kramozzam

Members

View Profile See their activity

Posts
3
Joined
July 30, 2011
Last visited
August 3, 2011

Reputation

0 Neutral

AHHH, redirect virius!

kramozzam replied to kramozzam's topic in Resolved Malware Removal Logs

Okay Larry, Ran the ComoFix with non problems: log below. Computer is running very quick and all that "lagginess" is gone. Please let me know if this is resolved. And thanks for you and this forum!!! LOG--------------------> ComboFix 11-08-03.03 - Kate 08/03/2011 17:56:01.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1509 [GMT -4:00] Running from: c:\documents and settings\Kate\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Mozilla\Firefox\Profiles\id74zi4q.default\extensions\{b2a6c1fa-4b22-48a9-8743-4d4c9eea8bef} c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Mozilla\Firefox\Profiles\id74zi4q.default\extensions\{b2a6c1fa-4b22-48a9-8743-4d4c9eea8bef}\chrome.manifest c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Mozilla\Firefox\Profiles\id74zi4q.default\extensions\{b2a6c1fa-4b22-48a9-8743-4d4c9eea8bef}\chrome\xulcache.jar c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Mozilla\Firefox\Profiles\id74zi4q.default\extensions\{b2a6c1fa-4b22-48a9-8743-4d4c9eea8bef}\defaults\preferences\xulcache.js c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Mozilla\Firefox\Profiles\id74zi4q.default\extensions\{b2a6c1fa-4b22-48a9-8743-4d4c9eea8bef}\install.rdf c:\documents and settings\Administrator.TOSHIBA-USER\WINDOWS c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\documents and settings\Default User\WINDOWS c:\documents and settings\Kate\Application Data\Adobe\plugs c:\documents and settings\Kate\Application Data\Adobe\shed c:\documents and settings\Kate\Application Data\igxpdv32.dat c:\documents and settings\Kate\hwpybjhefh.tmp c:\documents and settings\Kate\Local Settings\Temporary Internet Files\cookies.sqlite c:\documents and settings\Kate\Templates\376hrl5723k1m5u31h4m1j57t627603v40q71 c:\documents and settings\Kate\WINDOWS c:\windows\system32\config\systemprofile\WINDOWS . . ((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))) . . 2011-07-30 00:54 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-30 00:54 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-07-30 00:54 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-30 00:54 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-30 00:54 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-30 00:54 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-30 00:54 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-30 00:54 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-30 00:54 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr 2011-07-30 00:54 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-30 00:53 . 2011-07-30 00:53 -------- d-----w- c:\program files\AVAST Software 2011-07-30 00:53 . 2011-07-30 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-07-25 20:10 . 2011-07-25 20:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-07-22 18:37 . 2011-07-22 18:37 -------- d-----w- c:\documents and settings\Administrator.TOSHIBA-USER\Local Settings\Application Data\Media Get LLC 2011-07-22 15:18 . 2011-07-22 15:18 -------- d-----w- c:\documents and settings\Administrator.TOSHIBA-USER\Local Settings\Application Data\AVG Security Toolbar 2011-07-22 15:17 . 2011-07-22 15:17 -------- d-----w- c:\documents and settings\Administrator.TOSHIBA-USER\Local Settings\Application Data\Mozilla 2011-07-11 18:26 . 2011-07-11 19:11 -------- d-----w- c:\documents and settings\Kate\Application Data\WhiteSmoke 2011-07-11 18:25 . 2011-07-11 18:25 -------- d-----w- c:\documents and settings\Kate\Application Data\vmntemplate 2011-07-11 18:25 . 2011-07-11 18:45 -------- d-----w- c:\documents and settings\Kate\Application Data\whitesmoketoolbar 2011-07-11 18:24 . 2011-07-11 18:24 -------- d-----w- c:\program files\Yontoo Layers Runtime 2011-07-11 18:24 . 2011-07-11 18:24 -------- d-----w- c:\documents and settings\Kate\Local Settings\Application Data\Media Get LLC 2011-07-11 18:24 . 2011-07-22 18:39 -------- d-----w- c:\documents and settings\Kate\Local Settings\Application Data\MediaGet2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-06 23:52 . 2010-12-13 00:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52 . 2010-12-13 00:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-06-23 18:05 194848 ------w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "NDSTray.exe"="NDSTray.exe" [bU] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjA3NDU0Njg4LVhPMTArMi1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzItRkwxMCsxLUxJQysyLVNQMSsxLVNVUCs0LVRVRyszLVNQMVMyKzEtRERUKzAtTFNEKzI∏=90&ver=10.0.1390" [?] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] backup=c:\windows\pss\RAMASST.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] CFSServ.exe -NoClient [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2005-10-15 14:29 88203 ----a-w- c:\windows\agrsmmsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2005-10-06 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] 2005-12-05 20:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2011-03-20 22:40 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2005-12-17 00:32 761945 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] 2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MDM"=2 (0x2) "MBAMService"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/29/2011 8:54 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/29/2011 8:54 PM 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/29/2011 8:54 PM 19544] . Contents of the 'Scheduled Tasks' folder . 2011-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Kate\Application Data\Mozilla\Firefox\Profiles\5a68dw56.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: WhiteSmokeToolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - %profile%\extensions\{e4709dfb-a47d-451c-957d-e78d25263cb8} FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-TFncKy - TFncKy.exe AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-03 18:04 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-08-03 18:08:13 ComboFix-quarantined-files.txt 2011-08-03 22:08 . Pre-Run: 49,364,197,376 bytes free Post-Run: 49,347,018,752 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 39281D353893DF97EC611D24DF20FB17
- August 3, 2011
- 6 replies
AHHH, redirect virius!

kramozzam replied to kramozzam's topic in Resolved Malware Removal Logs

Thanks Larry, Nothing was found and this is the log, although now there seems to be no redirect.... LOG-------------------> 2011/08/02 20:34:05.0093 2624 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11 2011/08/02 20:34:05.0453 2624 ================================================================================ 2011/08/02 20:34:05.0453 2624 SystemInfo: 2011/08/02 20:34:05.0453 2624 2011/08/02 20:34:05.0453 2624 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/02 20:34:05.0453 2624 Product type: Workstation 2011/08/02 20:34:05.0453 2624 ComputerName: TOSHIBA-USER 2011/08/02 20:34:05.0453 2624 UserName: Kate 2011/08/02 20:34:05.0453 2624 Windows directory: C:\WINDOWS 2011/08/02 20:34:05.0453 2624 System windows directory: C:\WINDOWS 2011/08/02 20:34:05.0453 2624 Processor architecture: Intel x86 2011/08/02 20:34:05.0453 2624 Number of processors: 2 2011/08/02 20:34:05.0453 2624 Page size: 0x1000 2011/08/02 20:34:05.0453 2624 Boot type: Normal boot 2011/08/02 20:34:05.0453 2624 ================================================================================ 2011/08/02 20:34:07.0015 2624 Initialize success 2011/08/02 20:34:11.0500 0640 ================================================================================ 2011/08/02 20:34:11.0500 0640 Scan started 2011/08/02 20:34:11.0500 0640 Mode: Manual; 2011/08/02 20:34:11.0500 0640 ================================================================================ 2011/08/02 20:34:13.0109 0640 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/08/02 20:34:13.0218 0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/08/02 20:34:13.0250 0640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/08/02 20:34:13.0312 0640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/08/02 20:34:13.0375 0640 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/08/02 20:34:13.0437 0640 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/08/02 20:34:13.0515 0640 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/08/02 20:34:13.0828 0640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/08/02 20:34:13.0968 0640 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/08/02 20:34:14.0031 0640 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/08/02 20:34:14.0062 0640 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/08/02 20:34:14.0078 0640 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/08/02 20:34:14.0140 0640 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys 2011/08/02 20:34:14.0171 0640 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys 2011/08/02 20:34:14.0187 0640 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/08/02 20:34:14.0234 0640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/08/02 20:34:14.0265 0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/08/02 20:34:14.0343 0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/08/02 20:34:14.0406 0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/08/02 20:34:14.0453 0640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/08/02 20:34:14.0546 0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/08/02 20:34:14.0656 0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/08/02 20:34:14.0718 0640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/08/02 20:34:14.0765 0640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/08/02 20:34:14.0843 0640 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/08/02 20:34:14.0890 0640 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/08/02 20:34:15.0015 0640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/08/02 20:34:15.0078 0640 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/08/02 20:34:15.0093 0640 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/08/02 20:34:15.0109 0640 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS 2011/08/02 20:34:15.0125 0640 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/08/02 20:34:15.0140 0640 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/08/02 20:34:15.0156 0640 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/08/02 20:34:15.0187 0640 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2011/08/02 20:34:15.0203 0640 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/08/02 20:34:15.0218 0640 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/08/02 20:34:15.0281 0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/08/02 20:34:15.0328 0640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/08/02 20:34:15.0375 0640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/08/02 20:34:15.0421 0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/08/02 20:34:15.0531 0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/08/02 20:34:15.0578 0640 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/08/02 20:34:15.0593 0640 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/08/02 20:34:15.0656 0640 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/08/02 20:34:15.0703 0640 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/08/02 20:34:15.0765 0640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/08/02 20:34:15.0812 0640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/08/02 20:34:15.0828 0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/08/02 20:34:15.0843 0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/08/02 20:34:15.0890 0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/08/02 20:34:15.0906 0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/08/02 20:34:15.0937 0640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/08/02 20:34:15.0984 0640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/08/02 20:34:16.0031 0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/08/02 20:34:16.0062 0640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/08/02 20:34:16.0203 0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/08/02 20:34:16.0390 0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/08/02 20:34:16.0500 0640 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/08/02 20:34:16.0562 0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/08/02 20:34:16.0796 0640 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/08/02 20:34:16.0984 0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/08/02 20:34:17.0015 0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/08/02 20:34:17.0046 0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/08/02 20:34:17.0093 0640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/08/02 20:34:17.0140 0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/08/02 20:34:17.0171 0640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/02 20:34:17.0203 0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/08/02 20:34:17.0250 0640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/08/02 20:34:17.0265 0640 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 2011/08/02 20:34:17.0296 0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/08/02 20:34:17.0343 0640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/08/02 20:34:17.0359 0640 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys 2011/08/02 20:34:17.0421 0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/08/02 20:34:17.0578 0640 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys 2011/08/02 20:34:17.0625 0640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/08/02 20:34:17.0656 0640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/08/02 20:34:17.0671 0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/08/02 20:34:17.0687 0640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/08/02 20:34:17.0734 0640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/08/02 20:34:17.0828 0640 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/08/02 20:34:17.0875 0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/08/02 20:34:17.0906 0640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/08/02 20:34:17.0937 0640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/08/02 20:34:17.0953 0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/08/02 20:34:18.0000 0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/08/02 20:34:18.0015 0640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/08/02 20:34:18.0046 0640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/08/02 20:34:18.0062 0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/08/02 20:34:18.0093 0640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/08/02 20:34:18.0234 0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/08/02 20:34:18.0265 0640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/08/02 20:34:18.0281 0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/08/02 20:34:18.0328 0640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/08/02 20:34:18.0359 0640 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2011/08/02 20:34:18.0390 0640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/08/02 20:34:18.0421 0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/08/02 20:34:18.0453 0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/08/02 20:34:18.0500 0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/08/02 20:34:18.0531 0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/08/02 20:34:18.0546 0640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/08/02 20:34:18.0578 0640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/08/02 20:34:18.0640 0640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/08/02 20:34:18.0671 0640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/08/02 20:34:18.0703 0640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/08/02 20:34:18.0734 0640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/08/02 20:34:18.0765 0640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/08/02 20:34:18.0796 0640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/08/02 20:34:18.0953 0640 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys 2011/08/02 20:34:18.0984 0640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/08/02 20:34:19.0015 0640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/08/02 20:34:19.0031 0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/08/02 20:34:19.0046 0640 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/08/02 20:34:19.0156 0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/08/02 20:34:19.0203 0640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/08/02 20:34:19.0328 0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/08/02 20:34:19.0343 0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/08/02 20:34:19.0390 0640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/08/02 20:34:19.0406 0640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/08/02 20:34:19.0453 0640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/08/02 20:34:19.0484 0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/08/02 20:34:19.0562 0640 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/08/02 20:34:19.0609 0640 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/08/02 20:34:19.0640 0640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/08/02 20:34:19.0687 0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/08/02 20:34:19.0718 0640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/08/02 20:34:19.0812 0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/08/02 20:34:19.0843 0640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/08/02 20:34:19.0906 0640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/08/02 20:34:20.0062 0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/08/02 20:34:20.0078 0640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/08/02 20:34:20.0218 0640 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/08/02 20:34:20.0234 0640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/08/02 20:34:20.0281 0640 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 2011/08/02 20:34:20.0359 0640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/08/02 20:34:20.0406 0640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/08/02 20:34:20.0437 0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/08/02 20:34:20.0453 0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/08/02 20:34:20.0515 0640 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys 2011/08/02 20:34:20.0562 0640 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys 2011/08/02 20:34:20.0593 0640 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys 2011/08/02 20:34:20.0625 0640 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys 2011/08/02 20:34:20.0687 0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/08/02 20:34:20.0875 0640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/08/02 20:34:20.0937 0640 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/08/02 20:34:20.0984 0640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/08/02 20:34:21.0046 0640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/08/02 20:34:21.0078 0640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/08/02 20:34:21.0125 0640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/08/02 20:34:21.0140 0640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/08/02 20:34:21.0156 0640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/08/02 20:34:21.0203 0640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/08/02 20:34:21.0359 0640 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2011/08/02 20:34:21.0531 0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/08/02 20:34:21.0593 0640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/08/02 20:34:21.0671 0640 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/08/02 20:34:21.0734 0640 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0 2011/08/02 20:34:21.0890 0640 Boot (0x1200) (b87e93093e758c0f8a533e1f1cfc81f2) \Device\Harddisk0\DR0\Partition0 2011/08/02 20:34:21.0906 0640 ================================================================================ 2011/08/02 20:34:21.0906 0640 Scan finished 2011/08/02 20:34:21.0906 0640 ================================================================================ 2011/08/02 20:34:21.0921 0996 Detected object count: 0 2011/08/02 20:34:21.0921 0996 Actual detected object count: 0
- August 3, 2011
- 6 replies
AHHH, redirect virius!

kramozzam posted a topic in Resolved Malware Removal Logs

Someone please lend me some much needed help with this redirect problem: it is on my wife's computer but I will do whatever I need to to fix this problem once and for all. The usual, slow computer, redirect in both IE and Firefox- what do I need to do.... Any and all help would e greatly appreciated. Have MBAM and can run a log if needed. Thanks in advance for any help: Kram
- July 30, 2011
- 6 replies

Sign In

kramozzam

Posts

Joined

Last visited

Reputation

AHHH, redirect virius!

AHHH, redirect virius!

AHHH, redirect virius!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information