10-12 13:57:45 -------- d-----w- C:\Windows\System32\SPReview
2011-10-12 13:57:15 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-12 13:51:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-10-12 13:51:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-10-12 13:51:12 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-10-12 13:51:07 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2011-10-12 13:51:07 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2011-10-12 13:51:07 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-10-12 13:51:07 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-10-12 13:51:06 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2011-10-12 13:51:04 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-10-12 13:51:00 1171456 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-10-12 13:49:59 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-10-12 13:48:59 90112 ----a-w- C:\Windows\SysWow64\srvcli.dll
2011-10-12 13:46:29 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-10-12 13:46:29 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-10-12 13:46:14 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-10-12 03:50:13 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-10-12 03:50:10 -------- d-----w- C:\Program Files (x86)\Steam
2011-10-12 02:49:52 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-10-12 02:49:44 -------- d-----w- C:\Windows\PCHEALTH
2011-10-12 02:03:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-10-12 02:03:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-10-12 02:03:22 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 02:03:22 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 02:03:22 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 02:03:22 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-10-12 02:03:22 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-10-12 02:03:22 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 02:03:22 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-12 02:03:21 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-12 02:03:21 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-12 02:03:21 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-12 02:01:51 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-10-12 01:59:44 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-10-12 01:59:43 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-10-12 01:59:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 01:59:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 01:59:42 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 01:59:42 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 01:59:40 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-10-12 01:59:40 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-10-12 01:58:41 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-10-12 01:58:40 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-10-12 01:58:39 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-12 01:53:03 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-10-12 01:37:30 -------- d-----w- C:\Windows\Panther
2011-10-12 01:37:16 -------- d-sh--w- C:\Boot
2011-10-12 01:34:08 1465664 ----a-r- C:\Windows\System32\drivers\ampse.sys
2011-10-12 01:34:07 -------- d-----w- C:\ProgramData\Authentium
2011-10-12 01:34:07 -------- d-----w- C:\Program Files\Common Files\Authentium
2011-10-12 01:34:07 -------- d-----w- C:\Program Files (x86)\Common Files\Authentium
2011-10-12 01:34:05 -------- d-sh--w- C:\Windows\Installer
2011-10-12 01:34:04 160256 ----a-w- C:\Windows\System32\iavlsp64.dll
2011-10-12 01:34:04 118784 ----a-w- C:\Windows\SysWow64\iavlsp.dll
2011-10-12 01:33:58 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2011-10-12 01:33:58 2141832 ----a-w- C:\Windows\System32\Incinerator64.dll
2011-10-12 01:33:58 2083464 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2011-10-12 01:33:56 69000 ----a-w- C:\Windows\System32\offreg.dll
2011-10-12 01:33:56 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2011-10-12 01:33:56 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
2011-10-12 01:33:56 14848 ----a-w- C:\Windows\System32\smrgdf.exe
2011-10-12 01:33:56 -------- d-----w- C:\Program Files (x86)\iolo
2011-10-12 01:27:51 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2011-10-12 01:27:36 -------- d-----w- C:\iolo
2011-10-12 01:26:32 -------- d-----w- C:\Users\Stephen\AppData\Roaming\iolo
2011-10-12 01:26:32 -------- d-----w- C:\ProgramData\iolo
2011-10-12 01:05:25 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-12 01:01:31 -------- d-----w- C:\Users\Stephen\AppData\Local\Mozilla
2011-10-12 00:53:28 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Malwarebytes
.
==================== Find3M ====================
.
2011-10-12 22:25:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-12 22:25:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-01 22:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-08-01 22:59:06 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 17:19:52.83 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2011 5:43:30 PM
System Uptime: 10/12/2011 4:13:16 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78 PLUS
Processor: AMD Phenom(tm) II X4 940 Processor | AM2 | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 886.343 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 10/11/2011 5:45:56 PM - Windows Update
RP2: 10/11/2011 6:05:15 PM - Windows Update
RP3: 10/11/2011 7:04:30 PM - Windows Update
RP4: 10/11/2011 7:44:54 PM - iolo Designated Drivers Pre-Update Restore Point
RP5: 10/11/2011 7:45:08 PM - Windows Update
RP6: 10/11/2011 8:49:10 PM - Installed Steam
RP7: 10/12/2011 6:56:11 AM - Windows Update
RP8: 10/12/2011 7:19:52 AM - Windows Update
RP9: 10/12/2011 4:04:04 PM - Windows Update
RP10: 10/12/2011 4:10:38 PM - Windows Update
.
==== Installed Programs ======================
.
iolo technologies' System Mechanic Professional
Malwarebytes' Anti-Malware version 1.51.2.1300
Mozilla Firefox 7.0.1 (x86 en-US)
Orcs Must Die!
Steam
.
==== Event Viewer Messages From Past Week ========
.
10/12/2011 6:08:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/12/2011 4:13:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk
10/12/2011 3:36:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} and APPID {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} to the user Stephen-PC\UpdatusUser SID (S-1-5-21-1494018121-2410911606-3034184527-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/11/2011 8:51:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/11/2011 8:51:38 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2011 7:38:03 PM, Error: Service Control Manager [7023] -
10/11/2011 6:37:47 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.
10/11/2011 5:40:53 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024882
.
==== End Of File ===========================
Reverse
Active Member
 
