Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Tough Google redirect virus.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Tough Google redirect virus.

Unread postby dieselfoot » November 12th, 2010, 8:22 am

Hi,

My name is Chris and last night I found that I had been infected by what I believe is the google redirect virus. I spent most of the night scanning, rebooting, and researching solutions to no avail. I've downloaded and run Malwarebytes, tdsskiller, as well as a couple of others. Since running tdsskiller I haven't had the redirecting issue, but I'm still concerned that I may still be infected.

Thanks in advance for the help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:50:08 AM, on 11/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Chris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Chris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0801286671
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9e4ee3bae6daa) (gupdate1c9e4ee3bae6daa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10052 bytes

-------------------------------------------------------------------------------------------

Uninstall List

Ad-Aware SE Personal
Adobe After Effects 6.5
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
As Simple As Photoshop 5.2
Autodesk 3ds Max 8
Autodesk 3ds Max 8 Additional Maps and Materials
Autodesk 3ds Max 8 Architectural Materials
Autodesk 3ds Max 8 Reference Files
Autodesk DWF Viewer
AVG 2011
AVG 2011
AVG 2011
AviSynth 2.5
Azureus
Backburner
BlackBerry Desktop Software 6.0
BlackBerry Desktop Software 6.0
Blender (remove only)
Bluetooth Stack for Windows by Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
CleanUp!
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Cycore Effects 1.0
DeLorme Topo USA 7.0
DivX Codec
Documents To Go
DVD-RAM Driver
Dynex 1.3MP Webcam Driver (1.00.03.0000)
Dynex Webcam User's Guide
Final Draft 7
FL Studio 5
Free Window Registry Repair
Google Chrome
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
IrfanView (remove only)
Java(TM) 6 Update 22
Keylight (1.0v4) for Adobe After Effects
LinPlug_Albino_VSTi_v2.2.1-PLZ
Live! Cam Center
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand 10
Magic Bullet Editors 2.0 Vegas
Malwarebytes' Anti-Malware
MapSource
MapSource - US Topo 24K National Parks, Central v3
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
myBabylon_English Toolbar
mZConfig
Native Instruments B4 Tone Wheels Bundle v1.11
Native Instruments Guitar Rig v1.1.2
Office 2003 Trial Assistant
Palm
PDF Settings
Pen Tablet
PENTAX Digital Camera Utility
PSP Video 9 1.74
Python 2.4.3
QuickTime
Realtek High Definition Audio Driver
Roxio Easy Media Creator 7 Basic DVD Edition
SD Secure Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sony DVD Architect 3.0c
Sony Media Manager 2.0
Sony Vegas 6.0d
Spybot - Search & Destroy
Synapse.Junglist.v3.11-OxYGeN
Synaptics Pointing Device Driver
Synful Orchestra VSTi DXi
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
USB Keyboard Device 1.0.1.0
VC80CRTRedist - 8.0.50727.4053
V-Station
Waves 4.0
WinAce Archiver
Winamp
Window Washer 5
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
dieselfoot
Active Member
 
Posts: 9
Joined: November 12th, 2010, 7:58 am
Advertisement
Register to Remove

Re: Tough Google redirect virus.

Unread postby askey127 » November 12th, 2010, 8:55 am

Hi dieselfoot,
By running those programs yourself, the analysis and correction may have been made more difficult.
You have probably had a rootkit infection. They can be very serious.
We will try to retrieve enough information so we can figure out how to proceed.
Please don't install, remove or scan with anything unless I ask, until we are through with your machine.
-----------------------------------------------
Please open My Computer and double click the C: drive
In the main C: directory, you will likely see at least one file with a long name like TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
d,m,y,h,m,s will be time stamp digits representing day,month, year,hour,minute, and second.
If there is more than one file with this kind of name, please let me know
Please double click the most recent of these files (with the latest time stamp) so it comes up in Notepad.
Highlight the entire contents (Ctrl+A), Copy (Ctrl+C), and paste(Ctrl+V) into a reply here.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Azureus in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Limewire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Ad-Aware SE Personal
Azureus
CleanUp!
Spybot - Search & Destroy

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
-----------------------------------------------------------
So will be looking for the following in your reply:
  • Contents of the last TDSS Killer log
  • Info on whether there is more than one TDSS killer log
  • Info on any problems Uninstalling the requested programs.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Tough Google redirect virus.

Unread postby dieselfoot » November 12th, 2010, 9:24 am

There are two tdss logs, the most recent is below. Also, had no problems uninstalling said programs.


