Google Redirect Virus

divinetiger · June 27, 2011

RkU Version: 3.8.389.593, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #1

==============================================

>Drivers

==============================================

0x96631000 C:\windows\system32\DRIVERS\igdkmd32.sys 6430720 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x82C11000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)

0x82C11000 PnpManager 4259840 bytes

0x82C11000 RAW 4259840 bytes

0x82C11000 WMIxWDM 4259840 bytes

0x81E05000 C:\windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x82650000 Win32k 2404352 bytes

0x82650000 C:\windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8E64A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110626.002\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)

0x8901B000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)

0x88E04000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)

0x82100000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes

0x88A1B000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x93B23000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys 827392 bytes (Symantec Corporation, BASH Driver)

0x88C18000 C:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS 765952 bytes (Symantec Corporation, Symantec Extended File Attributes)

0x96C53000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x88CD3000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)

0x832F2000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)

0x98F58000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x89352000 C:\windows\system32\drivers\NAV\1206000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)

0x98E17000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8321F000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x88807000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x8923B000 C:\windows\system32\DRIVERS\RTL8187B.sys 413696 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)

0x93A75000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)

0x88F71000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)

0x93A18000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys 380928 bytes (Symantec Corporation, IDS Core Driver)

0x90E16000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x88B68000 C:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)

0xAF45B000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)

0xAF40C000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x90F0A000 C:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS 323584 bytes (Symantec Corporation, Network Security Driver)

0x96D4E000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x88955000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x88886000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)

0x833A6000 C:\windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32)

0x892A0000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x98388000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x832B0000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)

0x90F59000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x89195000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x88D8A000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)

0x98EEA000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x96D0A000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)

0x83021000 ACPI_HAL 225280 bytes

0x83021000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x88B34000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x98346000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)

0x9823C000 C:\windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)

0x889CB000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)

0x90E70000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x89164000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x820A1000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x88BD0000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)

0x96DC7000 C:\windows\system32\DRIVERS\Rt86win7.sys 180224 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )

0x88F33000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x888F7000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x8E624000 C:\windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)

0x89216000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)

0x88DC8000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)

0x893D8000 C:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)

0x88AFE000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x98EC7000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x982DC000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x90FCF000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)

0x90FAE000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8E600000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x89333000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x96DA8000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x90EA9000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x828E0000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)

0x93AD3000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)

0x983DD000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x98F25000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x98200000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x98E9C000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x820D0000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)

0x93AFD000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x96600000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)

0x982B9000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x982FE000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x98316000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x9832D000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x88C00000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)

0x889A0000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)

0x8E7C1000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110626.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)

0x88F5E000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x93BED000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x90EE7000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x982A7000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)

0x98288000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)

0x98EB5000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x89000000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x821DA000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes

0x88BBF000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x983CC000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x88921000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)

0x83297000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x90EC8000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)

0x9821A000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x891E1000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)

0x9822A000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x90EFA000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)

0x88945000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)

0x96D99000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x93B15000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)

0x90ED9000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x88DED000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x889BD000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x88FCE000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)

0x9837A000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x88878000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x9829A000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)

0x820F3000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x96618000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)

0x888EA000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter)

0x98271000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)

0x98E00000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8E7EF000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x93AF1000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)

0x8E7E3000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8893A000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)

0x821EB000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)

0x88FED000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x982D1000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x89200000 C:\windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)

0x88A00000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x96D43000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x888DF000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)

0x820E9000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x88B21000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)

0x90FA4000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x90F9A000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x98FEF000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x9827E000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)

0x821F6000 C:\windows\System32\drivers\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)

0x88B2B000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)

0x88AF5000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0xAF517000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)

0x88FDC000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x828B0000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x888CE000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x832A8000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x88932000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)

0x891F1000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)

0x80BC3000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)

0x888D7000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8920B000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x89011000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)

0x88FE5000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)

0x891D9000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x8E7DC000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8E7D5000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x889B6000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x90EA2000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)

0x891D4000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)

0x96DF3000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x98344000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x9826F000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

0x86722A91 Unknown page with executable code, 1391 bytes

0x89195000 WARNING: Virus alike driver modification [volsnap.sys], 258048 bytes

0x86721288 Unknown page with executable code, 3448 bytes

0x86723191 Unknown page with executable code, 3695 bytes

0x86725E7A Unknown thread object [ ETHREAD 0x86A4E7F0 ] TID: 308, 600 bytes

0x86728008 Unknown thread object [ ETHREAD 0x86A51020 ] TID: 312, 600 bytes

0x86727CDC Unknown page with executable code, 804 bytes

==============================================

>Files

==============================================

>Hooks

==============================================

[3256]iexplore.exe-->kernel32.dll+0x000385A2, Type: Inline - RelativeJump 0x775A85A2-->02A60266 [unknown_code_page]

