Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus still on PC after formatting


  • This topic is locked This topic is locked
3 replies to this topic

#1 ThorpeBC

ThorpeBC

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 April 2011 - 01:11 AM

I posted this here a week ago ( http://www.bleepingcomputer.com/forums/topic390759.html ) and have gotten some new information since, but I didn't want to bump my old thread as that might put me back in the queue. Still haven't received a reply after a week and I've noticed some people getting same day replies now, so I guess mine must have been missed.

To sum up, I was infected with the Google redirect virus - search links redirecting in new tabs, and occasionally just whenever I click anywhere within a page. Since the last post my computer has also started "installing update 1 of 1" about half the time I shut down my computer. Have tried everything - Hitman, Malwarebytes, Combofix, TDSSkiller, looking for the infection manually. Searching for "google redirect virus" brings up heaps of people posting about it, but everyone seems to be given a different solution and none of them work for me. I eventually gave up and formatted my PC, but believe it or not the virus is still here. I'm running 64 bit Windows 7.

One of my housemates has got the same problems at the moment, and the other two are having different problems with their PCs as well. Is there any chance it could be coming through the network - hence it remaining after the format? If this is the case, would formatting all four computers at once before reconnecting to the network solve the problem? Also, is it safe to use external harddrives (just for viewing, not transferring, documents/media) while my PC is infected?

Any help would be hugely appreciated - have been without full use of my PC for about ten days now and I don't know what else I can do besides hope for an answer from here!

Here are the updated logs:


.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Thorpe at 15:27:20.91 on Tue 19/04/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4094.2998 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ANIWConnService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Thorpe\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Thorpe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-1-19 37456]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2011-4-12 15872]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-2-10 376400]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 ANIWConnService;ANIWConn Service;C:\Windows\system32\ANIWConnService.exe --> C:\Windows\system32\ANIWConnService.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-3-30 118352]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\Dnetr28ux.sys [2009-9-15 1061888]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-21 413800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-12 1255736]
.
=============== Created Last 30 ================
.
2011-04-19 04:34:13 -------- d-----w- C:\Users\Thorpe\AppData\Local\Microsoft Help
2011-04-19 04:21:22 -------- d-----w- C:\Users\Thorpe\AppData\Local\{169ADFA9-E77B-4F91-B642-6530EBC8F96C}
2011-04-19 01:35:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-18 02:42:17 -------- d-----w- C:\Users\Thorpe\AppData\Local\{BAE65C8B-F8FA-4E9D-BEDF-BA6F1D9F7D65}
2011-04-16 16:58:35 -------- d-----w- C:\Users\Thorpe\AppData\Local\{B2E94AA0-FFAB-48BE-ADA3-1F59320CA61D}
2011-04-16 02:44:14 -------- d-----w- C:\Users\Thorpe\AppData\Local\{958766F4-73C8-4ECA-B317-9B558B1D1F5A}
2011-04-16 02:44:14 -------- d-----w- C:\Users\Thorpe\AppData\Local\{2E9A77C2-89E8-4A50-AB7C-6F60AC011A86}
2011-04-14 22:20:09 -------- d-----w- C:\Users\Thorpe\AppData\Local\{39EB506F-62FC-426F-B789-4154F566544A}
2011-04-14 08:50:11 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-14 08:50:11 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-14 08:50:10 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-04-14 08:50:07 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-04-14 08:50:07 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-04-14 08:50:06 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-04-14 08:50:06 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-04-14 08:50:01 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-14 08:50:01 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-14 08:50:01 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-14 08:41:45 -------- d-----w- C:\Users\Thorpe\AppData\Local\{FD6F6631-E3C1-4F01-8CDC-4D35F8CA6C9D}
2011-04-13 11:06:37 -------- d-----w- C:\Users\Thorpe\AppData\Local\{798C4263-9E4A-4725-BC9D-0B72901ED89A}
2011-04-13 11:06:24 -------- d-----w- C:\Users\Thorpe\Tracing
2011-04-13 10:56:17 -------- d-----w- C:\Windows\en
2011-04-13 10:53:40 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-04-13 10:51:12 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-04-13 10:51:12 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-04-13 10:51:09 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-04-13 10:51:09 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-04-13 10:50:25 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-04-13 10:50:25 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-04-13 10:49:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\82d551621cbf9c806\DSETUP.dll
2011-04-13 10:49:50 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\82d551621cbf9c806\DXSETUP.exe
2011-04-13 10:49:50 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\82d551621cbf9c806\dsetup32.dll
2011-04-13 10:49:41 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ce687441cbf9c805\DXSETUP.exe
2011-04-13 10:49:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ce687441cbf9c805\DSETUP.dll
2011-04-13 10:49:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ce687441cbf9c805\dsetup32.dll
2011-04-13 10:49:24 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\72b35be41cbf9c804\Silverlight.4.0.exe
2011-04-13 10:48:18 -------- d-----w- C:\Users\Thorpe\AppData\Local\Windows Live
2011-04-13 10:48:17 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-04-13 09:43:03 159080 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-12 23:53:31 -------- d-----w- C:\Windows\Panther
2011-04-12 10:44:30 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-04-12 10:43:51 -------- d-----w- C:\PROGRA~3\Hitman Pro
2011-04-12 08:20:02 -------- d-----w- C:\Users\Thorpe\AppData\Roaming\AVG10
2011-04-12 08:19:26 -------- d--h--w- C:\PROGRA~3\Common Files
2011-04-12 08:19:11 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-04-12 08:18:35 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-04-12 08:18:35 -------- d-----w- C:\PROGRA~3\AVG10
2011-04-12 08:17:41 -------- d-----w- C:\Program Files (x86)\AVG
2011-04-12 07:41:11 -------- d-----w- C:\PROGRA~3\MFAData
2011-04-12 07:23:53 -------- d-----w- C:\Windows\System32\SPReview
2011-04-12 07:23:34 -------- d-----w- C:\Windows\System32\EventProviders
2011-04-12 07:20:18 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-04-12 07:20:18 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-04-12 07:20:18 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-04-12 07:20:15 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-04-12 07:20:14 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-04-12 07:20:09 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-04-12 07:20:09 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-04-12 06:59:52 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-04-12 06:56:40 -------- d-----w- C:\Windows\SysWow64\Wat
2011-04-12 06:56:40 -------- d-----w- C:\Windows\System32\Wat
2011-04-12 06:53:40 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-04-12 06:53:35 -------- d-----w- C:\Windows\PCHEALTH
2011-04-12 06:43:18 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-04-12 06:43:18 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-04-12 06:43:18 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-04-12 06:43:18 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-04-12 06:43:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-04-12 06:43:17 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-04-12 06:43:17 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-04-12 06:43:17 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-04-12 06:43:17 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-04-12 06:33:46 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{5A67AC85-1C1B-408B-A234-4FF2BADEBACC}\mpengine.dll
2011-04-12 06:33:46 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-04-12 06:24:01 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-04-12 06:24:01 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-12 06:24:01 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-04-12 06:24:01 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-12 06:24:00 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-04-12 06:24:00 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-04-12 06:24:00 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-04-12 06:24:00 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-04-12 06:24:00 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-04-12 06:24:00 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-04-12 06:23:51 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-04-12 06:23:51 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-04-12 06:23:45 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-04-12 06:23:45 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-04-12 06:23:40 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-04-12 06:15:42 -------- d-----w- C:\Users\Thorpe\AppData\Local\Google
2011-04-12 06:15:17 -------- d-----w- C:\Users\Thorpe\AppData\Local\Deployment
2011-04-12 06:15:17 -------- d-----w- C:\Users\Thorpe\AppData\Local\Apps
2011-04-12 06:13:23 0 ----a-w- C:\Windows\ativpsrm.bin
2011-04-12 06:10:11 147456 ----a-w- C:\Windows\SysWow64\ANIWConnService.exe
2011-04-12 06:08:23 886272 ----a-w- C:\Windows\System32\drivers\netr28ux.sys
2011-04-12 06:08:23 15872 ----a-w- C:\Windows\System32\drivers\anodlwfx.sys
2011-04-12 06:08:23 -------- d-----w- C:\Program Files (x86)\D-Link
2011-03-30 07:17:00 118352 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
.
==================== Find3M ====================
.
2011-04-12 07:26:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-12 07:26:41 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-01 04:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-21 22:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-09 21:53:58 376400 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-02-09 21:53:34 29264 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-01-26 13:37:22 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-26 13:22:20 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 13:00:46 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 13:00:32 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 12:59:48 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 12:59:12 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 12:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 12:56:16 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 12:55:38 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 12:54:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 12:54:02 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 12:53:56 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 12:53:44 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 12:53:38 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 12:53:34 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 12:53:28 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 12:49:46 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 12:40:04 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 12:32:48 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 12:32:14 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 12:32:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 12:28:54 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 12:27:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 12:27:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 12:27:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 12:27:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 12:27:32 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 12:25:52 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 12:24:20 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 12:22:00 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 12:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 12:14:16 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 12:14:10 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 12:13:58 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 12:13:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 12:13:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 12:13:52 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 12:13:44 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 12:13:34 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-26 12:12:48 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 12:12:42 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 12:12:34 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 12:12:26 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-26 12:11:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 12:08:48 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 12:08:48 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 12:08:42 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 12:08:42 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-20 21:36:02 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-01-20 21:36:02 413800 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
.
============= FINISH: 15:27:34.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:18 PM

Posted 27 April 2011 - 07:22 PM

Given the dialogue in the other topic, I presume this issue is resolved. Is this correct?

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 ThorpeBC

ThorpeBC
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 27 April 2011 - 11:54 PM

Yes! Forgot entirely about this thread, sorry!

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:18 PM

Posted 28 April 2011 - 03:28 PM

Thank you for confirming. This topic is now closed. Happy computing.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users