Gogogoch

Members

View Profile See their activity

Posts
2
Joined
May 30, 2011
Last visited
June 3, 2011

Reputation

0 Neutral

Google Redirect - need help, please?

Gogogoch replied to Gogogoch's topic in Resolved Malware Removal Logs

Thanks screen317! I really appreciate your help. The logs are posted below. I didn't have my (Seagate) external hard drive plugged in when I ran the scans. I had to use use the hard drive on Sunday (after I noticed the Google Redirect Virus was on my computer again on Saturday night), but I didn't use Internet Explorer or connect to the web while the hard drive was plugged in. I think I either got the virus from a website on Saturday night or from the USB stick on which I'd had to transfer all my data when I had the system re-installed last week (I had the USB stick checked with an anti-virus though and it said it was clean). Could you advise me on whether it's necessary to run the Malware & DDS scans with the external hard drive plugged in, please? Is it possible that the virus could have affected that too? Thanks again! Here are the logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6722 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/06/2011 09:37:51 mbam-log-2011-06-01 (09-37-51).txt Scan type: Quick scan Objects scanned: 152998 Time elapsed: 3 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------DDS text from Notepad ------------------------------------- . DDS (Ver_11-05-19.01) - FAT32x86 Internet Explorer: 8.0.6001.18702 Run by Jamie at 9:39:03 on 2011-06-01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1523 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe SVCHOST.EXE C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe SVCHOST.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\eHome\ehRecvr.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe SVCHOST.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\DOCUME~1\Jamie\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jamie\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [LaunchApp] Alaunch mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe mRun: [<NO NAME>] mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe" mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe mRun: [LogitechCameraAssistant] c:\program files\acer\orbicam\CameraAssistant.exe mRun: [LogitechVideo[inspector]] c:\program files\acer\orbicam\InstallHelper.exe /inspect mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: cnet.com\download DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2011-5-26 16384] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] R1 MpKslc3ef466b;MpKslc3ef466b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{359d6942-cbd7-4b06-8836-8644f1a96776}\MpKslc3ef466b.sys [2011-6-1 28752] R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2011-5-26 16400] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-6-19 1097728] S1 MpKsl9278e72c;MpKsl9278e72c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba873dac-f767-4802-817b-45f5c0ac9df5}\mpksl9278e72c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba873dac-f767-4802-817b-45f5c0ac9df5}\MpKsl9278e72c.sys [?] S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2011-5-26 97808] S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2011-5-26 21648] S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2011-5-26 21904] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-5-26 32512] . =============== Created Last 30 ================ . 2011-06-01 08:29:41 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{359d6942-cbd7-4b06-8836-8644f1a96776}\MpKslc3ef466b.sys 2011-05-30 14:07:47 -------- d-----w- c:\documents and settings\jamie\application data\Malwarebytes 2011-05-30 14:07:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-30 14:07:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-05-30 14:07:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-30 14:07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-30 08:17:43 6962000 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{359d6942-cbd7-4b06-8836-8644f1a96776}\mpengine.dll 2011-05-30 08:10:01 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-05-30 08:10:01 -------- d-----w- c:\windows\system32\wbem\Repository 2011-05-28 15:22:08 -------- d-----w- c:\documents and settings\jamie\local settings\application data\Google 2011-05-27 14:41:18 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-05-27 14:41:18 215920 ----a-w- c:\windows\system32\muweb.dll 2011-05-27 14:41:18 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2011-05-26 19:24:47 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-05-26 19:21:48 -------- d-----w- c:\documents and settings\jamie\application data\Digidesign 2011-05-26 19:21:22 -------- d-----w- C:\Digidesign Databases 2011-05-26 19:21:13 -------- d-----w- c:\program files\common files\PACE Anti-Piracy 2011-05-26 19:21:13 -------- d-----w- c:\documents and settings\jamie\local settings\application data\PACE Anti-Piracy 2011-05-26 19:21:13 -------- d-----w- c:\documents and settings\jamie\application data\PACE Anti-Piracy 2011-05-26 19:21:13 -------- d-----w- c:\documents and settings\all users\application data\PACE Anti-Piracy 2011-05-26 19:16:27 -------- d-----w- c:\program files\InterLok 2011-05-26 19:16:25 -------- d-----w- c:\windows\Downloaded Installations 2011-05-26 19:16:20 16384 ----a-w- c:\windows\system32\drivers\DigiFilt.sys 2011-05-26 19:15:44 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-26 19:15:44 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys 2011-05-26 19:13:29 196608 ----a-w- c:\windows\system32\Digi32.dll 2011-05-26 19:08:40 -------- d-----w- c:\documents and settings\jamie\local settings\application data\Temp 2011-05-26 18:53:24 -------- d-----w- c:\documents and settings\jamie\local settings\application data\Adobe 2011-05-26 14:23:28 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-26 14:21:40 -------- d-----w- c:\program files\Microsoft Security Client 2011-05-26 13:30:52 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys 2011-05-26 13:13:32 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll 2011-05-26 13:13:32 32656 ----a-w- c:\windows\system32\msonpmon.dll 2011-05-26 13:11:58 -------- d-----w- c:\program files\common files\ODBC 2011-05-26 13:09:57 -------- d-----w- c:\windows\SHELLNEW 2011-05-26 13:09:44 -------- d-----w- c:\documents and settings\jamie\local settings\application data\Microsoft Help 2011-05-26 13:05:59 -------- d-sh--w- c:\documents and settings\jamie\IECompatCache 2011-05-26 13:05:48 -------- d-sh--w- c:\documents and settings\jamie\PrivacIE 2011-05-26 13:05:46 -------- d-sh--w- C:\Recycled 2011-05-26 13:04:45 -------- d-sh--w- c:\documents and settings\jamie\IETldCache 2011-05-26 12:56:26 -------- d-----w- c:\program files\MSXML 4.0 2011-05-26 12:54:50 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-05-26 12:54:37 -------- d-----w- c:\windows\ie8updates 2011-05-26 12:54:33 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2011-05-26 12:54:33 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll 2011-05-26 12:54:33 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-05-26 12:54:33 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2011-05-26 12:54:33 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll 2011-05-26 12:54:33 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2011-05-26 12:54:32 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll 2011-05-26 12:53:25 -------- d--h--w- c:\windows\ie8 2011-05-26 12:47:51 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2011-05-26 12:46:49 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-05-26 12:46:41 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-05-26 12:46:02 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-05-26 12:45:55 978944 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-05-26 12:45:55 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-05-26 12:45:22 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-05-26 12:44:51 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-05-26 12:43:43 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-05-26 12:43:40 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-05-26 12:43:40 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-05-26 12:43:34 293376 ------w- c:\windows\system32\browserchoice.exe 2011-05-26 12:43:16 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-05-26 12:42:34 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-05-26 12:40:58 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2011-05-26 12:40:47 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2011-05-26 12:40:33 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2011-05-26 12:39:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-05-26 12:39:48 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-05-26 11:49:48 -------- d-----w- c:\windows\ServicePackFiles 2011-05-26 11:47:04 19569 ----a-w- c:\windows\003065_.tmp 2011-05-26 11:32:45 -------- d-----w- c:\windows\system32\PreInstall 2011-05-26 11:31:19 -------- d-sh--w- c:\documents and settings\jamie\UserData 2011-05-26 11:16:57 -------- d-----w- c:\windows\system32\appmgmt 2011-05-26 11:10:11 -------- d-----w- c:\windows\Acer 2011-05-26 11:08:15 245824 ----a-r- c:\windows\Instexec.exe 2011-05-26 11:07:59 167936 ----a-w- c:\windows\system32\VxLib.dll 2011-05-26 11:07:59 1645320 ----a-w- c:\windows\system32\gdiplus.dll 2011-05-26 11:07:59 151552 ----a-w- c:\windows\system32\VLib.dll 2011-05-26 11:07:57 39424 ----a-w- c:\windows\system32\VxLibRes.dll 2011-05-26 11:07:57 -------- d-----w- c:\program files\Acer 2011-05-26 11:06:25 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe 2011-05-26 11:05:08 81920 ----a-w- c:\windows\system32\packet.dll 2011-05-26 11:05:08 61440 ----a-w- c:\windows\system32\WanPacket.dll 2011-05-26 11:05:08 233472 ----a-w- c:\windows\system32\wpcap.dll 2011-05-26 11:05:07 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys 2011-05-26 11:05:07 53299 ----a-w- c:\windows\system32\pthreadVC.dll 2011-05-26 11:05:07 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys 2011-05-26 11:05:07 32512 ----a-w- c:\windows\system32\drivers\npf.sys 2011-05-26 11:05:07 -------- d-----w- c:\program files\WinPCap 2011-05-26 11:04:46 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2011-05-26 11:03:07 61440 ----a-w- c:\windows\system32\acerGina.dll 2011-05-26 11:02:38 -------- d-----w- c:\program files\Launch Manager 2011-05-26 11:02:36 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL 2011-05-26 11:02:36 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS 2011-05-26 11:01:38 53248 ----a-w- c:\windows\system32\acpimof.dll 2011-05-26 11:01:38 225350 ----a-w- c:\windows\system32\Epm-Po.dll 2011-05-26 11:00:36 208896 ----a-w- c:\windows\system32\NVUNINST.EXE 2011-05-26 11:00:34 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll 2011-05-26 11:00:34 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll 2011-05-26 11:00:34 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe 2011-05-26 11:00:34 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll 2011-05-26 11:00:34 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll 2011-05-26 11:00:34 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll 2011-05-26 11:00:33 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll 2011-05-26 10:57:00 -------- d-----w- c:\windows\system32\SoftwareDistribution 2011-05-26 10:55:11 5504 ----a-w- c:\windows\system32\drivers\mstee.sys 2011-05-26 10:55:09 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2011-05-26 10:55:08 16384 ----a-w- c:\windows\system32\ipsink.ax 2011-05-26 10:55:08 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2011-05-26 10:55:07 11136 ----a-w- c:\windows\system32\drivers\slip.sys 2011-05-26 10:55:05 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys 2011-05-26 10:55:04 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys 2011-05-26 10:55:02 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys 2011-05-26 10:54:55 91136 ----a-w- c:\windows\system32\kswdmcap.ax 2011-05-26 10:54:55 61952 ----a-w- c:\windows\system32\kstvtune.ax 2011-05-26 10:54:55 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2011-05-26 10:54:55 43008 ----a-w- c:\windows\system32\ksxbar.ax 2011-05-26 10:54:55 28672 ----a-w- c:\windows\system32\vidcap.ax 2011-05-26 10:54:55 20992 ----a-w- c:\windows\system32\dshowext.ax 2011-05-26 10:54:30 208896 ----a-w- c:\windows\system32\nvudisp.exe 2011-05-26 10:54:30 -------- d-----w- c:\windows\nview 2011-05-26 10:53:11 180224 ----a-w- c:\windows\ADDITEM.EXE 2011-05-26 10:53:11 159821 ----a-w- c:\windows\EMEAPAGE.EXE . ==================== Find3M ==================== . 2011-05-26 10:53:12 179 ----a-w- c:\windows\HotFix.bat 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:12 1857920 ----a-w- c:\windows\system32\win32k.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST9120821A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x840D04D0]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x840d67f0]; MOV EAX, [0x840d686c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x84102AB8] 3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000087[0x84144140] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x84151940] \Driver\atapi[0x841D7F38] -> IRP_MJ_CREATE -> 0x840D04D0 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x840D031B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 9:39:36.75 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-05-19.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 26/05/2011 11:58:52 System Uptime: 01/06/2011 09:29:12 (0 hours ago) . Motherboard: Acer | | Grapevine Processor: Intel® Core2 CPU T5600 @ 1.83GHz | U1 | 1828/166mhz . ==== Disk Partitions ========================= . C: is FIXED (FAT32) - 53 GiB total, 31.761 GiB free. D: is FIXED (FAT32) - 54 GiB total, 53.556 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 26/05/2011 11:58:58 - System Checkpoint RP2: 26/05/2011 12:01:38 - Installed Acer ePower Management RP3: 26/05/2011 12:03:06 - Installed Acer eNet Management RP4: 26/05/2011 12:06:24 - Installed eRecovery RP5: 26/05/2011 12:07:17 - Installed Windows XP KB909667. RP6: 26/05/2011 12:07:56 - Installed Acer OrbiCam RP7: 26/05/2011 12:09:11 - Installed eDataSecurity RP8: 26/05/2011 12:16:20 - Removed Adobe Reader 7.0 RP9: 26/05/2011 12:32:25 - Software Distribution Service 3.0 RP10: 26/05/2011 12:47:07 - Installed Windows XP Service Pack 3. RP11: 26/05/2011 13:48:33 - Software Distribution Service 3.0 RP12: 26/05/2011 14:09:24 - Installed Microsoft Office Enterprise 2007 RP13: 26/05/2011 14:13:31 - Printer Driver Send To Microsoft OneNote Driver Installed RP14: 26/05/2011 15:23:27 - Software Distribution Service 3.0 RP15: 26/05/2011 20:05:28 - Installed Adobe Reader X (10.0.1). RP16: 26/05/2011 20:11:54 - Installed Pro Tools LE RP17: 26/05/2011 20:12:50 - Installed Digidesign Shared Plug-Ins RP18: 26/05/2011 20:13:04 - Installed Free Bomb Factory Plug-Ins RP19: 26/05/2011 20:24:04 - Software Distribution Service 3.0 RP20: 27/05/2011 15:47:48 - Unsigned driver install RP21: 27/05/2011 15:48:46 - Software Distribution Service 3.0 RP22: 27/05/2011 16:20:40 - Unsigned driver install RP23: 28/05/2011 16:47:38 - Software Distribution Service 3.0 RP24: 28/05/2011 22:03:47 - Software Distribution Service 3.0 RP25: 30/05/2011 08:50:52 - Software Distribution Service 3.0 RP26: 30/05/2011 09:08:34 - Restore Operation RP27: 30/05/2011 09:17:34 - Software Distribution Service 3.0 RP28: 30/05/2011 16:11:11 - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Acer eDataSecurity Management Acer eDataSecurity Management 1.00.26 Acer eLock Management Acer Empowering Technology framework Acer eNet Management Acer ePerformance Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer OrbiCam Driver Acer OrbiCam Software Acer Screensaver Adobe Reader X (10.0.1) Digidesign Free Bomb Factory Plug-Ins 7.4 Digidesign Pro Tools LE 7.4 Digidesign Shared Plug-Ins 7.4 HDAUDIO Soft Data Fax Modem with SmartCP High Definition Audio Driver Package - KB888111 Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB976002-v5) Intel® PROSet/Wireless Software Interlok driver setup x32 Launch Manager Learn2 Player (Uninstall Only) LightScribe 1.4.97.1 Malwarebytes' Anti-Malware mCore Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft Antimalware Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 mMHouse mPfMgr mProSafe MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) mWlsSafe mXML NTI Backup NOW! 4.5 NTI CD & DVD-Maker NVIDIA Drivers Otto PowerDVD PowerProducer QuickTime RealPlayer Basic Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2466156) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2464583) Security Update for Microsoft Office Groove 2007 (KB2494047) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Sonic Encoders Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2509470) Update for Outlook 2007 Junk Email Filter (KB2536413) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Viewpoint Media Player WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format Runtime Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB912067 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 30/05/2011 09:10:49, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 29/05/2011 17:02:18, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 29/05/2011 17:02:18, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running. 27/05/2011 21:58:02, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.593.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 27/05/2011 18:30:33, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} 27/05/2011 15:24:24, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0018DE6BABE8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 26/05/2011 19:10:46, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0016D4585CFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 26/05/2011 19:07:20, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE6BABE8. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 26/05/2011 18:19:19, error: Dhcp [1002] - The IP address lease 172.27.192.61 for the Network Card with network address 0016D4585CFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 26/05/2011 17:58:00, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 26/05/2011 14:39:59, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983} . ==== End Of File ===========================
- June 1, 2011
- 5 replies
Google Redirect - need help, please?

Gogogoch posted a topic in Resolved Malware Removal Logs

Hi, I'd like to ask for some help. I've had the Google Redirect Virus for a week or so. Had Windows XP Recovery Virus last week and was forced to have the whole computer wiped and the system reinstalled. Now the Google Redirect is back. I feel like I'm going round in circles reading all the various suggestions on how to get rid of it. I've run Microsoft Security Essentials (which found nothing) and done two scans with Malwarebytes (which also found nothing) but I'm still gettting redirected. I realise the Google Redirect virus has been covered in other threads but they appear to have different info. in them and I'm totally confused as to what to do next. Can anyone help, please? I'd be most grateful. Thanks
- May 30, 2011
- 5 replies

Sign In

Gogogoch

Posts

Joined

Last visited

Reputation

Google Redirect - need help, please?

Google Redirect - need help, please?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information