[3256]iexplore.exe-->kernel32.dll+0x0005060F, Type: Inline - RelativeJump 0x775C060F-->02A6031C [unknown_code_page]

[3256]iexplore.exe-->kernel32.dll+0x00052A52, Type: Inline - RelativeJump 0x775C2A52-->02A60488 [unknown_code_page]

[3256]iexplore.exe-->kernel32.dll+0x000685BC, Type: Inline - RelativeJump 0x775D85BC-->02A601B0 [unknown_code_page]

[3256]iexplore.exe-->kernel32.dll-->HeapCreate, Type: Inline - RelativeJump 0x775C2A57-->775C2A52 [kernel32.dll]

[3256]iexplore.exe-->kernel32.dll-->SetProcessDEPPolicy, Type: Inline - RelativeJump 0x775A85A7-->775A85A2 [kernel32.dll]

[3256]iexplore.exe-->kernel32.dll-->TerminateProcess, Type: Inline - RelativeJump 0x775B50A6-->02A603D2 [unknown_code_page]

[3256]iexplore.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x775C0614-->775C060F [kernel32.dll]

[3256]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x775B50AB-->775B50A6 [kernel32.dll]

[3256]iexplore.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x775D85C1-->775D85BC [kernel32.dll]

[3256]iexplore.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x77D84ED0-->02A6003A [unknown_code_page]

[3256]iexplore.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77D85920-->02A600F7 [unknown_code_page]

[3256]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7798CC8F-->70959D94 [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77990E51-->70968197 [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x779CD29C-->70A8FF3B [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x779B4AA7-->70A8FED8 [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x779CCF6A-->70A8FE75 [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x779B564A-->70884BA7 [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x779DEA29-->70A8FD3D [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x779DEA4D-->70A8FCDB [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x779DE8C9-->70A8FE0A [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x779DE9C3-->70A8FD9F [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7799210A-->7091463B [ieframe.dll]

[3256]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7798CC7B-->709783A2 [ieframe.dll]

[3256]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersA, Type: Inline - RelativeJump 0x77669ABA-->00586A90 [unknown_code_page]

[3256]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersW, Type: Inline - RelativeJump 0x77670848-->00586C90 [unknown_code_page]

[3256]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76623BED-->0068000A [unknown_code_page]

[3256]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x766248BE-->0067000A [unknown_code_page]

[3256]iexplore.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x76626737-->0176000A [unknown_code_page]

[3256]iexplore.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x76637133-->0175000A [unknown_code_page]

[3256]iexplore.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x766247DF-->0066000A [unknown_code_page]

[3256]iexplore.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x7662C4C8-->0069000A [unknown_code_page]

[740]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77990E51-->70968197 [ieframe.dll]

[740]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x779CD29C-->70A8FF3B [ieframe.dll]

[740]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x779B4AA7-->70A8FED8 [ieframe.dll]

[740]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x779CCF6A-->70A8FE75 [ieframe.dll]

[740]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x779B564A-->70884BA7 [ieframe.dll]

[740]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x779DEA29-->70A8FD3D [ieframe.dll]

[740]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x779DEA4D-->70A8FCDB [ieframe.dll]

[740]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x779DE8C9-->70A8FE0A [ieframe.dll]

[740]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x779DE9C3-->70A8FD9F [ieframe.dll]

[740]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersA, Type: Inline - RelativeJump 0x77669ABA-->00196A90 [unknown_code_page]

[740]iexplore.exe-->wininet.dll-->HttpAddRequestHeadersW, Type: Inline - RelativeJump 0x77670848-->00196C90 [unknown_code_page]

[740]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76623BED-->0067000A [unknown_code_page]

[740]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x766248BE-->0066000A [unknown_code_page]

[740]iexplore.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x76626737-->006A000A [unknown_code_page]

[740]iexplore.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x76637133-->0069000A [unknown_code_page]

[740]iexplore.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x766247DF-->0065000A [unknown_code_page]

[740]iexplore.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x7662C4C8-->0068000A [unknown_code_page]

D-FRED-BROWN · June 27, 2011

Excellent. We are making progress.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind
volsnap.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

divinetiger · June 27, 2011

SystemLook 04.09.10 by jpshortstuff

Log created at 18:20 on 26/06/2011 by Joe

Administrator - Elevation successful

========== filefind ==========

Searching for "volsnap.sys"

C:\Windows\System32\drivers\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD

C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD

-= EOF =-

D-FRED-BROWN · June 27, 2011

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
Fcopy::
C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys | C:\Windows\System32\drivers\volsnap.sys
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how your system is running now.

divinetiger · June 27, 2011

ComboFix 11-06-26.01 - Joe 06/26/2011 18:44:13.2.1 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.994 [GMT -7:00]

Running from: c:\users\Joe\Desktop\ComboFix.exe

Command switches used :: c:\users\Joe\Desktop\CFScript.txt.txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

--------------- FCopy ---------------

.

c:\windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys --> c:\windows\System32\drivers\volsnap.sys

.

((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))

.

2011-06-27 01:50 . 2011-06-27 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-26 20:46 . 2011-01-17 17:50 333176 ----a-w- c:\windows\Listdlls.exe

2011-06-26 20:46 . 2011-05-17 19:48 423288 ----a-w- c:\windows\handle.exe

2011-06-17 03:12 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-13 04:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-06-13 04:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-06-13 04:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-06-13 04:12 . 2011-06-13 04:12 -------- d-----w- c:\windows\en

2011-06-13 04:09 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-06-13 04:09 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-06-13 04:09 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-13 04:09 . 2011-06-13 04:09 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6667f951cc297f2b\InstallManager_WLE_WLE.exe

2011-06-13 04:08 . 2011-06-13 04:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\9b525dc01cc297f20\MeshBetaRemover.exe

2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DSETUP.dll

2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DXSETUP.exe

2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\dsetup32.dll

2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DSETUP.dll

2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DXSETUP.exe

2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\dsetup32.dll

2011-06-13 04:07 . 2011-06-26 19:18 -------- d-----w- c:\users\Joe\AppData\Local\Windows Live

2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes

2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\programdata\Malwarebytes

2011-06-12 07:55 . 2011-06-17 03:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-10 17:46 . 2011-06-13 05:27 -------- d-----w- c:\users\Joe\AppData\Local\NPE

2011-06-10 17:30 . 2011-06-23 07:03 -------- d-----w- c:\users\Joe\AppData\Local\Diagnostics

2011-06-10 17:23 . 2011-06-17 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-01 02:36 . 2011-06-01 02:38 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-06-01 02:36 . 2011-06-01 02:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-06-01 02:36 . 2011-06-01 02:36 -------- d-----w- c:\program files\Symantec

2011-06-01 02:35 . 2011-06-01 02:36 -------- d-----w- c:\windows\system32\drivers\NAV

2011-06-01 02:35 . 2011-06-01 02:35 -------- d-----w- c:\program files\Norton AntiVirus

2011-06-01 02:23 . 2011-06-01 02:41 -------- d-----w- c:\program files\NortonInstaller

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-13 04:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-05-09 20:46 . 2011-05-27 20:15 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E61626E-1B97-4281-AC50-341E30FF6E65}\mpengine.dll

2011-04-22 19:36 . 2011-05-27 20:15 26496 ---ha-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-09 06:13 . 2011-05-11 21:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 21:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-19 19:02 123904 ----a-w- c:\windows\system32\poqexec.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys [2011-06-03 367736]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-03-22 296568]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-01 105592]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-01 374272]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc27946295572c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41]

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc279463d1ee30.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41]

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4184)

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\taskhost.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\program files\Internet Explorer\iexplore.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\windows\system32\igfxext.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

.

**************************************************************************

.

Completion time: 2011-06-26 18:56:29 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-27 01:56

ComboFix2.txt 2011-06-26 19:00

.

Pre-Run: 206,352,523,264 bytes free

Post-Run: 206,393,671,680 bytes free

.

- - End Of File - - 12ED9447AD9D0C56F8F66F5699A69577

D-FRED-BROWN · June 27, 2011

Before we move on, are you still experiencing any redirects or other symptoms?

divinetiger · June 27, 2011

still getting redirects...

D-FRED-BROWN · June 27, 2011

Try running TDSSKiller.exe now. Let me know if it works.

divinetiger · June 27, 2011

TDSSKiller.exe still not working...

D-FRED-BROWN · June 27, 2011

Please download the following file to your Desktop: https://docs.google.com/leaf?id=0ByCM84n1V7VxMDcxOWYzYjItODdjZi00ODdjLWI2MTQtYjFlNDhjZDExNzk3&hl=en_US&authkey=CMP-mgM

Do NOT do anything with it.

Make sure the file is located at: c:\users\Joe\Desktop\volsnap.sys

Then, please do the following:

--------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
Fcopy::
c:\users\Joe\Desktop\volsnap.sys | C:\Windows\System32\drivers\volsnap.sys
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how your system is running now.

D-FRED-BROWN · June 27, 2011

Also, are the redirects specific to Firefox. Internet Explorer, or both?

divinetiger · June 27, 2011

I'm using explorer only. It happens with any search engine results. I can navigate directly to a web site if I know the exact address.

ComboFix 11-06-26.01 - Joe 06/26/2011 20:21:03.3.1 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1174 [GMT -7:00]

Running from: c:\users\Joe\Desktop\ComboFix.exe

Command switches used :: c:\users\Joe\Desktop\CFScript.txt.txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Joe\volsnap.sys

.

((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))

.

2011-06-27 03:27 . 2011-06-27 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp