Google Redirect Virus

Page 1 of 7 1, 2, 3, 4, 5, 6, 7  Next

View previous topic View next topic Go down

Google Redirect Virus

Post by jay_b on Mon 11 Jul 2011, 5:24 pm


Hi All

I am also having a Google link redirect problem. I've tried running Malwarebytes, it comes back clean but the problem persists

Any help would be very much appreciated.

jay_b

jay_b

Rookie Surfer
Rookie Surfer

Posts: 63
Joined: 2011-06-23
Operating System: xp

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by Kenny94 on Tue 12 Jul 2011, 5:31 am

Hi jay_b and Welcome to GeekPolice!

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    • DDS.scr
    • DDS.pif

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.


  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt






Kenny94

Tech Officer
Tech Officer

Posts: 2019
Joined: 2010-04-22
Operating System: Windows 7

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by jay_b on Tue 12 Jul 2011, 11:13 am

hi Kenny94

Thanks for this. Unfortunately when i run DDS it freezes my computer up after around 75% completetion and i then have to reboot

jay_b

jay_b

Rookie Surfer
Rookie Surfer

Posts: 63
Joined: 2011-06-23
Operating System: xp

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by Kenny94 on Tue 12 Jul 2011, 11:45 am

You may have corrupted files on your disk. Please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK
Code:
CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Then run DDS and copy and paste the logs please.




Kenny94

Tech Officer
Tech Officer

Posts: 2019
Joined: 2010-04-22
Operating System: Windows 7

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by jay_b on Tue 12 Jul 2011, 12:29 pm

Kenny94 wrote:You may have corrupted files on your disk. Please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK
Code:
CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Then run DDS and copy and paste the logs please.


Completed as requested but still have the same problem when running DSS, it freezes and am unable to continue with any functions

jay_b

Rookie Surfer
Rookie Surfer

Posts: 63
Joined: 2011-06-23
Operating System: xp

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by Kenny94 on Tue 12 Jul 2011, 1:58 pm

unable to continue with any functions
Other than search redirections and freezes. Can you post the other issues you are having for me?


Update Run Malwarebytes



  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Kenny94

Tech Officer
Tech Officer

Posts: 2019
Joined: 2010-04-22
Operating System: Windows 7

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by jay_b on Tue 12 Jul 2011, 9:37 pm

indows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/07/2011 20:43:57
mbam-log-2011-07-12 (20-43-57).txt

Scan type: Quick scan
Objects scanned: 175818
Time elapsed: 23 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{DA0C93A9-EDC5-3DE4-8739-F3F176F54AAD} (Trojan.ZbotR.Gen) -> Value: {DA0C93A9-EDC5-3DE4-8739-F3F176F54AAD} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\abbeyfield\local settings\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\abbeyfield\local settings\temporary internet files\Content.IE5\0C141UMJ\windows-update-sp3-kb93153-setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\abbeyfield\application data\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\abbeyfield\local settings\Temp\0.15735610579295667.exe (Exploit.Drop.2) -> Delete on reboot.
c:\documents and settings\abbeyfield\local settings\Temp\0.7029722626396282.exe (Exploit.Drop.2) -> Delete on reboot.
c:\documents and settings\abbeyfield\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\abbeyfield\application data\Adobe\plugs\mmc50.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\abbeyfield\application data\Adobe\plugs\mmc583921.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\abbeyfield\application data\Adobe\plugs\mmc600750.txt (Trojan.Agent.Gen) -> Delete on reboot.
c:\documents and settings\abbeyfield\application data\Arqiok\orsiu.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

jay_b

Rookie Surfer
Rookie Surfer

Posts: 63
Joined: 2011-06-23
Operating System: xp

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by Kenny94 on Tue 12 Jul 2011, 9:55 pm

I don't like to go in blindly without looking at the DDS log. But we'll run it later. Be sure to reboot your computer before you run ComboFix

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
---------------------------------------------------------------------------------------------



  1. Download ComboFix from below:

    Combofix download


    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here

  3. Double click on combofix.exe & follow the prompts.

  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.

  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  6. When finished, it shall produce a log for you. Post that log (C:\ComboFix.txt) in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------



Kenny94

Tech Officer
Tech Officer

Posts: 2019
Joined: 2010-04-22
Operating System: Windows 7

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by jay_b on Wed 13 Jul 2011, 8:39 pm

I have run combofix but i receive the following message

[You are infected with Rootkit.ZeroAccess! It has inserted itself into the
tcp/ip stack. This is a particularly difficult infection.

if for any reason that you're unable to connect to the internet after running ComboFix,
reboot once and see if that fixes it

If its not fixed run ComboFix one more time]


It does not seem to complete the scan. I have run several times up to 1.5 hours with no results. I then have to reboot

Sorry i could not copy message box from screen

jay_b

Rookie Surfer
Rookie Surfer

Posts: 63
Joined: 2011-06-23
Operating System: xp

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by Kenny94 on Thu 14 Jul 2011, 2:42 am

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:
  • Copy and paste the contents of that file in your next reply.



Kenny94

Tech Officer
Tech Officer

Posts: 2019
Joined: 2010-04-22
Operating System: Windows 7

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by jay_b on Fri 15 Jul 2011, 9:31 pm

011/07/15 21:17:05.0281 4048 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/15 21:17:05.0703 4048 ================================================================================
2011/07/15 21:17:05.0703 4048 SystemInfo:
2011/07/15 21:17:05.0703 4048
2011/07/15 21:17:05.0703 4048 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/15 21:17:05.0703 4048 Product type: Workstation
2011/07/15 21:17:05.0703 4048 ComputerName: ABEXL0002
2011/07/15 21:17:05.0703 4048 UserName: abbeyfield
2011/07/15 21:17:05.0703 4048 Windows directory: C:\WINDOWS
2011/07/15 21:17:05.0703 4048 System windows directory: C:\WINDOWS
2011/07/15 21:17:05.0703 4048 Processor architecture: Intel x86
2011/07/15 21:17:05.0703 4048 Number of processors: 1
2011/07/15 21:17:05.0703 4048 Page size: 0x1000
2011/07/15 21:17:05.0703 4048 Boot type: Normal boot
2011/07/15 21:17:05.0703 4048 ================================================================================
2011/07/15 21:17:07.0656 4048 Initialize success
2011/07/15 21:17:11.0031 0128 ================================================================================
2011/07/15 21:17:11.0031 0128 Scan started
2011/07/15 21:17:11.0031 0128 Mode: Manual;
2011/07/15 21:17:11.0031 0128 ================================================================================
2011/07/15 21:17:13.0078 0128 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/15 21:17:13.0156 0128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/15 21:17:13.0250 0128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/15 21:17:13.0312 0128 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/15 21:17:13.0390 0128 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/15 21:17:13.0718 0128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/15 21:17:13.0781 0128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/15 21:17:13.0921 0128 ati2mtag (8eb17cf829df300cc885651cfeaf931c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/15 21:17:14.0125 0128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/15 21:17:14.0203 0128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/15 21:17:14.0265 0128 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/07/15 21:17:14.0343 0128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/15 21:17:14.0625 0128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/15 21:17:14.0687 0128 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/15 21:17:14.0812 0128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/15 21:17:14.0890 0128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/15 21:17:14.0937 0128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/15 21:17:15.0000 0128 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/07/15 21:17:15.0093 0128 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/15 21:17:15.0203 0128 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/15 21:17:15.0406 0128 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2011/07/15 21:17:15.0437 0128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/15 21:17:15.0531 0128 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/15 21:17:15.0765 0128 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/15 21:17:15.0812 0128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/15 21:17:15.0875 0128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/15 21:17:15.0968 0128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/15 21:17:16.0046 0128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/15 21:17:16.0109 0128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/15 21:17:16.0171 0128 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/07/15 21:17:16.0234 0128 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/15 21:17:16.0265 0128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/15 21:17:16.0312 0128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/15 21:17:16.0375 0128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/15 21:17:16.0406 0128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/15 21:17:16.0468 0128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/15 21:17:16.0656 0128 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/15 21:17:16.0765 0128 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/15 21:17:16.0843 0128 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/15 21:17:16.0906 0128 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/15 21:17:17.0000 0128 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/15 21:17:17.0109 0128 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2011/07/15 21:17:17.0343 0128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/15 21:17:17.0500 0128 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/15 21:17:17.0640 0128 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/15 21:17:17.0859 0128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/15 21:17:17.0953 0128 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/15 21:17:18.0000 0128 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/15 21:17:18.0031 0128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/15 21:17:18.0078 0128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/15 21:17:18.0125 0128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/15 21:17:18.0187 0128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/15 21:17:18.0234 0128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/15 21:17:18.0281 0128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/15 21:17:18.0328 0128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/15 21:17:18.0359 0128 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/15 21:17:18.0421 0128 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/15 21:17:18.0453 0128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/15 21:17:18.0640 0128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/15 21:17:18.0750 0128 ldblank (fc9bd3d862fa66c19826d05cb15c245b) C:\WINDOWS\system32\DRIVERS\ldblank.sys
2011/07/15 21:17:18.0781 0128 ldmirror (f4a55732a6996cb64a1b7080b5871de8) C:\WINDOWS\system32\DRIVERS\ldmirror.sys
2011/07/15 21:17:18.0859 0128 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/07/15 21:17:18.0921 0128 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/07/15 21:17:19.0000 0128 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/07/15 21:17:19.0390 0128 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/07/15 21:17:19.0812 0128 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/15 21:17:19.0890 0128 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/15 21:17:20.0000 0128 mirrorflt (5eea9d31e405c2a7716a596f068ecec8) C:\WINDOWS\system32\DRIVERS\mirrorflt.sys
2011/07/15 21:17:20.0062 0128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/15 21:17:20.0125 0128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/15 21:17:20.0156 0128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/15 21:17:20.0218 0128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/15 21:17:20.0265 0128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/15 21:17:20.0406 0128 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/15 21:17:20.0484 0128 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/15 21:17:20.0546 0128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/15 21:17:20.0812 0128 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/15 21:17:20.0906 0128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/15 21:17:20.0953 0128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/15 21:17:20.0984 0128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/15 21:17:21.0046 0128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/15 21:17:21.0093 0128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/15 21:17:21.0171 0128 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/15 21:17:21.0203 0128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/15 21:17:21.0281 0128 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/15 21:17:21.0328 0128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/15 21:17:21.0375 0128 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/15 21:17:21.0421 0128 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/15 21:17:21.0578 0128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/15 21:17:21.0609 0128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/15 21:17:21.0687 0128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/15 21:17:21.0734 0128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/15 21:17:21.0812 0128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/15 21:17:21.0890 0128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/15 21:17:21.0953 0128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/15 21:17:22.0062 0128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/15 21:17:22.0140 0128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/15 21:17:22.0281 0128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/15 21:17:22.0343 0128 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/15 21:17:22.0375 0128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/15 21:17:22.0421 0128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/15 21:17:22.0453 0128 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/15 21:17:22.0562 0128 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/15 21:17:22.0609 0128 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/15 21:17:22.0843 0128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/15 21:17:22.0890 0128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/15 21:17:22.0906 0128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/15 21:17:22.0953 0128 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/15 21:17:23.0078 0128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/15 21:17:23.0140 0128 Rasl2tp (b89e278024fa3782f294f12c2b35d701) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/15 21:17:23.0140 0128 Rasl2tp - detected Rootkit.Win32.ZAccess.c (0)
2011/07/15 21:17:23.0250 0128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/15 21:17:23.0421 0128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/15 21:17:23.0671 0128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/15 21:17:24.0015 0128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/15 21:17:24.0500 0128 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/15 21:17:24.0562 0128 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/15 21:17:24.0656 0128 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/15 21:17:24.0781 0128 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/15 21:17:24.0843 0128 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/15 21:17:24.0921 0128 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/07/15 21:17:25.0171 0128 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ABBEYF~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2011/07/15 21:17:25.0234 0128 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ABBEYF~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2011/07/15 21:17:25.0421 0128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/15 21:17:25.0500 0128 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/15 21:17:25.0546 0128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/15 21:17:25.0609 0128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/15 21:17:25.0718 0128 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/15 21:17:25.0812 0128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/15 21:17:25.0859 0128 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/15 21:17:25.0937 0128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/15 21:17:26.0062 0128 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2011/07/15 21:17:26.0234 0128 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/15 21:17:26.0265 0128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/15 21:17:26.0312 0128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/15 21:17:26.0468 0128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/15 21:17:26.0578 0128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/15 21:17:26.0640 0128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/15 21:17:26.0687 0128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/15 21:17:26.0734 0128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/15 21:17:26.0859 0128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/15 21:17:27.0015 0128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/15 21:17:27.0421 0128 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/15 21:17:27.0468 0128 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/15 21:17:27.0531 0128 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/15 21:17:27.0593 0128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/15 21:17:27.0656 0128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/15 21:17:27.0718 0128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/15 21:17:27.0750 0128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/15 21:17:27.0781 0128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/15 21:17:27.0828 0128 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/15 21:17:27.0875 0128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/15 21:17:28.0062 0128 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/15 21:17:28.0281 0128 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/07/15 21:17:28.0406 0128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/15 21:17:28.0484 0128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/15 21:17:28.0609 0128 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/15 21:17:28.0906 0128 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/15 21:17:28.0953 0128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/15 21:17:29.0000 0128 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/15 21:17:29.0078 0128 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/15 21:17:29.0328 0128 Boot (0x1200) (6edebab9095679f7f76a7e48f57af3a8) \Device\Harddisk0\DR0\Partition0
2011/07/15 21:17:29.0343 0128 ================================================================================
2011/07/15 21:17:29.0343 0128 Scan finished
2011/07/15 21:17:29.0343 0128 ================================================================================
2011/07/15 21:17:29.0359 1416 Detected object count: 1
2011/07/15 21:17:29.0359 1416 Actual detected object count: 1
2011/07/15 21:17:39.0562 1416 Rasl2tp (b89e278024fa3782f294f12c2b35d701) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/15 21:17:42.0109 1416 Backup copy found, using it..
2011/07/15 21:17:42.0125 1416 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - will be cured after reboot
2011/07/15 21:17:42.0125 1416 Rootkit.Win32.ZAccess.c(Rasl2tp) - User select action: Cure
2011/07/15 21:17:59.0203 0864 Deinitialize success

jay_b

Rookie Surfer
Rookie Surfer

Posts: 63
Joined: 2011-06-23
Operating System: xp

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by Kenny94 on Fri 15 Jul 2011, 9:51 pm

Rerun Combofix and post the log please.



Kenny94

Tech Officer
Tech Officer

Posts: 2019
Joined: 2010-04-22
Operating System: Windows 7

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by jay_b on Sat 16 Jul 2011, 12:32 pm

Hi Kenny94

unfortumately i am still experiencing problems with ComboFix, where it does not complete (2 hours i have let it run for).

Message from autoscan


'Scanning for infected files...
This typically doesn't take more than 10 minutes
However scan times for badly infected machines may easily double'

This does not change

I am now away for a week i hope i can try and rectifiy with your response on my return.
Many thanks for the help so far.

jay_b

Rookie Surfer
Rookie Surfer

Posts: 63
Joined: 2011-06-23
Operating System: xp

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by Kenny94 on Sat 16 Jul 2011, 2:40 pm

When you get back. Remove ComboFix off of your desktop. Download a fresh copy of Combofix. This time run Combofix in safe mode.

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Login as the same user you were previously logged in at.


ComboFix should run. When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply.



Kenny94

Tech Officer
Tech Officer

Posts: 2019
Joined: 2010-04-22
Operating System: Windows 7

View user profile

Back to top Go down

Re: Google Redirect Virus

Post by jay_b on Mon 25 Jul 2011, 7:15 pm

Kenny94 wrote:When you get back. Remove ComboFix off of your desktop. Download a fresh copy of Combofix. This time run Combofix in safe mode.

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Login as the same user you were previously logged in at.


ComboFix should run. When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply.

have done so as instructed in safe mode but still encounter the same problems with not completing as previously

Message from autoscan


'Scanning for infected files...
This typically doesn't take more than 10 minutes
However scan times for badly infected machines may easily double'


jay_b

Rookie Surfer
Rookie Surfer

Posts: 63
Joined: 2011-06-23
Operating System: xp

View user profile

Back to top Go down

Page 1 of 7 1, 2, 3, 4, 5, 6, 7  Next

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum