BleepingComputer.com: Google redirect, stupid malware

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Google redirect, stupid malware Cannot figure out how to remove it

#1 User is offline   cchesnut99 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 12-July 11

Posted 13 July 2011 - 12:41 PM

Could not run DDS.

GMER log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-13 12:35:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3200BEKT-60KA9T0 rev.01.01A01
Running: gmer.exe; Driver: C:\DOCUME~1\CANDAC~1\LOCALS~1\Temp\ufxcypob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xB9040AA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xB9033330]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xB90407D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xB9040940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xB90413E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB9041030]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xB9041D00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xB9033430]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xB90334B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xB9040C00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB9033560]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xB9033610]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xB90336C0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xB9033740]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xB903F030]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xB9034160]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xB9033760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xB9033840]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xB9DE2000]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xB9033920]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xB90405C0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xB9041210]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xB9033A00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xB9033AB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB90419B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xB9033B60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xB9033C40]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xB9033CD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xB9041CB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xB9033ED0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xB9042030]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xB9042650]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xB9033F60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xB903DC50]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xB9034000]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xB9041C60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xB903F390]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xB9041800]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xB9034120]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xB9040AC0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xB903CD60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xB903CD70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xB903CD80]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xB903CDA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xB903CDC0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xB903CDF0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xB903CE00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xB903CE20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xB903CE30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xB903CEF0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xB903CFC0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xB903D000]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xB903D040]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B9042A70 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B9042F70 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text KDCOM.DLL!KdSendPacket BA5A8345 6 Bytes [FA, 8D, 46, 01, 25, FF]
.text KDCOM.DLL!KdSendPacket BA5A834D 5 Bytes [80, 79, 07, 48, 0D]
.text KDCOM.DLL!KdSendPacket BA5A8353 29 Bytes [FF, FF, FF, 40, 0F, B6, F0, ...]
.text KDCOM.DLL!KdSendPacket BA5A8371 28 Bytes [FF, FF, FF, 42, 0F, B6, FA, ...]
.text KDCOM.DLL!KdD0Transition + 8 BA5A838E 17 Bytes [08, 03, 55, F8, 03, D8, 81, ...]
.text KDCOM.DLL!KdD0Transition + 1A BA5A83A0 42 Bytes [FF, FF, FF, 43, 0F, B6, C3, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 25 BA5A83CB 6 Bytes [00, C9, C2, 08, 00, 55] {ADD CL, CL; RET 0x8; PUSH EBP}
.text KDCOM.DLL!KdDebuggerInitialize0 + 2C BA5A83D2 23 Bytes [EC, 83, C8, FF, 83, 7D, 08, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 44 BA5A83EA 162 Bytes [42, 5E, F6, C1, 01, 74, 0A, ...]
.text KDCOM.DLL!KdRestore + 2D BA5A848D 1 Byte [43]
.text KDCOM.DLL!KdRestore + 2D BA5A848D 77 Bytes [43, 08, 89, 45, FC, 8B, 55, ...]
.text KDCOM.DLL!KdRestore + 7C BA5A84DC 25 Bytes [C9, C2, 08, 00, 55, 8B, EC, ...]
.text KDCOM.DLL!KdRestore + 97 BA5A84F7 21 Bytes [89, 06, 89, 46, 08, 89, 46, ...]
.text KDCOM.DLL!KdRestore + AD BA5A850D 241 Bytes CALL BA5A846D \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 2 BA5A8F4E 205 Bytes [F0, 8D, 45, FC, 50, 53, 56, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D0 BA5A901C 2 Bytes [75, 0E] {JNZ 0x10}
PAGEKD KDCOM.DLL!KdReceivePacket + D3 BA5A901F 1 Byte [C0]
PAGEKD KDCOM.DLL!KdReceivePacket + D3 BA5A901F 103 Bytes [C0, 02, 83, C2, 02, 84, DB, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 13B BA5A9087 131 Bytes [7D, 0C, B8, 4D, 5A, 00, 00, ...]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 6F BA5A9221 181 Bytes [83, C4, 18, 33, C0, 85, FF, ...]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[220] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[336] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[336] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[336] USER32.dll!AlignRects 7E412A78 4 Bytes [70, 11, 77, 00] {JO 0x13; JA 0x4}
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[336] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Bonjour\mDNSResponder.exe[356] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Bonjour\mDNSResponder.exe[356] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Bonjour\mDNSResponder.exe[356] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[372] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[528] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[528] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[528] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Immunet Protect\2.0.17\agent.exe[552] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Immunet Protect\2.0.17\agent.exe[552] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Immunet Protect\2.0.17\agent.exe[552] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Java\jre6\bin\jqs.exe[768] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Java\jre6\bin\jqs.exe[768] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\svchost.exe[828] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[1036] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[1068] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[1092] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[1092] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\winlogon.exe[1092] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\services.exe[1136] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[1148] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[1148] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[1148] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1304] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1416] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[1460] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[1460] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\svchost.exe[1460] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[1568] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1568] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1568] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[1652] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\WLTRYSVC.EXE[1856] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\bcmwltry.exe[1868] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\bcmwltry.exe[1868] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\bcmwltry.exe[1868] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\spoolsv.exe[1912] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\SCardSvr.exe[1968] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\SCardSvr.exe[1968] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\SCardSvr.exe[1968] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[2028] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[2028] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\System32\alg.exe[2160] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft\BingBar\BingBar.exe[2260] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft\BingBar\BingBar.exe[2260] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Microsoft\BingBar\BingBar.exe[2260] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Microsoft\BingBar\BingApp.exe[2464] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft\BingBar\BingApp.exe[2464] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Microsoft\BingBar\BingApp.exe[2464] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Internet Explorer\iexplore.exe[2608] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 07BF0930 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 07BF0870 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 07BF06F0 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 07BF07B0 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
? C:\Program Files\Internet Explorer\iexplore.exe[2608] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 07BF0B00 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 07BF0E60 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 07BF0D70 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 07BF0C80 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 07BF0FE0 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 07BEFDE0 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 07BF10C0 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 07BEFF40 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\Swag_Bucks\tbSwa0.dll (Conduit Toolbar/Conduit Ltd.)
? C:\Program Files\Internet Explorer\iexplore.exe[2608] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00DA6822
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00DA6A2D
? C:\WINDOWS\Explorer.EXE[2932] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\Explorer.EXE[2932] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[2932] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!StrStrW 7C9C5128 4 Bytes [80, 00, 1E, 7D]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!StrStrW 7C9C5134 4 Bytes [F0, 00, 1E, 7D]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!StrStrW 7C9C6FD8 4 Bytes [D0, 08, 1E, 7D]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!StrStrW 7C9C70D4 4 Bytes [F0, 0E, 4B, 7E]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!StrStrW 7C9C70F0 4 Bytes [40, 09, 1E, 7D]
.text ...
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!SHFree + 11E 7C9EAA58 4 Bytes [30, 06, 4B, 7E]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!ILFree + 9C 7C9EABD8 4 Bytes [80, 0E, 4B, 7E]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!ILFindChild + 3D4 7C9F184C 4 Bytes [40, 09, 4B, 7E] {INC EAX; OR [EBX+0x7e], ECX}
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!ILFindChild + A54 7C9F1ECC 4 Bytes [A0, 0D, 4B, 7E]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!SHChangeNotifyDeregister + 2CA 7C9F4C44 4 Bytes [B0, 02, 1E, 7D]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!SHChangeNotifyDeregister + 2EA 7C9F4C64 4 Bytes [40, 02, 1E, 7D]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!SHChangeNotifyDeregister + 322 7C9F4C9C 4 Bytes [D0, 01, 1E, 7D]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!DllGetVersion + 241 7CA0660C 4 Bytes [30, 0D, 4B, 7E]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!SHGetImageList + B23 7CA07414 4 Bytes [10, 0E, 4B, 7E]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!SHTestTokenMembership + E5 7CA0C02C 4 Bytes [30, 0D, 1E, 7D]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!ILLoadFromStream + 9E9 7CA0DD18 4 Bytes [20, 03, 4B, 7E]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!ILLoadFromStream + BA1 7CA0DED0 4 Bytes [A0, 06, 1E, 7D]
.text C:\WINDOWS\Explorer.EXE[2932] SHELL32.dll!ILLoadFromStream + CB1 7CA0DFE0 4 Bytes [80, 07, 1E, 7D]
? C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3240] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3240] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3240] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3252] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3252] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3252] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\WLTRAY.exe[3308] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\WLTRAY.exe[3308] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\WLTRAY.exe[3308] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\iTunes\iTunesHelper.exe[3412] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\iTunes\iTunesHelper.exe[3412] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\iTunes\iTunesHelper.exe[3412] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3436] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[3456] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[3456] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[3456] USER32.dll!AlignRects 7E412A78 4 Bytes [70, 11, 3F, 00]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[3456] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Immunet Protect\2.0.17\iptray.exe[3476] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Immunet Protect\2.0.17\iptray.exe[3476] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Immunet Protect\2.0.17\iptray.exe[3476] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3540] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3540] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3540] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\ctfmon.exe[3588] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3724] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3724] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3724] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Internet Explorer\iexplore.exe[3740] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Internet Explorer\iexplore.exe[3740] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 070B0B00 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 070B0E60 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 070B0D70 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 070B0C80 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 070B0FE0 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 070AFDE0 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 070B10C0 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 070AFF40 C:\Documents and Settings\Candace Chesnut\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
? C:\Program Files\Internet Explorer\iexplore.exe[3740] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB583B C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB6378 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CB5683 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB5713 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WS2_32.dll!send 71AB4C27 5 Bytes JMP 46CB5C8E C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CB667C C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00FA6822
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 05C1F89F C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 05C1FA03 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3740] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00FA6A2D
? C:\Program Files\iPod\bin\iPodService.exe[3908] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.15 ----

Thread System [4:108] 89D090B3
Thread System [4:120] 89D0A7FB
Thread System [4:136] 89BAE140
Thread System [4:144] 89BAE140
Thread System [4:148] 89B0A900
Thread System [4:152] 89B0A900
Thread System [4:160] 89B0C950
Thread System [4:164] 89B0C950
Thread System [4:168] 89B0C950
Thread System [4:172] 89B0A900

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Candace Chesnut\Cookies\candace_chesnut@services.apps.conduit[11].txt 286 bytes
File C:\Documents and Settings\Candace Chesnut\Cookies\candace chesnut@CAQK63W2.txt 279 bytes

---- EOF - GMER 1.0.15 ----

ark.txt in attachment

Forgot to add details....
Every time I do a google search I get redirected to several different sites, i.e. scour.com, shopica.com, etc. Also, I have been having random windows pop up that have nothing to do with the websites that I have been on. A few days ago I had a Winfix virus...at least I think that is what it is called.

Thanks in advance for whomever can help me with this insanity.

Candace

I think I have figured out how to remove the TDSS malware. I ran combofix, GMER, TDSS rootkiller and installed malwarebytes. After running TDSS rootkiller and then malwarebytes the report showed no more infections. Google is no longer redirecting. Is there anything else I should do to make sure the problem has been solved?

TIA,
Candace

EDIT: Posts merged ~Budapest

This post has been edited by Budapest: 14 July 2011 - 04:48 PM

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 18 July 2011 - 07:53 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 21 July 2011 - 05:33 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#4 User is offline   cchesnut99 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 12-July 11

Posted 21 July 2011 - 07:50 PM

Sorry for the late response. No I do not think I need further help. My searches are no longer being redirected. Thank you.

#5 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 22 July 2011 - 02:59 PM

Thanks for letting us know


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users