2010/11/12 05:07:46.0593 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/12 05:07:46.0593 ================================================================================
2010/11/12 05:07:46.0593 SystemInfo:
2010/11/12 05:07:46.0593
2010/11/12 05:07:46.0593 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/12 05:07:46.0593 Product type: Workstation
2010/11/12 05:07:46.0593 ComputerName: STEARNS
2010/11/12 05:07:46.0593 UserName: Chris
2010/11/12 05:07:46.0593 Windows directory: C:\WINDOWS
2010/11/12 05:07:46.0593 System windows directory: C:\WINDOWS
2010/11/12 05:07:46.0593 Processor architecture: Intel x86
2010/11/12 05:07:46.0593 Number of processors: 2
2010/11/12 05:07:46.0593 Page size: 0x1000
2010/11/12 05:07:46.0593 Boot type: Normal boot
2010/11/12 05:07:46.0593 ================================================================================
2010/11/12 05:07:46.0796 Initialize success
2010/11/12 05:07:49.0843 ================================================================================
2010/11/12 05:07:49.0843 Scan started
2010/11/12 05:07:49.0843 Mode: Manual;
2010/11/12 05:07:49.0843 ================================================================================
2010/11/12 05:07:51.0171 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/11/12 05:07:51.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/12 05:07:51.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/12 05:07:51.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/12 05:07:51.0437 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/12 05:07:51.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/12 05:07:51.0609 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/11/12 05:07:51.0796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/12 05:07:52.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/12 05:07:52.0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/12 05:07:52.0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/12 05:07:52.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/12 05:07:52.0421 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/11/12 05:07:52.0500 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/12 05:07:52.0562 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/11/12 05:07:52.0609 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/12 05:07:52.0703 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/11/12 05:07:52.0843 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/11/12 05:07:52.0906 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/11/12 05:07:52.0968 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/11/12 05:07:53.0031 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/11/12 05:07:53.0078 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/12 05:07:53.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/12 05:07:53.0203 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/12 05:07:53.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/12 05:07:53.0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/12 05:07:53.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/12 05:07:53.0437 cdudf_xp (40c1cb3e65709aec17ca3ce66a4873e0) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/11/12 05:07:53.0546 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/12 05:07:53.0609 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/12 05:07:53.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/12 05:07:53.0765 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/11/12 05:07:53.0859 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/11/12 05:07:53.0875 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/11/12 05:07:53.0906 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/11/12 05:07:53.0984 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/11/12 05:07:54.0046 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/11/12 05:07:54.0078 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/11/12 05:07:54.0125 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/11/12 05:07:54.0156 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/11/12 05:07:54.0218 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/12 05:07:54.0296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/12 05:07:54.0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/12 05:07:54.0359 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/12 05:07:54.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/12 05:07:54.0437 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/11/12 05:07:54.0453 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/11/12 05:07:54.0500 DVDVRRdr_xp (485050f9bdca4c914fa1917dcbb7fe3c) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2010/11/12 05:07:54.0546 dvd_2K (00b1291369857416c873b70db96e8126) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/11/12 05:07:54.0609 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/12 05:07:54.0656 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/11/12 05:07:54.0718 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys
2010/11/12 05:07:54.0906 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/12 05:07:55.0031 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/12 05:07:55.0109 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/12 05:07:55.0156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/12 05:07:55.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/12 05:07:55.0234 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/12 05:07:55.0265 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/12 05:07:55.0312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/12 05:07:55.0359 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/11/12 05:07:55.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/12 05:07:55.0453 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/12 05:07:55.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/12 05:07:55.0625 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/12 05:07:56.0015 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/12 05:07:56.0375 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/12 05:07:56.0656 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/12 05:07:56.0750 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/12 05:07:56.0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/12 05:07:56.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/12 05:07:56.0890 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/12 05:07:56.0937 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/12 05:07:56.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/12 05:07:57.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/12 05:07:57.0171 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/12 05:07:57.0218 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/11/12 05:07:57.0250 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/12 05:07:57.0281 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/12 05:07:57.0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/12 05:07:57.0546 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2010/11/12 05:07:57.0687 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/12 05:07:57.0968 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2010/11/12 05:07:58.0015 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/12 05:07:58.0093 mmc_2K (55f0ab2736235479a8ff1f1d5a0b27ae) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/11/12 05:07:58.0156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/12 05:07:58.0203 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/12 05:07:58.0218 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/12 05:07:58.0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/12 05:07:58.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/12 05:07:58.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/12 05:07:58.0500 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/12 05:07:58.0562 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/11/12 05:07:58.0781 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/12 05:07:58.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/12 05:07:59.0093 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/12 05:07:59.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/12 05:07:59.0234 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/12 05:07:59.0281 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/12 05:07:59.0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/12 05:07:59.0437 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/12 05:07:59.0500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/12 05:07:59.0546 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/12 05:07:59.0593 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/12 05:07:59.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/12 05:07:59.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/12 05:07:59.0781 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/12 05:07:59.0812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/12 05:07:59.0859 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/12 05:07:59.0921 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2010/11/12 05:08:00.0000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/12 05:08:00.0187 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/12 05:08:00.0265 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/12 05:08:00.0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/12 05:08:00.0437 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/12 05:08:00.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/12 05:08:00.0625 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/12 05:08:00.0671 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/11/12 05:08:00.0718 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/12 05:08:00.0765 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/12 05:08:00.0859 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/12 05:08:00.0984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/12 05:08:01.0156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/12 05:08:01.0234 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/12 05:08:01.0390 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\penclass.sys
2010/11/12 05:08:01.0531 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/11/12 05:08:01.0562 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/12 05:08:01.0609 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/12 05:08:01.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/12 05:08:01.0781 pwd_2k (b2e95bb13acad56138671a1aae7f9ed9) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/11/12 05:08:01.0843 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/12 05:08:01.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/12 05:08:02.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/12 05:08:02.0109 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/12 05:08:02.0156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/12 05:08:02.0187 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/12 05:08:02.0234 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/12 05:08:02.0281 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/12 05:08:02.0359 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/12 05:08:02.0421 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/12 05:08:02.0531 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/11/12 05:08:02.0734 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/11/12 05:08:02.0828 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/12 05:08:02.0921 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/12 05:08:03.0031 SaiH0109 (cc2697593fd57954f6855bbfa772eb38) C:\WINDOWS\system32\DRIVERS\SaiH0109.sys
2010/11/12 05:08:03.0109 SaiMini (568e039e7817c3f0b40867c8f9f4801b) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
2010/11/12 05:08:03.0203 SaiNtBus (c91023fdb4abf3a514537ca1e479b1c0) C:\WINDOWS\system32\drivers\SaiNtBus.sys
2010/11/12 05:08:03.0234 SaiU0109 (6257f618bf68a2d42c7345fd36da6539) C:\WINDOWS\system32\DRIVERS\SaiU0109.sys
2010/11/12 05:08:03.0328 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/12 05:08:03.0375 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/12 05:08:03.0437 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/12 05:08:03.0562 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/12 05:08:03.0703 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/12 05:08:03.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/11/12 05:08:03.0828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/12 05:08:03.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/12 05:08:03.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/12 05:08:04.0078 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/12 05:08:04.0140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/12 05:08:04.0187 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/12 05:08:04.0234 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/12 05:08:04.0437 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/12 05:08:04.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/12 05:08:04.0531 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2010/11/12 05:08:04.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/12 05:08:04.0718 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/12 05:08:04.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/12 05:08:04.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/12 05:08:05.0015 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2010/11/12 05:08:05.0093 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2010/11/12 05:08:05.0156 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2010/11/12 05:08:05.0187 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/11/12 05:08:05.0281 UDFReadr (ac93dd5792310b57b03816d7f8d957fc) C:\WINDOWS\system32\drivers\UDFReadr.sys
2010/11/12 05:08:05.0343 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/12 05:08:05.0609 UKS11LDR (620ce857a21205399afc47e576a35884) C:\WINDOWS\system32\drivers\uks11ldr.sys
2010/11/12 05:08:05.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/12 05:08:05.0906 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/12 05:08:05.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/12 05:08:06.0031 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/12 05:08:06.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/12 05:08:06.0375 USBKT1X1 (219e776dfadb932e7f82ac1d8e3f654e) C:\WINDOWS\system32\drivers\usbkt1x1.sys
2010/11/12 05:08:06.0437 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/12 05:08:06.0500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/12 05:08:06.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/12 05:08:06.0562 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/12 05:08:06.0625 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/12 05:08:06.0718 V0500Dev (18697505fc3cd4ebd952269e5f7f2c2c) C:\WINDOWS\system32\DRIVERS\V0500Vid.sys
2010/11/12 05:08:06.0750 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/12 05:08:06.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/12 05:08:07.0015 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/11/12 05:08:07.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/12 05:08:07.0203 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/12 05:08:07.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/12 05:08:07.0546 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/12 05:08:07.0609 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/12 05:08:07.0671 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/12 05:08:07.0765 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/12 05:08:07.0859 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/12 05:08:08.0109 ================================================================================
2010/11/12 05:08:08.0109 Scan finished
2010/11/12 05:08:08.0109 ================================================================================
2010/11/12 05:08:28.0656 Deinitialize success
dieselfoot
Active Member
 
Posts: 9
Joined: November 12th, 2010, 7:58 am

Re: Tough Google redirect virus.

Unread postby askey127 » November 12th, 2010, 10:21 am

Would you please also post the contents of the first TDSS log?
Thanks
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Tough Google redirect virus.

Unread postby dieselfoot » November 12th, 2010, 3:43 pm

Sure thing,
2010/11/12 04:59:59.0609 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/12 04:59:59.0609 ================================================================================
2010/11/12 04:59:59.0609 SystemInfo:
2010/11/12 04:59:59.0609
2010/11/12 04:59:59.0609 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/12 04:59:59.0609 Product type: Workstation
2010/11/12 04:59:59.0609 ComputerName: STEARNS
2010/11/12 04:59:59.0609 UserName: Chris
2010/11/12 04:59:59.0609 Windows directory: C:\WINDOWS
2010/11/12 04:59:59.0609 System windows directory: C:\WINDOWS
2010/11/12 04:59:59.0609 Processor architecture: Intel x86
2010/11/12 04:59:59.0609 Number of processors: 2
2010/11/12 04:59:59.0609 Page size: 0x1000
2010/11/12 04:59:59.0609 Boot type: Normal boot
2010/11/12 04:59:59.0609 ================================================================================
2010/11/12 04:59:59.0843 Initialize success
2010/11/12 05:00:04.0296 ================================================================================
2010/11/12 05:00:04.0296 Scan started
2010/11/12 05:00:04.0296 Mode: Manual;
2010/11/12 05:00:04.0296 ================================================================================
2010/11/12 05:00:08.0265 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/11/12 05:00:08.0562 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/12 05:00:08.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/12 05:00:08.0687 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/12 05:00:08.0765 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/12 05:00:08.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/12 05:00:08.0937 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/11/12 05:00:09.0156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/12 05:00:09.0312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/12 05:00:09.0343 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/12 05:00:09.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/12 05:00:09.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/12 05:00:09.0500 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/11/12 05:00:09.0625 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/12 05:00:09.0671 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/11/12 05:00:09.0765 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/12 05:00:09.0875 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/11/12 05:00:09.0984 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/11/12 05:00:10.0078 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/11/12 05:00:10.0140 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/11/12 05:00:10.0203 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/11/12 05:00:10.0250 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/12 05:00:10.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/12 05:00:10.0359 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/12 05:00:10.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/12 05:00:10.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/12 05:00:10.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/12 05:00:10.0593 cdudf_xp (40c1cb3e65709aec17ca3ce66a4873e0) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/11/12 05:00:10.0718 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/12 05:00:10.0781 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/12 05:00:10.0921 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/12 05:00:11.0000 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/11/12 05:00:11.0015 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/11/12 05:00:11.0062 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/11/12 05:00:11.0093 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/11/12 05:00:11.0187 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/11/12 05:00:11.0265 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/11/12 05:00:11.0281 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/11/12 05:00:11.0328 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/11/12 05:00:11.0359 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/11/12 05:00:11.0437 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/12 05:00:11.0515 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/12 05:00:11.0546 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/12 05:00:11.0578 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/12 05:00:11.0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/12 05:00:11.0703 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/11/12 05:00:11.0750 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/11/12 05:00:11.0796 DVDVRRdr_xp (485050f9bdca4c914fa1917dcbb7fe3c) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2010/11/12 05:00:11.0843 dvd_2K (00b1291369857416c873b70db96e8126) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/11/12 05:00:11.0921 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/12 05:00:11.0984 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/11/12 05:00:12.0046 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys
2010/11/12 05:00:12.0296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/12 05:00:12.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/12 05:00:12.0468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/12 05:00:12.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/12 05:00:12.0593 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/12 05:00:12.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/12 05:00:12.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/12 05:00:12.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/12 05:00:12.0765 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/11/12 05:00:12.0828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/12 05:00:12.0921 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/12 05:00:13.0031 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/12 05:00:13.0140 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/12 05:00:13.0500 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/12 05:00:13.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/12 05:00:14.0234 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/12 05:00:14.0343 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/12 05:00:14.0390 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/12 05:00:14.0421 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/12 05:00:14.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/12 05:00:14.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/12 05:00:14.0625 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/12 05:00:14.0750 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/12 05:00:14.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/12 05:00:14.0890 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/11/12 05:00:14.0953 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/12 05:00:15.0015 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/12 05:00:15.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/12 05:00:15.0140 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2010/11/12 05:00:15.0203 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/12 05:00:15.0328 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2010/11/12 05:00:15.0375 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/12 05:00:15.0453 mmc_2K (55f0ab2736235479a8ff1f1d5a0b27ae) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/11/12 05:00:15.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/12 05:00:15.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/12 05:00:15.0562 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/12 05:00:15.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/12 05:00:15.0843 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/12 05:00:15.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/12 05:00:16.0046 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/12 05:00:16.0187 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/11/12 05:00:16.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/12 05:00:16.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/12 05:00:16.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/12 05:00:16.0359 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/12 05:00:16.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/12 05:00:16.0468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/12 05:00:16.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/12 05:00:16.0578 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/12 05:00:16.0625 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/12 05:00:16.0687 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/12 05:00:16.0734 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/12 05:00:16.0781 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/12 05:00:16.0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/12 05:00:16.0890 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/12 05:00:16.0906 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/12 05:00:16.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/12 05:00:17.0031 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2010/11/12 05:00:17.0140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/12 05:00:17.0203 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/12 05:00:17.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/12 05:00:17.0359 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/12 05:00:17.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/12 05:00:17.0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/12 05:00:17.0546 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/12 05:00:17.0593 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/11/12 05:00:17.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/12 05:00:17.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/12 05:00:17.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/12 05:00:17.0843 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/12 05:00:17.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/12 05:00:17.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/12 05:00:18.0171 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\penclass.sys
2010/11/12 05:00:18.0359 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/11/12 05:00:18.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/12 05:00:18.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/12 05:00:18.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/12 05:00:18.0578 pwd_2k (b2e95bb13acad56138671a1aae7f9ed9) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/11/12 05:00:18.0671 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/12 05:00:19.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/12 05:00:19.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/12 05:00:19.0125 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/12 05:00:19.0156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/12 05:00:19.0203 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/12 05:00:19.0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/12 05:00:19.0375 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/12 05:00:19.0437 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/12 05:00:19.0515 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/12 05:00:19.0562 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/11/12 05:00:19.0609 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/11/12 05:00:19.0687 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/12 05:00:19.0765 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/12 05:00:19.0828 SaiH0109 (cc2697593fd57954f6855bbfa772eb38) C:\WINDOWS\system32\DRIVERS\SaiH0109.sys
2010/11/12 05:00:19.0890 SaiMini (568e039e7817c3f0b40867c8f9f4801b) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
2010/11/12 05:00:19.0937 SaiNtBus (c91023fdb4abf3a514537ca1e479b1c0) C:\WINDOWS\system32\drivers\SaiNtBus.sys
2010/11/12 05:00:19.0984 SaiU0109 (6257f618bf68a2d42c7345fd36da6539) C:\WINDOWS\system32\DRIVERS\SaiU0109.sys
2010/11/12 05:00:20.0062 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/12 05:00:20.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/12 05:00:20.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/12 05:00:20.0312 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/12 05:00:20.0343 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/12 05:00:20.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/11/12 05:00:20.0515 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/12 05:00:20.0609 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/12 05:00:20.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/12 05:00:20.0953 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/12 05:00:21.0078 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/12 05:00:21.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/12 05:00:21.0234 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/12 05:00:21.0453 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/12 05:00:21.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/12 05:00:21.0593 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2010/11/12 05:00:21.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/12 05:00:21.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/12 05:00:21.0812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/12 05:00:21.0890 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/12 05:00:21.0968 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2010/11/12 05:00:22.0046 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2010/11/12 05:00:22.0109 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2010/11/12 05:00:22.0187 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/11/12 05:00:22.0234 UDFReadr (ac93dd5792310b57b03816d7f8d957fc) C:\WINDOWS\system32\drivers\UDFReadr.sys
2010/11/12 05:00:22.0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/12 05:00:22.0375 UKS11LDR (620ce857a21205399afc47e576a35884) C:\WINDOWS\system32\drivers\uks11ldr.sys
2010/11/12 05:00:22.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/12 05:00:22.0578 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/12 05:00:22.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/12 05:00:22.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/12 05:00:22.0812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/12 05:00:22.0843 USBKT1X1 (219e776dfadb932e7f82ac1d8e3f654e) C:\WINDOWS\system32\drivers\usbkt1x1.sys
2010/11/12 05:00:22.0890 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/12 05:00:22.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/12 05:00:23.0000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/12 05:00:23.0031 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/12 05:00:23.0078 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/12 05:00:23.0156 V0500Dev (18697505fc3cd4ebd952269e5f7f2c2c) C:\WINDOWS\system32\DRIVERS\V0500Vid.sys
2010/11/12 05:00:23.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/12 05:00:23.0265 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/12 05:00:23.0453 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/11/12 05:00:23.0593 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/12 05:00:23.0671 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/12 05:00:23.0750 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/12 05:00:23.0906 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/12 05:00:23.0953 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/12 05:00:24.0000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/12 05:00:24.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/12 05:00:24.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/12 05:00:24.0203 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/12 05:00:24.0218 ================================================================================
2010/11/12 05:00:24.0218 Scan finished
2010/11/12 05:00:24.0218 ================================================================================
2010/11/12 05:00:24.0234 Detected object count: 1
2010/11/12 05:01:38.0515 \HardDisk0 - will be cured after reboot
2010/11/12 05:01:38.0515 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/12 05:01:41.0453 Deinitialize success
dieselfoot
Active Member
 
Posts: 9
Joined: November 12th, 2010, 7:58 am

Re: Tough Google redirect virus.

Unread postby askey127 » November 12th, 2010, 4:07 pm

dieselfoot,
You had a serious infection planted in the Master Boot Record of your hard disk.
Looks like you were lucky and TDSSKiller fixed it.
Now to check for resulting file and settings damage elsewhere in the machine.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVG
    Please open the AVG Control Center, by right clicking on the AVG icon in the task bar.
    • Click on Tools.
    • Select Advanced.
    • In the left hand pane, scroll down to "Resident Shield".
    • In the main pane, DESELECT the option to "Enable Resident Shield."
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your AVG protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Tough Google redirect virus.

Unread postby dieselfoot » November 12th, 2010, 5:39 pm

Ok, I had to uninstall AVG as ComboFix wouldn't run with Avg off. Now I am temporarily without anti-virus. Do you have any recommendations for anti-virus software that isn't AVG?
Thanks again,
Chris


ComboFix 10-11-12.01 - Chris 11/12/2010 15:02:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1633 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\zzz.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-11 18:55 . 2010-11-11 18:55 -------- d-----w- c:\program files\CCleaner
2010-11-11 18:52 . 2010-11-11 18:52 388096 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-11 18:52 . 2010-11-11 18:52 -------- d-----w- c:\program files\Trend Micro
2010-11-11 18:28 . 2010-11-11 18:28 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2010-11-11 18:28 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 18:28 . 2010-11-11 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 18:28 . 2010-11-11 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-11 18:28 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 18:16 . 2010-11-11 18:18 -------- d-----w- c:\program files\Free Window Registry Repair
2010-10-20 06:28 . 2010-11-11 18:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-14 02:35 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 02:35 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 02:35 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 02:35 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2006-02-15 14:03 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-15 14:03 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-15 14:03 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-15 14:03 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-04-23 17:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2010-04-23 17:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:38 . 2006-02-15 14:04 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-15 14:02 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-15 14:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-15 14:02 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-15 14:02 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2006-02-15 14:02 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-15 14:04 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-15 14:04 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-15 14:04 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-15 14:04 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-18 06:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-15 14:02 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-15 14:04 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-15 14:03 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-12-31 16:53 2349080 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Chris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-11-28 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-11 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-4 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Palm Registration.lnk]
backup=c:\windows\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2008-02-15 17:46 131072 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2008-02-15 18:46 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-11-28 18:41 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-05 19:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2004-08-18 11:37 184320 ----a-w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-18 01:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-07-20 17:19 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-06-24 19:47 1691648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 15:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02 352256 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 20:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]
2007-11-03 01:00 32768 ----a-r- c:\windows\V0500Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2004-04-30 16:51 607232 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

S2 gupdate1c9e4ee3bae6daa;Google Update Service (gupdate1c9e4ee3bae6daa);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 2:26 AM 133104]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Chris\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\Chris\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [7/26/2004 1:54 PM 56576]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [7/26/2004 1:54 PM 19584]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [4/11/2006 11:12 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [4/11/2006 11:12 PM 22304]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [3/21/2010 2:10 PM 251264]
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 08:26]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home/?ai=13054
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 15:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Chris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-12 15:08:24
ComboFix-quarantined-files.txt 2010-11-12 21:08

Pre-Run: 18,773,659,648 bytes free
Post-Run: 19,001,274,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - EE003D60C60ACA402EB96CD90E7CB92A
dieselfoot
Active Member
 
Posts: 9
Joined: November 12th, 2010, 7:58 am

Re: Tough Google redirect virus.

Unread postby askey127 » November 12th, 2010, 7:31 pm

dieselfoot,
Yup.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
-----------------------------------------------
Install, Update, Scan with Antivir
Double Click the Avira Antivir Installer on your desktop (Right click and choose "Run as administrator" in Vista/Win7), Install the program, Have it update itself, and run a full scan.
Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Tough Google redirect virus.

Unread postby dieselfoot » November 12th, 2010, 10:30 pm

Here it is,




Avira AntiVir Personal
Report file date: Friday, November 12, 2010 19:22

Scanning for 3043988 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : STEARNS

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 22:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 22:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 01:13:49
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 01:14:00
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 01:14:00
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 01:14:01
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 01:14:01
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 01:14:01
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 01:14:02
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 01:14:03
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 01:14:05
VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 01:14:05
VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 01:14:05
VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 01:14:05
VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 01:14:05
VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 01:14:05
VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 01:14:05
VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 01:14:06
VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 01:14:06
VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 01:14:06
VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 01:14:06
VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 01:14:06
VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 01:14:06
VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 01:14:06
VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 01:14:07
VBASE031.VDF : 7.10.13.235 75776 Bytes 11/12/2010 01:14:07
Engineversion : 8.2.4.98
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 22:09:54
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/13/2010 01:14:25
AESCN.DLL : 8.1.6.1 127347 Bytes 8/2/2010 22:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 8/2/2010 22:09:53
AERDL.DLL : 8.1.9.2 635252 Bytes 11/13/2010 01:14:23
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/13/2010 01:14:21
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/2/2010 22:09:52
AEHEUR.DLL : 8.1.2.41 3043703 Bytes 11/13/2010 01:14:19
AEHELP.DLL : 8.1.14.0 246134 Bytes 11/13/2010 01:14:11
AEGEN.DLL : 8.1.3.24 401781 Bytes 11/13/2010 01:14:11
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/2/2010 22:09:49
AECORE.DLL : 8.1.17.0 196982 Bytes 11/13/2010 01:14:09
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 22:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 22:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 22:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 22:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 22:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 22:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 22:10:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, November 12, 2010 19:22

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '31' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '17' Module(s) have been scanned
Scan process 'TabUserW.exe' - '22' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'Tablet.exe' - '32' Module(s) have been scanned
Scan process 'swupdtmr.exe' - '14' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'ctfmon.exe' - '30' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '27' Module(s) have been scanned
Scan process 'raysat_3dsmax8server.exe' - '24' Module(s) have been scanned
Scan process 'SansaDispatch.exe' - '22' Module(s) have been scanned
Scan process 'Toshiba.exe' - '27' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'avgnt.exe' - '54' Module(s) have been scanned
Scan process 'ehSched.exe' - '22' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '45' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '16' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '43' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '25' Module(s) have been scanned
Scan process 'cfp.exe' - '52' Module(s) have been scanned
Scan process 'jusched.exe' - '23' Module(s) have been scanned
Scan process 'igfxpers.exe' - '26' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'hkcmd.exe' - '29' Module(s) have been scanned
Scan process 'DLACTRLW.exe' - '34' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '23' Module(s) have been scanned
Scan process 'AdskScSrv.exe' - '13' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '29' Module(s) have been scanned
Scan process 'TDispVol.exe' - '31' Module(s) have been scanned
Scan process 'TFncKy.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '103' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'spoolsv.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '43' Module(s) have been scanned
Scan process 'EvtEng.exe' - '57' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '168' Module(s) have been scanned
Scan process 'cmdagent.exe' - '80' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '38' Module(s) have been scanned
Scan process 'winlogon.exe' - '67' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '639' files ).


Starting the file scan:

Begin scan in 'C:\' <Diesel Drive>
C:\Program Files\VLC Player\vlccfg.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper

Beginning disinfection:
C:\Program Files\VLC Player\vlccfg.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to the quarantine directory under the name '47d25cbf.qua'.


End of the scan: Friday, November 12, 2010 20:28
Used time: 1:05:10 Hour(s)

The scan has been done completely.

10024 Scanned directories
414963 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
414962 Files not concerned
8376 Archives were scanned
0 Warnings
1 Notes
545334 Objects were scanned with rootkit scan
1 Hidden objects were found
dieselfoot
Active Member
 
Posts: 9
Joined: November 12th, 2010, 7:58 am

Re: Tough Google redirect virus.

Unread postby askey127 » November 13th, 2010, 8:09 am

dieselfoot,
Looks quite good.
------------------------------------------------------
Warning - Compromised Data
Because the infection has had remote control access to your machine, you should assume that any data on it may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.
------------------------------------------------------
How is the system running?
You can keep the Antivir free, or sign up for the paid version which autoscans e-mails.
Free version gives one nag screen per day.

You also can uninstall Antivir and immediately install Microsoft Security Essentials if you prefer.
(We needed Antivir for the log)

I would update Malwarebytes Anti-malware and run it. You don't need any other Anti-spyware program.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware
  • Start Malwarebytes' Anti-Malware.
  • Click on The Update tab. Choose Check for Updates.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it shows any malware items, Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Tough Google redirect virus.

Unread postby dieselfoot » November 13th, 2010, 3:49 pm

askey127,

Thank you again for quickly helping me through this mess. I'm going to stick with Antivir for the time being and I also switched firewalls from windows to comodo firewall.

-dieselfoot

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5109

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

11/13/2010 1:30:48 PM
mbam-log-2010-11-13 (13-30-48).txt

Scan type: Quick scan
Objects scanned: 155797
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
dieselfoot
Active Member
 
Posts: 9
Joined: November 12th, 2010, 7:58 am

Re: Tough Google redirect virus.

Unread postby askey127 » November 14th, 2010, 7:54 am

dieselfoot,
We will try to retrieve enough information so we can figure out how to proceed.
Please don't install, remove or scan with anything unless I ask, until we are through with your machine.
-----------------------------------------------------------
Please Uninstall Comodo and re-enable the Windows Firewall.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis.
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Tough Google redirect virus.

Unread postby dieselfoot » November 14th, 2010, 3:41 pm

Sorry, I got ahead of myself...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:40:12 PM, on 11/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\Chris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Chris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0801286671
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9e4ee3bae6daa) (gupdate1c9e4ee3bae6daa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8701 bytes
dieselfoot
Active Member
 
Posts: 9
Joined: November 12th, 2010, 7:58 am

Re: Tough Google redirect virus.

Unread postby askey127 » November 14th, 2010, 5:12 pm

dieselfoot,
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O23 - Service: Google Update Service (gupdate1c9e4ee3bae6daa) (gupdate1c9e4ee3bae6daa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Run ComboFix
  • FIRST DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your AVIRA protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Tough Google redirect virus.

Unread postby dieselfoot » November 14th, 2010, 6:39 pm

ComboFix 10-11-14.01 - Chris 11/14/2010 16:24:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1450 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\zzz.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-13 01:22 . 2010-11-13 02:23 -------- d-----w- c:\windows\system32\NtmsData
2010-11-13 01:22 . 2010-11-13 01:22 -------- d-----w- c:\documents and settings\Chris\Application Data\Avira
2010-11-13 01:12 . 2010-08-02 22:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 01:12 . 2010-08-02 22:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 01:12 . 2010-06-17 21:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-13 01:12 . 2010-06-17 21:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-13 01:12 . 2010-11-13 01:12 -------- d-----w- c:\program files\Avira
2010-11-13 01:12 . 2010-11-13 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-12 22:00 . 2010-11-14 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-11-12 21:54 . 2010-11-12 21:54 -------- d-----w- c:\program files\Alwil Software
2010-11-12 21:54 . 2010-11-12 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-12 20:46 . 2010-11-12 20:46 -------- d-----w- c:\program files\VS Revo Group
2010-11-11 18:55 . 2010-11-11 18:55 -------- d-----w- c:\program files\CCleaner
2010-11-11 18:52 . 2010-11-11 18:52 388096 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-11 18:52 . 2010-11-11 18:52 -------- d-----w- c:\program files\Trend Micro
2010-11-11 18:28 . 2010-11-11 18:28 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2010-11-11 18:28 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 18:28 . 2010-11-11 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 18:28 . 2010-11-11 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-11 18:28 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 18:16 . 2010-11-11 18:18 -------- d-----w- c:\program files\Free Window Registry Repair
2010-10-20 06:28 . 2010-11-11 18:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2006-02-15 14:03 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-15 14:03 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-15 14:03 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-15 14:03 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-04-23 17:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2010-04-23 17:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:38 . 2006-02-15 14:04 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-15 14:02 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-15 14:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-15 14:02 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-15 14:02 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2006-02-15 14:02 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-15 14:04 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-15 14:04 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-15 14:04 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-15 14:04 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-18 06:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-15 14:02 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-15 14:04 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-11-12_21.06.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-11-14 22:21 . 2010-11-14 22:21 16384 c:\windows\Temp\Perflib_Perfdata_880.dat
+ 2006-04-12 05:54 . 2010-11-14 22:21 18371 c:\windows\system32\tablet.dat
- 2006-04-12 05:54 . 2010-11-12 20:55 18371 c:\windows\system32\tablet.dat
+ 2010-11-13 01:12 . 2010-06-17 21:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-12-31 16:53 2349080 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Chris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-11-28 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-11 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-4 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Palm Registration.lnk]
backup=c:\windows\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2008-02-15 17:46 131072 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2008-02-15 18:46 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-11-28 18:41 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-05 19:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2004-08-18 11:37 184320 ----a-w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-18 01:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-07-20 17:19 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-06-24 19:47 1691648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 15:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02 352256 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 20:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]
2007-11-03 01:00 32768 ----a-r- c:\windows\V0500Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2004-04-30 16:51 607232 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2010 7:12 PM 135336]
S2 gupdate1c9e4ee3bae6daa;Google Update Service (gupdate1c9e4ee3bae6daa);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 2:26 AM 133104]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Chris\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\Chris\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [7/26/2004 1:54 PM 56576]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [7/26/2004 1:54 PM 19584]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [4/11/2006 11:12 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [4/11/2006 11:12 PM 22304]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [3/21/2010 2:10 PM 251264]
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 08:26]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home/?ai=13054
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Chris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-14 16:31:08
ComboFix-quarantined-files.txt 2010-11-14 22:31
ComboFix2.txt 2010-11-12 21:08

Pre-Run: 18,249,371,648 bytes free
Post-Run: 18,332,106,752 bytes free

- - End Of File - - B6DADC2C7D432FFCC2B5C8C40E8C6895
dieselfoot
Active Member
 
Posts: 9
Joined: November 12th, 2010, 7:58 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 324 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware