I`m infected with Google Redirect virus, please help...

PurpleShark · May 11, 2011

Hmmm, not really made much difference unfortunately.

I`m trying to open the computer up `normally`,having had it in safe mode previously by pressing F8 and scrolling down to `open normally` is just making it start up in a kind of safe mode with a white toolbar at the bottom rather than blue...

heir · May 11, 2011

with a white toolbar at the bottom rather than blue...

Are the icons still in it?

having had it in safe mode previously

So all the scans you've done is in safemode?

Please keep it in normal mode unless your asked to run a tool in safemode.

Step 1.

MBRCheck:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 2.

Filescan:

Please go to: VirusTotal

On the page you'll find a Browse - button.
Click on the Browse button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
C:\Users\user\Desktop\MBR.dat
Next, click the Open button.
Then click the Send File - button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

Step 3.

DDS:

Rerun DDS and post the logs ( DDS.txt and Attach.txt ) in your reply

Step 4.

Things I would like to see in your reply:

Answers to the questions in the beginning of this post.
The content of the log from MBRCheck in step 1.
The links to the result of the filescan in step 2.
The logs from DDS in step 3.

PurpleShark · May 11, 2011

I chose `normal mode` when I rebooted it before you started helping me & the screen wasn`t huge & basic like it is with `safe mode` but I can`t get it to look like it usually does.

The icons are still in my taskbar though.

Should I be choosing another option when I reopen after pressing F8?

heir · May 11, 2011

I chose `normal mode` when I rebooted it before you started helping me & the screen wasn`t huge & basic like it is with `safe mode` but I can`t get it to look like it usually does.

How does it look like now?

Should I be choosing another option when I reopen after pressing F8?

Chose normal mode.

PurpleShark · May 11, 2011

The taskbar along the bottom is white and any notepad pages have a grey outline around them when I open them. I`m still getting redirected too...

heir · May 11, 2011

Continue with the steps in post #27

PurpleShark · May 11, 2011

Ok, will do...

PurpleShark · May 11, 2011

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows Vista Home Basic Edition

Windows Information: Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Dell DM061

Logical Drives Mask: 0x000000fc

Kernel Drivers (total 153):

0x82E11000 \SystemRoot\system32\ntkrnlpa.exe

0x831CB000 \SystemRoot\system32\hal.dll

0x8040E000 \SystemRoot\system32\kdcom.dll

0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x80485000 \SystemRoot\system32\PSHED.dll

0x80496000 \SystemRoot\system32\BOOTVID.dll

0x8049E000 \SystemRoot\system32\CLFS.SYS

0x804DF000 \SystemRoot\system32\CI.dll

0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys

0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x80693000 \SystemRoot\system32\drivers\acpi.sys

0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS

0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys

0x806EA000 \SystemRoot\system32\drivers\pci.sys

0x80711000 \SystemRoot\System32\drivers\partmgr.sys

0x80720000 \SystemRoot\system32\drivers\volmgr.sys

0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys

0x80779000 \SystemRoot\system32\drivers\intelide.sys

0x80780000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x8078E000 \SystemRoot\System32\drivers\mountmgr.sys

0x8079E000 \SystemRoot\system32\drivers\atapi.sys

0x807A6000 \SystemRoot\system32\drivers\ataport.SYS

0x807C4000 \SystemRoot\system32\drivers\fltmgr.sys

0x8AE05000 \SystemRoot\system32\drivers\NIS\1206000.01D\SYMDS.SYS

0x8AE5C000 \SystemRoot\system32\drivers\fileinfo.sys

0x8AE6C000 \SystemRoot\system32\drivers\NIS\1206000.01D\SYMEFA.SYS

0x8AF27000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8AF31000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8B00A000 \SystemRoot\system32\drivers\ndis.sys

0x8B115000 \SystemRoot\system32\drivers\msrpc.sys

0x8B140000 \SystemRoot\system32\drivers\NETIO.SYS

0x8B202000 \SystemRoot\System32\drivers\tcpip.sys

0x8B2EC000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8B40F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8B51F000 \SystemRoot\system32\drivers\volsnap.sys

0x8B558000 \SystemRoot\System32\Drivers\spldr.sys

0x8B560000 \SystemRoot\System32\Drivers\mup.sys

0x8B56F000 \SystemRoot\System32\drivers\ecache.sys

0x8B596000 \SystemRoot\system32\drivers\disk.sys

0x8B5A7000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x8B5C8000 \SystemRoot\system32\drivers\crcdisk.sys

0x8B5F1000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8B400000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x8B307000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x90003000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x9076C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x8B316000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x9076E000 \SystemRoot\System32\drivers\watchdog.sys

0x9077A000 \SystemRoot\system32\DRIVERS\e1e6032.sys

0x907B4000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x907BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x8B3B6000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x8FA0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8FA9C000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8FAB4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x8FABA000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8FAE9000 \SystemRoot\system32\DRIVERS\storport.sys

0x8FB2A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8FB35000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8FB4C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8FB57000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8FB7A000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8FB89000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8FB9D000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x8FBB2000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8FBC2000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x8FBCD000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x8FBD8000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8B3C5000 \SystemRoot\system32\DRIVERS\ks.sys

0x8FBDA000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8FBE4000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8B17B000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8B3EF000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8B1B0000 \SystemRoot\system32\drivers\HdAudio.sys

0x8AFA2000 \SystemRoot\system32\drivers\portcls.sys

0x8AFCF000 \SystemRoot\system32\drivers\drmk.sys

0x8FBF1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x8FA00000 \SystemRoot\System32\Drivers\Null.SYS

0x8FA07000 \SystemRoot\System32\Drivers\Beep.SYS

0x8B1F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x8AFF4000 \SystemRoot\System32\drivers\vga.sys

0x805BF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8B000000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8B1EF000 \SystemRoot\system32\drivers\rdpencdd.sys

0x805E0000 \SystemRoot\System32\Drivers\Msfs.SYS

0x805EB000 \SystemRoot\System32\Drivers\Npfs.SYS

0x807F6000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8FC0F000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8FC25000 \SystemRoot\system32\DRIVERS\smb.sys

0x8FC39000 \SystemRoot\system32\drivers\afd.sys

0x8FC81000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8FCB3000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8FCC9000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8FCD7000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8FCEA000 \SystemRoot\system32\drivers\NIS\1206000.01D\Ironx86.SYS

0x8FD0E000 \SystemRoot\system32\drivers\NIS\1206000.01D\SRTSPX.SYS

0x8FD19000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8FD55000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

0x8FD7B000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

0x8FD8A000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys

0x8FD97000 \??\C:\Windows\system32\drivers\RapportBuka.sys

0x8FC00000 \SystemRoot\system32\drivers\nsiproxy.sys

0x9140E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110509.001\IDSvix86.sys

0x91469000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS

0x9148F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0x914ED000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x9150B000 \SystemRoot\System32\Drivers\dfsc.sys

0x91522000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys

0x91C0B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x91C22000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x91C24000 \SystemRoot\system32\DRIVERS\usbscan.sys

0x91C31000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x91C3B000 \SystemRoot\system32\DRIVERS\dot4usb.sys

0x91C48000 \SystemRoot\system32\DRIVERS\Dot4.sys

0x91C6D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x91C82000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys

0x91C8B000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x91C94000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x91CA4000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x91CAD000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x91CB5000 \SystemRoot\System32\Drivers\crashdmp.sys

0x91CC2000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x91CCD000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x9C230000 \SystemRoot\System32\win32k.sys

0x91CD5000 \SystemRoot\System32\drivers\Dxapi.sys

0x91CDF000 \SystemRoot\system32\DRIVERS\monitor.sys

0x9C450000 \SystemRoot\System32\TSDDD.dll

0x9C470000 \SystemRoot\System32\cdd.dll

0x91CEE000 \SystemRoot\system32\drivers\luafv.sys

0x91D11000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x91D21000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x91D34000 \SystemRoot\system32\drivers\HTTP.sys

0x91DA1000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x91DBE000 \SystemRoot\system32\DRIVERS\bowser.sys

0x91DD7000 \SystemRoot\System32\drivers\mpsdrv.sys

0xA2C0D000 \SystemRoot\system32\drivers\mrxdav.sys

0xA2C2E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xA2C4D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xA2C86000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xA2C9E000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA2CC6000 \SystemRoot\System32\DRIVERS\srv.sys

0xA2D15000 \SystemRoot\system32\drivers\spsys.sys

0xA8208000 \SystemRoot\system32\drivers\peauth.sys

0xA82E6000 \SystemRoot\System32\Drivers\secdrv.SYS

0xA82F0000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA82FC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xA8311000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0xA832F000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS

0xA8388000 \SystemRoot\system32\DRIVERS\cdfs.sys

0xB1E0E000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SRTSP.SYS

0xB1E94000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110511.002\NAVEX15.SYS

0xB1FE7000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110511.002\NAVENG.SYS

0x773C0000 \Windows\System32\ntdll.dll

Processes (total 71):

0 System Idle Process

4 System

384 C:\Windows\System32\smss.exe

460 csrss.exe

508 csrss.exe

516 C:\Windows\System32\wininit.exe

556 C:\Windows\System32\services.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

604 C:\Windows\System32\winlogon.exe

792 C:\Windows\System32\svchost.exe

840 C:\Windows\System32\nvvsvc.exe

864 C:\Windows\System32\svchost.exe

900 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

1056 C:\Windows\System32\svchost.exe

1084 C:\Windows\System32\svchost.exe

1096 C:\Windows\System32\svchost.exe

1200 C:\Windows\System32\audiodg.exe

1220 C:\Windows\System32\svchost.exe

1244 C:\Windows\System32\SLsvc.exe

1276 C:\Windows\System32\svchost.exe

1340 C:\Windows\System32\rundll32.exe

1448 C:\Windows\System32\svchost.exe

1624 C:\Windows\System32\spoolsv.exe

1636 C:\Windows\System32\taskeng.exe

1656 C:\Windows\System32\svchost.exe

1792 C:\Windows\System32\rundll32.exe

1904 C:\Windows\System32\taskeng.exe

1968 C:\Windows\System32\dwm.exe

2012 C:\Windows\explorer.exe

1156 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

1528 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

1316 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

976 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

648 C:\Windows\System32\rundll32.exe

2028 C:\Program Files\Bonjour\mDNSResponder.exe

2040 C:\Windows\System32\CSHelper.exe

1556 C:\Windows\System32\svchost.exe

2284 C:\Windows\System32\svchost.exe

2296 C:\Windows\System32\svchost.exe

2332 C:\Windows\System32\svchost.exe

2384 C:\Windows\System32\svchost.exe

2424 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

2532 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

2592 C:\Program Files\iTunes\iTunesHelper.exe

2620 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2648 C:\Windows\System32\SearchIndexer.exe

2704 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

2964 WUDFHost.exe

3480 C:\Program Files\Windows Media Player\wmpnscfg.exe

3532 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

3684 C:\Windows\System32\mobsync.exe

3944 C:\Program Files\Windows Media Player\wmpnetwk.exe

1852 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

3640 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe

3676 C:\Users\user\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

3792 C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

3824 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

2956 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe

3592 C:\Program Files\iPod\bin\iPodService.exe

3584 dllhost.exe

2916 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

4328 C:\Windows\System32\wuauclt.exe

4584 C:\Windows\System32\svchost.exe

4724 C:\Windows\System32\svchost.exe

5120 C:\Windows\System32\rundll32.exe

5128 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

5768 C:\Windows\System32\SearchProtocolHost.exe

264 C:\Windows\System32\SearchFilterHost.exe

5180 C:\Users\user\Downloads\MBRCheck.exe

4868 C:\Users\user\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\E: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

\\.\H: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD161HJ, Rev: JF100-19

PhysicalDrive3 Model Number: Maxtor2, Rev: 0344

PhysicalDrive2 Model Number: MaxtorBasics Desktop, Rev: 0122

PhysicalDrive4 Model Number: SeagateDesktop, Rev: 0130

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

298 GB \\.\PhysicalDrive3 RE: Unknown MBR code

SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6

1397 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

931 GB \\.\PhysicalDrive4 RE: Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows Vista Home Basic Edition

Windows Information: Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Dell DM061

Logical Drives Mask: 0x000000fc

Kernel Drivers (total 153):

0x82E11000 \SystemRoot\system32\ntkrnlpa.exe

0x831CB000 \SystemRoot\system32\hal.dll

0x8040E000 \SystemRoot\system32\kdcom.dll

0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x80485000 \SystemRoot\system32\PSHED.dll

0x80496000 \SystemRoot\system32\BOOTVID.dll

0x8049E000 \SystemRoot\system32\CLFS.SYS

0x804DF000 \SystemRoot\system32\CI.dll

0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys

0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x80693000 \SystemRoot\system32\drivers\acpi.sys

0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS

0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys

0x806EA000 \SystemRoot\system32\drivers\pci.sys

0x80711000 \SystemRoot\System32\drivers\partmgr.sys

0x80720000 \SystemRoot\system32\drivers\volmgr.sys

0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys

0x80779000 \SystemRoot\system32\drivers\intelide.sys

0x80780000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x8078E000 \SystemRoot\System32\drivers\mountmgr.sys

0x8079E000 \SystemRoot\system32\drivers\atapi.sys

0x807A6000 \SystemRoot\system32\drivers\ataport.SYS

0x807C4000 \SystemRoot\system32\drivers\fltmgr.sys

0x8AE05000 \SystemRoot\system32\drivers\NIS\1206000.01D\SYMDS.SYS

0x8AE5C000 \SystemRoot\system32\drivers\fileinfo.sys

0x8AE6C000 \SystemRoot\system32\drivers\NIS\1206000.01D\SYMEFA.SYS

0x8AF27000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8AF31000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8B00A000 \SystemRoot\system32\drivers\ndis.sys

0x8B115000 \SystemRoot\system32\drivers\msrpc.sys

0x8B140000 \SystemRoot\system32\drivers\NETIO.SYS

0x8B202000 \SystemRoot\System32\drivers\tcpip.sys

0x8B2EC000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8B40F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8B51F000 \SystemRoot\system32\drivers\volsnap.sys

0x8B558000 \SystemRoot\System32\Drivers\spldr.sys

0x8B560000 \SystemRoot\System32\Drivers\mup.sys

0x8B56F000 \SystemRoot\System32\drivers\ecache.sys

0x8B596000 \SystemRoot\system32\drivers\disk.sys

0x8B5A7000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x8B5C8000 \SystemRoot\system32\drivers\crcdisk.sys

0x8B5F1000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8B400000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x8B307000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x90003000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x9076C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x8B316000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x9076E000 \SystemRoot\System32\drivers\watchdog.sys

0x9077A000 \SystemRoot\system32\DRIVERS\e1e6032.sys

0x907B4000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x907BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x8B3B6000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x8FA0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8FA9C000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8FAB4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x8FABA000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8FAE9000 \SystemRoot\system32\DRIVERS\storport.sys

0x8FB2A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8FB35000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8FB4C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8FB57000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8FB7A000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8FB89000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8FB9D000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x8FBB2000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8FBC2000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x8FBCD000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x8FBD8000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8B3C5000 \SystemRoot\system32\DRIVERS\ks.sys

0x8FBDA000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8FBE4000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8B17B000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8B3EF000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8B1B0000 \SystemRoot\system32\drivers\HdAudio.sys

0x8AFA2000 \SystemRoot\system32\drivers\portcls.sys

0x8AFCF000 \SystemRoot\system32\drivers\drmk.sys

0x8FBF1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x8FA00000 \SystemRoot\System32\Drivers\Null.SYS

0x8FA07000 \SystemRoot\System32\Drivers\Beep.SYS

0x8B1F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x8AFF4000 \SystemRoot\System32\drivers\vga.sys

0x805BF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8B000000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8B1EF000 \SystemRoot\system32\drivers\rdpencdd.sys

0x805E0000 \SystemRoot\System32\Drivers\Msfs.SYS

0x805EB000 \SystemRoot\System32\Drivers\Npfs.SYS

0x807F6000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8FC0F000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8FC25000 \SystemRoot\system32\DRIVERS\smb.sys

0x8FC39000 \SystemRoot\system32\drivers\afd.sys

0x8FC81000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8FCB3000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8FCC9000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8FCD7000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8FCEA000 \SystemRoot\system32\drivers\NIS\1206000.01D\Ironx86.SYS

0x8FD0E000 \SystemRoot\system32\drivers\NIS\1206000.01D\SRTSPX.SYS

0x8FD19000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8FD55000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

0x8FD7B000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

0x8FD8A000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys

0x8FD97000 \??\C:\Windows\system32\drivers\RapportBuka.sys

0x8FC00000 \SystemRoot\system32\drivers\nsiproxy.sys

0x9140E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110509.001\IDSvix86.sys

0x91469000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS

0x9148F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0x914ED000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x9150B000 \SystemRoot\System32\Drivers\dfsc.sys

0x91522000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys

0x91C0B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x91C22000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x91C24000 \SystemRoot\system32\DRIVERS\usbscan.sys

0x91C31000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x91C3B000 \SystemRoot\system32\DRIVERS\dot4usb.sys

0x91C48000 \SystemRoot\system32\DRIVERS\Dot4.sys

0x91C6D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x91C82000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys

0x91C8B000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x91C94000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x91CA4000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x91CAD000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x91CB5000 \SystemRoot\System32\Drivers\crashdmp.sys

0x91CC2000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x91CCD000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x9C230000 \SystemRoot\System32\win32k.sys

0x91CD5000 \SystemRoot\System32\drivers\Dxapi.sys

0x91CDF000 \SystemRoot\system32\DRIVERS\monitor.sys

0x9C450000 \SystemRoot\System32\TSDDD.dll

0x9C470000 \SystemRoot\System32\cdd.dll

0x91CEE000 \SystemRoot\system32\drivers\luafv.sys

0x91D11000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x91D21000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x91D34000 \SystemRoot\system32\drivers\HTTP.sys

0x91DA1000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x91DBE000 \SystemRoot\system32\DRIVERS\bowser.sys

0x91DD7000 \SystemRoot\System32\drivers\mpsdrv.sys

0xA2C0D000 \SystemRoot\system32\drivers\mrxdav.sys

0xA2C2E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xA2C4D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xA2C86000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xA2C9E000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA2CC6000 \SystemRoot\System32\DRIVERS\srv.sys

0xA2D15000 \SystemRoot\system32\drivers\spsys.sys

0xA8208000 \SystemRoot\system32\drivers\peauth.sys

0xA82E6000 \SystemRoot\System32\Drivers\secdrv.SYS

0xA82F0000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA82FC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xA8311000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0xA832F000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS

0xA8388000 \SystemRoot\system32\DRIVERS\cdfs.sys

0xB1E0E000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SRTSP.SYS

0xB1E94000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110511.002\NAVEX15.SYS

0xB1FE7000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110511.002\NAVENG.SYS

0x773C0000 \Windows\System32\ntdll.dll

Processes (total 71):

0 System Idle Process

4 System

384 C:\Windows\System32\smss.exe

460 csrss.exe

508 csrss.exe

516 C:\Windows\System32\wininit.exe

556 C:\Windows\System32\services.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

604 C:\Windows\System32\winlogon.exe

792 C:\Windows\System32\svchost.exe

840 C:\Windows\System32\nvvsvc.exe

864 C:\Windows\System32\svchost.exe

900 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

1056 C:\Windows\System32\svchost.exe

1084 C:\Windows\System32\svchost.exe

1096 C:\Windows\System32\svchost.exe

1200 C:\Windows\System32\audiodg.exe

1220 C:\Windows\System32\svchost.exe

1244 C:\Windows\System32\SLsvc.exe

1276 C:\Windows\System32\svchost.exe

1340 C:\Windows\System32\rundll32.exe

1448 C:\Windows\System32\svchost.exe

1624 C:\Windows\System32\spoolsv.exe

1636 C:\Windows\System32\taskeng.exe

1656 C:\Windows\System32\svchost.exe

1792 C:\Windows\System32\rundll32.exe

1904 C:\Windows\System32\taskeng.exe

1968 C:\Windows\System32\dwm.exe

2012 C:\Windows\explorer.exe

1156 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

1528 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

1316 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

976 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

648 C:\Windows\System32\rundll32.exe

2028 C:\Program Files\Bonjour\mDNSResponder.exe

2040 C:\Windows\System32\CSHelper.exe

1556 C:\Windows\System32\svchost.exe

2284 C:\Windows\System32\svchost.exe

2296 C:\Windows\System32\svchost.exe

2332 C:\Windows\System32\svchost.exe

2384 C:\Windows\System32\svchost.exe

2424 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

2532 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

2592 C:\Program Files\iTunes\iTunesHelper.exe

2620 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2648 C:\Windows\System32\SearchIndexer.exe

2704 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

2964 WUDFHost.exe

3480 C:\Program Files\Windows Media Player\wmpnscfg.exe

3532 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

3684 C:\Windows\System32\mobsync.exe

3944 C:\Program Files\Windows Media Player\wmpnetwk.exe

1852 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

3640 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe

3676 C:\Users\user\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

3792 C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

3824 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

2956 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe

3592 C:\Program Files\iPod\bin\iPodService.exe

3584 dllhost.exe

2916 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

4328 C:\Windows\System32\wuauclt.exe

4584 C:\Windows\System32\svchost.exe

4724 C:\Windows\System32\svchost.exe

5120 C:\Windows\System32\rundll32.exe

5128 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

5768 C:\Windows\System32\SearchProtocolHost.exe

264 C:\Windows\System32\SearchFilterHost.exe

5180 C:\Users\user\Downloads\MBRCheck.exe

4868 C:\Users\user\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\E: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

\\.\H: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD161HJ, Rev: JF100-19

PhysicalDrive3 Model Number: Maxtor2, Rev: 0344

PhysicalDrive2 Model Number: MaxtorBasics Desktop, Rev: 0122

PhysicalDrive4 Model Number: SeagateDesktop, Rev: 0130

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

298 GB \\.\PhysicalDrive3 RE: Unknown MBR code

SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6

1397 GB \\.\PhysicalDrive2

PurpleShark · May 11, 2011

Please go to: VirusTotal

On the page you'll find a Browse - button.

Click on the Browse button.

I can`t see a browse button on the page that opens, sorry if I`m being blind...

heir · May 11, 2011

Immediately to the right of the rectangular box above the text Send it over SSL

PurpleShark · May 12, 2011

Ok, does that scan take a while? Where will the results come up?

heir · May 12, 2011

In the same browser window. Just copy the URL in the address field in your browser.

PurpleShark · May 12, 2011

https://www.virustotal.com/file-scan/report.html?id=f07e8b5d1c455cf0303498cf81cbab56f158301dc04d6bd346bc34dcc0a5d7a6-1305158233

PurpleShark · May 12, 2011

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by user at 1:11:17.86 on 12/05/2011

Internet Explorer: 9.0.8112.16421

Microsoft

PurpleShark · May 12, 2011

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft

heir · May 12, 2011

This is strange.

You have four harddisks connected to that computer

C: <<<< ---- The drive that Vista Home is installed on.

G: <<<< ---- This drive indicates it has Windows XP installed on it (or have had)

E: and H: <<<< ---- Indicates there is unknown bootcode in mbr on each of them.

Is this a multiboot system?

C:\Users\user\Downloads\MBRCheck.exe

You didn't save that tool to your desktop as I asked you to.

You need to read the instructions carefully and follow them.

We are going to use that tool again and it needs to be on the desktop.

Please move it to the desktop.

Step 1.

Bootcheck:

Please download BootCheck.exe to your desktop.

Double click BootCheck.exe to run the check
When complete, a Notepad window will open with some text in it
Save the Notepad file to your desktop as BootCheck.txt
Copy the contents of BootCheck.txt and post it in your next reply

Step 2.

MBR backup:

Open notepad and copy/paste the text in the codebox below into it:

MBRCheck -s 0 -d MBRbckp0.dat
MBRCheck -s 2 -d MBRbckp2.dat
MBRCheck -s 3 -d MBRbckp3.dat
MBRCheck -s 4 -d MBRbckp4.dat
del 0%

Save this as bmbr.bat

Choose to "Save type as - All Files"

Save it on your desktop.

It should look like this:

Double click on bmbr.bat & allow it to run

Four files MBRbckp0.dat, MBRbckp2.dat, MBRbckp3.dat and MBRbckp4.dat will be created on your desktop.

Zip the files and attach that zipped file in a reply.

Step 3.

Filescans:

Please go to: VirusTotal

On the page you'll find a Browse - button.
Click on the Browse button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
C:\Users\user\Desktop\MBRbckp0.dat
Next, click the Open button.
Then click the Send File - button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

Please repeat for the following files:

C:\Users\user\Desktop\MBRbckp2.dat

C:\Users\user\Desktop\MBRbckp3.dat

C:\Users\user\Desktop\MBRbckp4.dat

Step 4.

Things I would like to see in your reply:

Answer to the question in the beginning of this post.
The content of BootCheck.txt from step 1.
The zip-file with the four .dat-files from step 2 attached.
The links to the results for each of the four filescans in step 3.

I'll be back when all is posted.

PurpleShark · May 12, 2011

This is strange.
You have four harddisks connected to that computer
C: <<<< ---- The drive that Vista Home is installed on.
G: <<<< ---- This drive indicates it has Windows XP installed on it (or have had)
E: and H: <<<< ---- Indicates there is unknown bootcode in mbr on each of them.
Is this a multiboot system?
I have no idea. I had to add external hard drives to my computer as there wasn`t enough room on the OS to store my music & photos.
I don`t know how to create a zip drive, can I post the info on here for you?

PurpleShark · May 12, 2011

Step 1.

Bootcheck:

Please download BootCheck.exe to your desktop.

Double click BootCheck.exe to run the check

When complete, a Notepad window will open with some text in it

Save the Notepad file to your desktop as BootCheck.txt

Copy the contents of BootCheck.txt and post it in your next reply

I don`t know how to save this to my desktop as there is no choice given anywhere.

I can`t save the Notepad file to my desktop either as there is no choice given with it.

PurpleShark · May 12, 2011

Step 2.

MBR backup:

Open notepad and copy/paste the text in the codebox below into it:

MBRCheck -s 0 -d MBRbckp0.dat

MBRCheck -s 2 -d MBRbckp2.dat

MBRCheck -s 3 -d MBRbckp3.dat

MBRCheck -s 4 -d MBRbckp4.dat

del 0%

Save this as bmbr.bat

Choose to "Save type as - All Files"

Save it on your desktop.

It should look like this:

Double click on mbmr.bat & allow it to run

Four files MBRbckp0.dat, MBRbckp2.dat, MBRbckp3.dat and MBRbckp4.dat will be created on your desktop.

Zip the files and attach that zipped file in a reply.

I`ve saved this to the desktop & double-clicked it but it doesn`t do anything & there aren`t four files being created on the desktop.

heir · May 12, 2011

Please move it to the desktop.

Did you move

C:\Users\user\Downloads\MBRCheck.exe

to your desktop (C:\Users\user\Desktop\)

If not do as else my set of instructions won't work.

I don`t know how to save this to my desktop as there is no choice given anywhere.

Right-click and chose save as... then make sure that it is saved to the Desktop.

How to compress files or folders. If you first hold down the Ctrl-key and then select each file one at a time you'll be able to select all four then right-click on one of them and proceed with zipping them.

Please redo the steps and post the results.

PurpleShark · May 12, 2011

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft

PurpleShark · May 12, 2011

Antivirus Version Last Update Result

AhnLab-V3 2011.05.12.00 2011.05.11 -

AntiVir 7.11.7.249 2011.05.12 -

Antiy-AVL 2.0.3.7 2011.05.12 -

Avast 4.8.1351.0 2011.05.11 -

Avast5 5.0.677.0 2011.05.11 -

AVG 10.0.0.1190 2011.05.12 -

BitDefender 7.2 2011.05.12 -

CAT-QuickHeal 11.00 2011.05.12 -

ClamAV 0.97.0.0 2011.05.12 -

Commtouch 5.3.2.6 2011.05.12 -

Comodo 8672 2011.05.12 -

DrWeb 5.0.2.03300 2011.05.12 -

eSafe 7.0.17.0 2011.05.11 -

eTrust-Vet 36.1.8323 2011.05.12 -

F-Prot 4.6.2.117 2011.05.12 -

F-Secure 9.0.16440.0 2011.05.12 -

Fortinet 4.2.257.0 2011.05.12 -

GData 22 2011.05.12 -

Ikarus T3.1.1.103.0 2011.05.12 -

Jiangmin 13.0.900 2011.05.11 -

K7AntiVirus 9.103.4624 2011.05.11 -

Kaspersky 9.0.0.837 2011.05.11 -

McAfee 5.400.0.1158 2011.05.12 -

McAfee-GW-Edition 2010.1D 2011.05.12 -

Microsoft 1.6802 2011.05.12 -

NOD32 6115 2011.05.12 -

Norman 6.07.07 2011.05.12 -

nProtect 2011-05-12.01 2011.05.12 -

Panda 10.0.3.5 2011.05.11 -

PCTools 7.0.3.5 2011.05.12 -

Prevx 3.0 2011.05.12 -

Rising 23.57.02.05 2011.05.11 -

Sophos 4.65.0 2011.05.12 -

SUPERAntiSpyware 4.40.0.1006 2011.05.12 -

Symantec 20101.3.2.89 2011.05.12 -

TheHacker 6.7.0.1.195 2011.05.11 -

TrendMicro 9.200.0.1012 2011.05.12 -

TrendMicro-HouseCall 9.200.0.1012 2011.05.12 -

VBA32 3.12.16.0 2011.05.12 -

VIPRE 9258 2011.05.12 -

ViRobot 2011.5.12.4455 2011.05.12 -

VirusBuster 13.6.349.0 2011.05.11 -

Additional informationShow all

MD5 : 4abf18f18a86a11b75f0234e206f5870

SHA1 : a6a572e4a843e3851de653dc82e02469d654051d

SHA256: f07e8b5d1c455cf0303498cf81cbab56f158301dc04d6bd346bc34dcc0a5d7a6

heir · May 12, 2011

Please post the link to the result from VirusTotal not the result itself.

PurpleShark · May 12, 2011

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft

PurpleShark · May 12, 2011

http://www.virustotal.com/file-scan/report.html?id=f07e8b5d1c455cf0303498cf81cbab56f158301dc04d6bd346bc34dcc0a5d7a6-1305197992

I`m infected with Google Redirect virus, please help...

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information