Posts: 7
Joined: October 9th, 2011, 1:24 am

Re: Google Redirect

Unread postby Reverse » October 12th, 2011, 8:23 pm

Backup ran fine, no viruses from the backup so that all looks good and here are the DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Stephen at 17:19:15 on 2011-10-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2419 [GMT -7:00]
.
AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: C:\Windows\system32\iavlsp.dll
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
TCP: Interfaces\{8D44329C-4D52-4D17-98F8-C3F22718AA44} : DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\glopamtx.default\
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R2 AMP;Active Malware Protection Minifilter Driver;\??\C:\Windows\system32\Drivers\amp.sys --> C:\Windows\system32\Drivers\amp.sys [?]
R2 AMPSE;Active Malware Protection Support Driver;\??\C:\Windows\system32\Drivers\ampse.sys --> C:\Windows\system32\Drivers\ampse.sys [?]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-10-11 722616]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-11 2214504]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2011-1-21 121152]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2011-1-21 119104]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2011-1-21 179008]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-10-12 23:16:10 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1940AC4-2344-464D-A09E-0EDA703B5668}\offreg.dll
2011-10-12 23:04:24 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-12 23:04:24 -------- d-----w- C:\Windows\System32\Wat
2011-10-12 23:02:37 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-10-12 23:02:37 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-10-12 23:02:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-10-12 23:02:37 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-10-12 23:02:37 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-10-12 23:02:36 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-10-12 23:02:36 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-10-12 14:20:10 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-12 14:20:06 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1940AC4-2344-464D-A09E-0EDA703B5668}\mpengine.dll
2011-10-12 13:57:45 -------- d-----w- C:\Windows\System32\SPReview
2011-10-12 13:57:15 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-12 13:51:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-10-12 13:51:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-10-12 13:51:12 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-10-12 13:51:07 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2011-10-12 13:51:07 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2011-10-12 13:51:07 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-10-12 13:51:07 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-10-12 13:51:06 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2011-10-12 13:51:04 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-10-12 13:51:00 1171456 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-10-12 13:49:59 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-10-12 13:48:59 90112 ----a-w- C:\Windows\SysWow64\srvcli.dll
2011-10-12 13:46:29 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-10-12 13:46:29 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-10-12 13:46:14 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-10-12 03:50:13 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-10-12 03:50:10 -------- d-----w- C:\Program Files (x86)\Steam
2011-10-12 02:49:52 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-10-12 02:49:44 -------- d-----w- C:\Windows\PCHEALTH
2011-10-12 02:03:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-10-12 02:03:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-10-12 02:03:22 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 02:03:22 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 02:03:22 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 02:03:22 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-10-12 02:03:22 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-10-12 02:03:22 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 02:03:22 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-12 02:03:21 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-12 02:03:21 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-12 02:03:21 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-12 02:01:51 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-10-12 01:59:44 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-10-12 01:59:43 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-10-12 01:59:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 01:59:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 01:59:42 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 01:59:42 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 01:59:40 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-10-12 01:59:40 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-10-12 01:58:41 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-10-12 01:58:40 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-10-12 01:58:39 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-12 01:53:03 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-10-12 01:37:30 -------- d-----w- C:\Windows\Panther
