Jump to content

google redirect


Recommended Posts

started today, i don't think i had downloaded anything or gone to any shifty sites but i must have. :( i'm a bit noob at this, but hopefully someone can help me out since i got this virus on boyfriend's computer he's lending to me. redirects most google search results to random ad sites.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Owner at 18:59:52 on 2011-10-12

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4031.1223 [GMT -4:00]

.

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\nvvsvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

C:\windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskeng.exe

C:\Fraps\fraps.exe

C:\windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe

C:\Fraps\fraps64.dat

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\NCsoft\Aion\bin32\aion.bin

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\calc.exe

C:\windows\system32\mspaint.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Users\Owner\Downloads\Defogger.exe

C:\windows\system32\conhost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

uRun: [PlayNC Launcher]

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{90035923-9D28-425A-BDC4-BC4EC649A134} : DhcpNameServer = 168.94.0.15 168.94.0.14

TCP: Interfaces\{C6BD0D00-2DD3-4D1E-87BC-9054547BF4FF} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C6BD0D00-2DD3-4D1E-87BC-9054547BF4FF}\1717D6F61627 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C6BD0D00-2DD3-4D1E-87BC-9054547BF4FF}\34F6D666F627470294E6E60223E6460264C6F6F627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C6BD0D00-2DD3-4D1E-87BC-9054547BF4FF}\3554D48433 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C6BD0D00-2DD3-4D1E-87BC-9054547BF4FF}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C6BD0D00-2DD3-4D1E-87BC-9054547BF4FF}\B6E69676864737F66676F6F646 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C6BD0D00-2DD3-4D1E-87BC-9054547BF4FF}\F4365616E60224561636860284F64756C6 : DhcpNameServer = 66.146.160.13 66.209.96.106

TCP: Interfaces\{C6BD0D00-2DD3-4D1E-87BC-9054547BF4FF}\F62686F64756C6 : DhcpNameServer = 68.105.28.16 68.105.29.16

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gectyznf.default\

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: XUL Cache: {2759983f-aea1-4d04-b045-9bedd756ef39} - %profile%\extensions\{2759983f-aea1-4d04-b045-9bedd756ef39}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS [?]

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys [2011-1-5 641584]

R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys --> C:\windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys [2011-1-5 467504]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS [?]

R1 SYMTDIV;Symantec Vista Network Dispatch Driver;C:\windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS --> C:\windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-5 13336]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2011-1-5 126392]

R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]

R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]

R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-5 2314240]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-5 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-18 135664]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-18 135664]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-10-12 22:02:54 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-10-12 21:59:43 173104 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2011-10-12 21:59:39 -------- d-----w- C:\Program Files\Symantec

2011-10-12 21:59:39 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2011-10-12 21:59:23 -------- d-----w- C:\Program Files (x86)\Avira

2011-10-12 19:50:49 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF77F316-9C51-403D-89D6-4602A7A55544}\offreg.dll

2011-10-12 19:39:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2011-10-12 19:39:38 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-12 19:39:35 25416 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-10-12 19:39:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-12 19:35:09 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com

2011-10-12 19:34:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-10-12 19:34:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-10-12 15:05:19 100352 ----a-w- C:\windows\SysWow64\srrstr.dll

2011-10-09 02:27:05 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF77F316-9C51-403D-89D6-4602A7A55544}\mpengine.dll

.

==================== Find3M ====================

.

2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll

2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll

2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll

2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll

2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe

2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll

2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe

2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 19:00:55.86 ===============

ark.txt

Attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.