Jump to content

Google toolbar search issue


Recommended Posts

Hey,

I'm using Firefox and just recently any searches I do using the search bar to the right of the address bar, as well as any using the Google toolbar take longer than normal as well as showing a list of spam ads as the first page of results. Going to the second page of results shows what would normally be expected, as well as taking me to the actual sites, there's no redirecting going on here. This also occurs when I am playing a game through Steam and go to Google in the Steam overlay.

I've run several antivirus and antimalware searches, and whatever they've found hasn't been what is causing this, since it still happens.

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:03:44 AM, on 7/30/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18470)

Boot mode: Normal

Running processes:

G:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [steam] "g:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\spsj.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - g:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\program files (x86)\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files (x86)\Trend Micro\Antivirus\Tmntsrv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8261 bytes

Thanks in advance.

Link to post
Share on other sites

  • 2 weeks later...

So what's the next step when my post hasn't been replied to for several days? I couldn't find a consolidated rules thread, so do I just bump it up like this or do I post a link to it somewhere else or... what?

The problem is still ongoing for me. I could post a more recent hijackthis log if it's needed.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

My apologies for the extended delay.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4407

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18928

8/8/2010 1:27:29 PM

mbam-log-2010-08-08 (13-27-29).txt

Scan type: Quick scan

Objects scanned: 134705

Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSX64

Run by jwhitak at 13:27:57.82 on Sun 08/08/2010

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_13

Microsoft

Link to post
Share on other sites

  • Staff

Hi,

Please go to VirusTotal, and upload the following files for analysis:

c:\windows\syswow64\gbkbg.dll

c:\windows\syswow64\spsj.dll

c:\windows\syswow64\msippsth.dll

Post the results in your reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

gbkbg.dll:

Antivirus results

AhnLab-V3 - 2010.08.10.01 - 2010.08.10 - -

AntiVir - 8.2.4.34 - 2010.08.10 - -

Antiy-AVL - 2.0.3.7 - 2010.08.10 - -

Authentium - 5.2.0.5 - 2010.08.10 - -

Avast - 4.8.1351.0 - 2010.08.10 - -

Avast5 - 5.0.332.0 - 2010.08.10 - -

AVG - 9.0.0.851 - 2010.08.10 - -

BitDefender - 7.2 - 2010.08.10 - -

CAT-QuickHeal - 11.00 - 2010.08.10 - -

ClamAV - 0.96.0.3-git - 2010.08.10 - -

Comodo - 5706 - 2010.08.10 - -

DrWeb - 5.0.2.03300 - 2010.08.10 - Trojan.Click1.25301

Emsisoft - 5.0.0.37 - 2010.08.10 - -

eSafe - 7.0.17.0 - 2010.08.09 - -

eTrust-Vet - 36.1.7779 - 2010.08.10 - -

F-Prot - 4.6.1.107 - 2010.08.10 - -

F-Secure - 9.0.15370.0 - 2010.08.10 - -

Fortinet - 4.1.143.0 - 2010.08.10 - -

GData - 21 - 2010.08.10 - -

Ikarus - T3.1.1.87.0 - 2010.08.10 - -

Jiangmin - 13.0.900 - 2010.08.10 - -

Kaspersky - 7.0.0.125 - 2010.08.10 - -

McAfee - 5.400.0.1158 - 2010.08.10 - -

McAfee-GW-Edition - 2010.1 - 2010.08.10 - Artemis!B3EFB184D576

Microsoft - 1.6004 - 2010.08.10 - -

NOD32 - 5353 - 2010.08.10 - -

Norman - 6.05.11 - 2010.08.09 - -

nProtect - 2010-08-10.01 - 2010.08.10 - -

Panda - 10.0.2.7 - 2010.08.10 - -

PCTools - 7.0.3.5 - 2010.08.10 - -

Prevx - 3.0 - 2010.08.10 - High Risk Cloaked Malware

Rising - 22.60.01.04 - 2010.08.10 - -

Sophos - 4.56.0 - 2010.08.10 - Troj/Agent-OFJ

Sunbelt - 6711 - 2010.08.10 - Trojan.Win32.Browser-Winsock.Hijacker

SUPERAntiSpyware - 4.40.0.1006 - 2010.08.10 - -

Symantec - 20101.1.1.7 - 2010.08.09 - -

TheHacker - 6.5.2.1.341 - 2010.08.10 - -

TrendMicro - 9.120.0.1004 - 2010.08.10 - -

TrendMicro-HouseCall - 9.120.0.1004 - 2010.08.10 - -

VBA32 - 3.12.12.8 - 2010.08.10 - -

ViRobot - 2010.8.9.3978 - 2010.08.10 - -

VirusBuster - 5.0.27.0 - 2010.08.09 - -

File info:

MD5: b3efb184d5762dabce4c0ac7b6e188bf

SHA1: e6dc04c8c5a4965e093b9a96c219b998bb86e9b1

SHA256: 7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a

File size: 8192 bytes

Scan date: 2010-08-10 11:31:09 (UTC)

spsj.dll:

Antivirus results

AhnLab-V3 - 2010.08.10.01 - 2010.08.10 - -

AntiVir - 8.2.4.34 - 2010.08.10 - -

Antiy-AVL - 2.0.3.7 - 2010.08.10 - -

Authentium - 5.2.0.5 - 2010.08.10 - -

Avast - 4.8.1351.0 - 2010.08.10 - -

Avast5 - 5.0.332.0 - 2010.08.10 - -

AVG - 9.0.0.851 - 2010.08.10 - -

BitDefender - 7.2 - 2010.08.10 - -

CAT-QuickHeal - 11.00 - 2010.08.10 - -

ClamAV - 0.96.0.3-git - 2010.08.10 - -

Comodo - 5706 - 2010.08.10 - -

DrWeb - 5.0.2.03300 - 2010.08.10 - Trojan.Click1.25301

Emsisoft - 5.0.0.37 - 2010.08.10 - -

eSafe - 7.0.17.0 - 2010.08.09 - -

eTrust-Vet - 36.1.7779 - 2010.08.10 - -

F-Prot - 4.6.1.107 - 2010.08.10 - -

F-Secure - 9.0.15370.0 - 2010.08.10 - -

Fortinet - 4.1.143.0 - 2010.08.10 - -

GData - 21 - 2010.08.10 - -

Ikarus - T3.1.1.87.0 - 2010.08.10 - -

Jiangmin - 13.0.900 - 2010.08.10 - -

McAfee - 5.400.0.1158 - 2010.08.10 - Artemis!B3EFB184D576

McAfee-GW-Edition - 2010.1 - 2010.08.10 - Artemis!B3EFB184D576

Microsoft - 1.6004 - 2010.08.10 - -

NOD32 - 5353 - 2010.08.10 - -

Norman - 6.05.11 - 2010.08.09 - -

nProtect - 2010-08-10.01 - 2010.08.10 - -

Panda - 10.0.2.7 - 2010.08.10 - -

PCTools - 7.0.3.5 - 2010.08.10 - -

Rising - 22.60.01.04 - 2010.08.10 - -

Sophos - 4.56.0 - 2010.08.10 - Troj/Agent-OFJ

Sunbelt - 6711 - 2010.08.10 - Trojan.Win32.Browser-Winsock.Hijacker

SUPERAntiSpyware - 4.40.0.1006 - 2010.08.10 - -

Symantec - 20101.1.1.7 - 2010.08.09 - -

TheHacker - 6.5.2.1.341 - 2010.08.10 - -

TrendMicro - 9.120.0.1004 - 2010.08.10 - -

TrendMicro-HouseCall - 9.120.0.1004 - 2010.08.10 - -

VBA32 - 3.12.12.8 - 2010.08.10 - -

ViRobot - 2010.8.9.3978 - 2010.08.10 - -

VirusBuster - 5.0.27.0 - 2010.08.09 - -

File info:

MD5: b3efb184d5762dabce4c0ac7b6e188bf

SHA1: e6dc04c8c5a4965e093b9a96c219b998bb86e9b1

SHA256: 7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a

File size: 8192 bytes

Scan date: 2010-08-10 11:35:14 (UTC)

msippsth.dll:

Antivirus results

AhnLab-V3 - 2010.08.10.01 - 2010.08.10 - Malware/Win32.Generic

AntiVir - 8.2.4.34 - 2010.08.10 - BDS/Backdoor.Gen

Antiy-AVL - 2.0.3.7 - 2010.08.10 - -

Authentium - 5.2.0.5 - 2010.08.10 - -

Avast - 4.8.1351.0 - 2010.08.10 - -

Avast5 - 5.0.332.0 - 2010.08.10 - -

AVG - 9.0.0.851 - 2010.08.10 - -

BitDefender - 7.2 - 2010.08.10 - Gen:Trojan.Heur.LP.bq4@a0rejyo

CAT-QuickHeal - 11.00 - 2010.08.10 - -

ClamAV - 0.96.0.3-git - 2010.08.10 - -

Comodo - 5706 - 2010.08.10 - -

DrWeb - 5.0.2.03300 - 2010.08.10 - -

Emsisoft - 5.0.0.37 - 2010.08.10 - Backdoor!IK

eSafe - 7.0.17.0 - 2010.08.09 - -

eTrust-Vet - 36.1.7779 - 2010.08.10 - -

F-Prot - 4.6.1.107 - 2010.08.10 - -

F-Secure - 9.0.15370.0 - 2010.08.10 - Gen:Trojan.Heur.LP.bq4@a0rejyo

Fortinet - 4.1.143.0 - 2010.08.10 - -

GData - 21 - 2010.08.10 - Gen:Trojan.Heur.LP.bq4@a0rejyo

Ikarus - T3.1.1.87.0 - 2010.08.10 - Backdoor

Jiangmin - 13.0.900 - 2010.08.10 - -

McAfee - 5.400.0.1158 - 2010.08.10 - -

McAfee-GW-Edition - 2010.1 - 2010.08.10 - Heuristic.BehavesLike.Win32.Downloader.H

Microsoft - 1.6004 - 2010.08.10 - -

NOD32 - 5353 - 2010.08.10 - -

Norman - 6.05.11 - 2010.08.09 - -

nProtect - 2010-08-10.01 - 2010.08.10 - -

Panda - 10.0.2.7 - 2010.08.10 - Suspicious file

PCTools - 7.0.3.5 - 2010.08.10 - -

Prevx - 3.0 - 2010.08.10 - -

Rising - 22.60.01.04 - 2010.08.10 - Trojan.Win32.Generic.52222F2E

Sophos - 4.56.0 - 2010.08.10 - -

Sunbelt - 6711 - 2010.08.10 - Trojan.Win32.Browser-Winsock.Hijacker

SUPERAntiSpyware - 4.40.0.1006 - 2010.08.10 - -

Symantec - 20101.1.1.7 - 2010.08.09 - WS.Reputation.1

TheHacker - 6.5.2.1.341 - 2010.08.10 - -

TrendMicro - 9.120.0.1004 - 2010.08.10 - -

TrendMicro-HouseCall - 9.120.0.1004 - 2010.08.10 - -

VBA32 - 3.12.12.8 - 2010.08.10 - -

ViRobot - 2010.8.9.3978 - 2010.08.10 - -

VirusBuster - 5.0.27.0 - 2010.08.09 - -

File info:

MD5: 088f85b75f9243422165d507221e8acc

SHA1: 1f0c066cd2d523883f2735cd5904f80e6df8d926

SHA256: 298d6081be0aac0a88f95a207875e07ee005c986d15888681dab89d029a152f9

File size: 18944 bytes

Scan date: 2010-08-10 11:38:21 (UTC)

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=4f4f33038a0dc64abd08097738360fa0

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-08-10 03:12:20

# local_time=2010-08-10 08:12:20 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 6798183 6798183 0 0

# compatibility_mode=768 16777215 100 0 38338551 38338551 0 0

# compatibility_mode=1024 16777215 100 0 43416763 43416763 0 0

# compatibility_mode=5892 16776573 100 100 0 118039946 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=576541

# found=2

# cleaned=2

# scan_time=12054

C:\Program Files\Mozilla Firefox\TAV15.1\Setup\Program Files\Trend Micro\64bit\TAVTool.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Mozilla Firefox\TAV15.1\Tools\TAVTool.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

  • Staff

Hi,

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

  • Staff

Hi,

Are the redirects only occurring in Internet Explorer? Do they also occur in Firefox?

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

They only occur in Firefox. I don't use IE at all, but a quick test showed there wasn't any problem there.

2010/08/12 12:20:00.0586 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09

2010/08/12 12:20:00.0586 ================================================================================

2010/08/12 12:20:00.0586 SystemInfo:

2010/08/12 12:20:00.0586

2010/08/12 12:20:00.0586 OS Version: 6.0.6001 ServicePack: 1.0

2010/08/12 12:20:00.0586 Product type: Workstation

2010/08/12 12:20:00.0586 ComputerName: JESS-PC

2010/08/12 12:20:00.0586 UserName: jwhitak

2010/08/12 12:20:00.0586 Windows directory: C:\Windows

2010/08/12 12:20:00.0586 System windows directory: C:\Windows

2010/08/12 12:20:00.0586 Running under WOW64

2010/08/12 12:20:00.0586 Processor architecture: Intel x64

2010/08/12 12:20:00.0586 Number of processors: 2

2010/08/12 12:20:00.0586 Page size: 0x1000

2010/08/12 12:20:00.0586 Boot type: Normal boot

2010/08/12 12:20:00.0586 ================================================================================

2010/08/12 12:20:00.0587 Utility is running under WOW64, functionality is limited.

2010/08/12 12:20:01.0975 Initialize success

2010/08/12 12:20:09.0641 ================================================================================

2010/08/12 12:20:09.0641 Scan started

2010/08/12 12:20:09.0641 Mode: Manual;

2010/08/12 12:20:09.0641 ================================================================================

2010/08/12 12:20:21.0367 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys

2010/08/12 12:20:22.0829 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys

2010/08/12 12:20:23.0405 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys

2010/08/12 12:20:24.0275 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys

2010/08/12 12:20:24.0890 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys

2010/08/12 12:20:25.0193 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys

2010/08/12 12:20:25.0921 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys

2010/08/12 12:20:26.0613 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/08/12 12:20:27.0180 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/08/12 12:20:28.0092 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/08/12 12:20:28.0757 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys

2010/08/12 12:20:29.0571 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys

2010/08/12 12:20:29.0753 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys

2010/08/12 12:20:29.0952 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/08/12 12:20:30.0141 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

2010/08/12 12:20:30.0352 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

2010/08/12 12:20:30.0709 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys

2010/08/12 12:20:31.0376 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys

2010/08/12 12:20:31.0585 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys

2010/08/12 12:20:31.0932 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/08/12 12:20:32.0152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/08/12 12:20:32.0388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/08/12 12:20:32.0666 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/08/12 12:20:32.0887 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/08/12 12:20:33.0146 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/08/12 12:20:33.0345 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/08/12 12:20:33.0539 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/08/12 12:20:33.0773 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/08/12 12:20:34.0033 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

2010/08/12 12:20:34.0383 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys

2010/08/12 12:20:34.0595 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys

2010/08/12 12:20:34.0698 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/08/12 12:20:34.0745 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys

2010/08/12 12:20:34.0826 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys

2010/08/12 12:20:34.0912 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys

2010/08/12 12:20:34.0979 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

2010/08/12 12:20:35.0071 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/08/12 12:20:35.0191 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

2010/08/12 12:20:35.0296 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/08/12 12:20:35.0379 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

2010/08/12 12:20:35.0435 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys

2010/08/12 12:20:35.0568 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

2010/08/12 12:20:35.0621 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

2010/08/12 12:20:35.0667 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/08/12 12:20:35.0734 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/08/12 12:20:35.0796 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/08/12 12:20:35.0851 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/08/12 12:20:35.0918 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

2010/08/12 12:20:35.0997 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/08/12 12:20:36.0035 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys

2010/08/12 12:20:36.0087 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/08/12 12:20:36.0135 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/08/12 12:20:36.0260 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/08/12 12:20:36.0351 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2010/08/12 12:20:36.0475 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

2010/08/12 12:20:36.0579 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys

2010/08/12 12:20:36.0642 HTTP (ec339059826742306dec6205b1ccc661) C:\Windows\system32\drivers\HTTP.sys

2010/08/12 12:20:36.0713 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys

2010/08/12 12:20:36.0770 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/08/12 12:20:36.0840 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys

2010/08/12 12:20:36.0899 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/08/12 12:20:36.0944 intelide (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys

2010/08/12 12:20:36.0998 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/08/12 12:20:37.0073 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/08/12 12:20:37.0162 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys

2010/08/12 12:20:37.0226 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/08/12 12:20:37.0320 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/08/12 12:20:37.0380 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys

2010/08/12 12:20:37.0474 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/08/12 12:20:37.0514 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/08/12 12:20:37.0587 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/08/12 12:20:37.0692 Jukebox3_x64 (c2edee04b348b06a9e1da1521a33c1bc) C:\Windows\system32\DRIVERS\ctpdusbx.sys

2010/08/12 12:20:37.0766 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/08/12 12:20:37.0842 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/08/12 12:20:37.0921 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys

2010/08/12 12:20:38.0055 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/08/12 12:20:38.0296 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

2010/08/12 12:20:38.0403 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/08/12 12:20:38.0486 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys

2010/08/12 12:20:38.0523 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys

2010/08/12 12:20:38.0571 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys

2010/08/12 12:20:38.0639 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/08/12 12:20:38.0690 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys

2010/08/12 12:20:38.0800 mfeavfk (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys

2010/08/12 12:20:38.0884 mfehidk (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys

2010/08/12 12:20:38.0965 mferkdk (ba2aaa62628ca6dea56a62a0e530d014) C:\Windows\system32\drivers\mferkdk.sys

2010/08/12 12:20:39.0022 mfesmfk (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys

2010/08/12 12:20:39.0115 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/08/12 12:20:39.0156 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/08/12 12:20:39.0210 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/08/12 12:20:39.0261 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/08/12 12:20:39.0325 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/08/12 12:20:39.0394 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys

2010/08/12 12:20:39.0497 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/08/12 12:20:39.0552 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/08/12 12:20:39.0609 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

2010/08/12 12:20:39.0681 mrxsmb (937512d4321b4f5218ad5a0aebf2b5cc) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/08/12 12:20:39.0753 mrxsmb10 (152b673b3984356390e7baa4199f1114) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/08/12 12:20:39.0812 mrxsmb20 (65e45c26ba6fd66cd2889913f73823ef) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/08/12 12:20:39.0848 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys

2010/08/12 12:20:39.0922 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys

2010/08/12 12:20:40.0122 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/08/12 12:20:40.0201 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/08/12 12:20:40.0290 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/08/12 12:20:40.0336 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/08/12 12:20:40.0380 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/08/12 12:20:40.0431 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

2010/08/12 12:20:40.0501 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/08/12 12:20:40.0558 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/08/12 12:20:40.0617 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

2010/08/12 12:20:40.0712 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

2010/08/12 12:20:40.0774 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys

2010/08/12 12:20:40.0825 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/08/12 12:20:40.0873 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/08/12 12:20:40.0926 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/08/12 12:20:40.0973 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/08/12 12:20:41.0022 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/08/12 12:20:41.0084 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

2010/08/12 12:20:41.0174 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/08/12 12:20:41.0229 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

2010/08/12 12:20:41.0383 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/08/12 12:20:41.0493 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

2010/08/12 12:20:41.0702 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/08/12 12:20:41.0853 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys

2010/08/12 12:20:42.0827 nvlddmkm (2b9fd17492fbd799726369f2db3e4827) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/08/12 12:20:47.0479 NVR0FLASHDev (7b5db5f332fc5eca0e7dbb26466a96a0) C:\Windows\nvflsh64.sys

2010/08/12 12:20:47.0705 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys

2010/08/12 12:20:47.0970 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys

2010/08/12 12:20:48.0231 nvstor64 (e87e17e9fd94ee9f0dbde4b6ad882f26) C:\Windows\system32\DRIVERS\nvstor64.sys

2010/08/12 12:20:48.0638 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys

2010/08/12 12:20:50.0064 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/08/12 12:20:51.0399 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/08/12 12:20:52.0177 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

2010/08/12 12:20:52.0871 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

2010/08/12 12:20:53.0554 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

2010/08/12 12:20:54.0200 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/08/12 12:20:55.0518 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/08/12 12:21:00.0796 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

2010/08/12 12:21:01.0475 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys

2010/08/12 12:21:02.0819 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

2010/08/12 12:21:03.0625 PxHlpa64 (5d6c8e778f0218fcd2cca0efbc9766ca) C:\Windows\system32\Drivers\PxHlpa64.sys

2010/08/12 12:21:04.0475 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys

2010/08/12 12:21:05.0712 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/08/12 12:21:06.0382 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/08/12 12:21:07.0025 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/08/12 12:21:08.0645 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/08/12 12:21:09.0700 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/08/12 12:21:10.0451 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

2010/08/12 12:21:12.0082 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

2010/08/12 12:21:13.0748 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/08/12 12:21:14.0519 rdpdr (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys

2010/08/12 12:21:15.0978 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/08/12 12:21:17.0086 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

2010/08/12 12:21:18.0726 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/08/12 12:21:19.0753 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2010/08/12 12:21:20.0605 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2010/08/12 12:21:21.0181 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/08/12 12:21:24.0611 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/08/12 12:21:26.0570 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

2010/08/12 12:21:27.0413 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

2010/08/12 12:21:28.0280 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/08/12 12:21:30.0444 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys

2010/08/12 12:21:31.0004 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/08/12 12:21:32.0229 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys

2010/08/12 12:21:32.0845 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/08/12 12:21:34.0824 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys

2010/08/12 12:21:35.0849 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys

2010/08/12 12:21:37.0779 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

2010/08/12 12:21:40.0253 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

2010/08/12 12:21:41.0709 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys

2010/08/12 12:21:41.0911 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf

2010/08/12 12:21:42.0148 sptd - detected Locked file (1)

2010/08/12 12:21:45.0048 srv (ae06ff9cd54b74faf4484003be9de89c) C:\Windows\system32\DRIVERS\srv.sys

2010/08/12 12:21:46.0221 srv2 (56e686e35fce7a1931eb05c226bbae81) C:\Windows\system32\DRIVERS\srv2.sys

2010/08/12 12:21:46.0603 srvnet (a93df8babf7c7b9637a76e0eae5744b7) C:\Windows\system32\DRIVERS\srvnet.sys

2010/08/12 12:21:46.0919 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/08/12 12:21:47.0135 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/08/12 12:21:47.0349 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/08/12 12:21:47.0596 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/08/12 12:21:47.0877 Tcpip (30c4abc8075dea44d7e775d434af1753) C:\Windows\system32\drivers\tcpip.sys

2010/08/12 12:21:48.0177 Tcpip6 (30c4abc8075dea44d7e775d434af1753) C:\Windows\system32\DRIVERS\tcpip.sys

2010/08/12 12:21:48.0442 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

2010/08/12 12:21:48.0636 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/08/12 12:21:48.0837 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/08/12 12:21:49.0059 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

2010/08/12 12:21:49.0299 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

2010/08/12 12:21:49.0976 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/08/12 12:21:50.0071 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/08/12 12:21:50.0125 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys

2010/08/12 12:21:50.0195 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys

2010/08/12 12:21:50.0275 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys

2010/08/12 12:21:50.0394 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys

2010/08/12 12:21:50.0440 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys

2010/08/12 12:21:50.0504 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/08/12 12:21:50.0572 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/08/12 12:21:50.0627 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/08/12 12:21:50.0706 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/08/12 12:21:50.0761 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/08/12 12:21:50.0834 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

2010/08/12 12:21:50.0926 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys

2010/08/12 12:21:50.0977 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys

2010/08/12 12:21:51.0035 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

2010/08/12 12:21:51.0089 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/08/12 12:21:51.0136 usbuhci (7bf55d2538740b25936e93553e5d190d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/08/12 12:21:51.0227 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/08/12 12:21:51.0297 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/08/12 12:21:51.0331 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/08/12 12:21:51.0388 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

2010/08/12 12:21:51.0443 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

2010/08/12 12:21:51.0548 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

2010/08/12 12:21:51.0622 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys

2010/08/12 12:21:51.0691 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/08/12 12:21:51.0739 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/12 12:21:51.0761 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/12 12:21:51.0825 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/08/12 12:21:51.0880 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/08/12 12:21:52.0214 WmiAcpi (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys

2010/08/12 12:21:52.0322 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/08/12 12:21:52.0437 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/08/12 12:21:52.0537 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/08/12 12:21:52.0621 xusb21 (47aea795c67b7440e60d1f7542cb3d38) C:\Windows\system32\DRIVERS\xusb21.sys

2010/08/12 12:21:52.0704 ================================================================================

2010/08/12 12:21:52.0704 Scan finished

2010/08/12 12:21:52.0704 ================================================================================

2010/08/12 12:21:52.0714 Detected object count: 1

2010/08/12 12:22:04.0555 Locked file(sptd) - User select action: Skip

2010/08/12 12:22:21.0621 Deinitialize success

Link to post
Share on other sites

Quick update. Seems like it does happen in IE after all. It also happens from the main search site as well now, not just from the toolbars.

This happens for all the search sites I can think of, Google, Yahoo, Bing. I can go to the main page and type in a search, and now it just times out. If someone sends me a link to the second page of a search that works just fine, but if I click, from that link, to go to the first page, it times out.

Link to post
Share on other sites

Problem solved. It was the spsj.dll file that was mentioned earlier. I initiated a scan using Hitman Pro 3.5 while in Safe Mode with Networking and it deleted the file while keeping it from coming back. The search redirect issue is gone.

Thanks for all the help guys, I really appreciate it.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.