2011-10-12 01:37:16 -------- d-sh--w- C:\Boot
2011-10-12 01:34:08 1465664 ----a-r- C:\Windows\System32\drivers\ampse.sys
2011-10-12 01:34:07 -------- d-----w- C:\ProgramData\Authentium
2011-10-12 01:34:07 -------- d-----w- C:\Program Files\Common Files\Authentium
2011-10-12 01:34:07 -------- d-----w- C:\Program Files (x86)\Common Files\Authentium
2011-10-12 01:34:05 -------- d-sh--w- C:\Windows\Installer
2011-10-12 01:34:04 160256 ----a-w- C:\Windows\System32\iavlsp64.dll
2011-10-12 01:34:04 118784 ----a-w- C:\Windows\SysWow64\iavlsp.dll
2011-10-12 01:33:58 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2011-10-12 01:33:58 2141832 ----a-w- C:\Windows\System32\Incinerator64.dll
2011-10-12 01:33:58 2083464 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2011-10-12 01:33:56 69000 ----a-w- C:\Windows\System32\offreg.dll
2011-10-12 01:33:56 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2011-10-12 01:33:56 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
2011-10-12 01:33:56 14848 ----a-w- C:\Windows\System32\smrgdf.exe
2011-10-12 01:33:56 -------- d-----w- C:\Program Files (x86)\iolo
2011-10-12 01:27:51 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2011-10-12 01:27:36 -------- d-----w- C:\iolo
2011-10-12 01:26:32 -------- d-----w- C:\Users\Stephen\AppData\Roaming\iolo
2011-10-12 01:26:32 -------- d-----w- C:\ProgramData\iolo
2011-10-12 01:05:25 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-12 01:01:31 -------- d-----w- C:\Users\Stephen\AppData\Local\Mozilla
2011-10-12 00:53:28 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Malwarebytes
.
==================== Find3M ====================
.
2011-10-12 22:25:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-12 22:25:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-01 22:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-08-01 22:59:06 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 17:19:52.83 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2011 5:43:30 PM
System Uptime: 10/12/2011 4:13:16 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78 PLUS
Processor: AMD Phenom(tm) II X4 940 Processor | AM2 | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 886.343 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 10/11/2011 5:45:56 PM - Windows Update
RP2: 10/11/2011 6:05:15 PM - Windows Update
RP3: 10/11/2011 7:04:30 PM - Windows Update
RP4: 10/11/2011 7:44:54 PM - iolo Designated Drivers Pre-Update Restore Point
RP5: 10/11/2011 7:45:08 PM - Windows Update
RP6: 10/11/2011 8:49:10 PM - Installed Steam
RP7: 10/12/2011 6:56:11 AM - Windows Update
RP8: 10/12/2011 7:19:52 AM - Windows Update
RP9: 10/12/2011 4:04:04 PM - Windows Update
RP10: 10/12/2011 4:10:38 PM - Windows Update
.
==== Installed Programs ======================
.
iolo technologies' System Mechanic Professional
Malwarebytes' Anti-Malware version 1.51.2.1300
Mozilla Firefox 7.0.1 (x86 en-US)
Orcs Must Die!
Steam
.
==== Event Viewer Messages From Past Week ========
.
10/12/2011 6:08:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/12/2011 4:13:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk
10/12/2011 3:36:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} and APPID {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} to the user Stephen-PC\UpdatusUser SID (S-1-5-21-1494018121-2410911606-3034184527-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/11/2011 8:51:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/11/2011 8:51:38 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2011 7:38:03 PM, Error: Service Control Manager [7023] -
10/11/2011 6:37:47 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.
10/11/2011 5:40:53 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024882
.
==== End Of File ===========================
Reverse
Active Member
 
Posts: 7
Joined: October 9th, 2011, 1:24 am

Re: Google Redirect

Unread postby Reverse » October 12th, 2011, 8:24 pm

Double post sorry.
Reverse
Active Member
 
Posts: 7
Joined: October 9th, 2011, 1:24 am

Re: Google Redirect

Unread postby deltalima » October 13th, 2011, 9:23 am

Hi Reverse,

The DDS log looks good, no sign of any rootkit infection now.

The antivirus program that you have installed is not one that I would recommend, a good free one like Avast would be better.

Other than that, you're computer appears to be clean!

Any questions before I archive the topic?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Redirect

Unread postby Reverse » October 13th, 2011, 9:27 am

Nope, Thanks for the assistance.
Reverse
Active Member
 
Posts: 7
Joined: October 9th, 2011, 1:24 am

Re: Google Redirect

Unread postby deltalima » October 13th, 2011, 9:33 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware