Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistant Google Redirect Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 mcmulk98

mcmulk98

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 01 May 2011 - 12:11 PM

Hello everyone. I have been infected with malware! It initially began with some aggressive advertising through the computer audio and something called "windows defender" or something like that telling me about "critical issues" that had to be fixed. I ran a google search that told me about the malware. I then downloaded many anti-virus programs and removal kits.

I think the fall out from the removal kits and anti-virus programs removed the virus, but there are some lingering issues that need to be fixed. I think there are some bad files still on my computer. Google still re-directs me when I click on a search result. It redirects me to what appears to be random websites but I am not sure. I have 2 logs that I copy and pasted below. Any help would be very much appreciated!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mcmulk98 at 22:23:25.51 on 04/29/11
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3068.1558 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mcmulk98\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - c:\program files\elf_1\prxtbElf_.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - c:\program files\elf_1\prxtbElf_.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - c:\program files\elf_1\prxtbElf_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mcmulk98\appdata\roaming\mozilla\firefox\profiles\r9kkdnkw.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dba3ad0&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\mcmulk98\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\mcmulk98\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-28 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-28 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-28 656320]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_030ac640\AEstSrv.exe [2008-9-27 73728]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-2-8 2707512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 26168]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-1 341328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-14 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-1 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-22 43552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9974e2a392080;Google Update Service (gupdate1c9974e2a392080);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-28 947528]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-28 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-28 1150936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-29 04:36:16 -------- d-----w- c:\users\mcmulk98\appdata\local\AVG Security Toolbar
2011-04-29 04:14:31 -------- d-----w- c:\users\mcmulk98\appdata\roaming\AVG10
2011-04-29 04:13:23 -------- d--h--w- c:\progra~2\Common Files
2011-04-29 04:13:03 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-04-29 04:09:52 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-29 04:09:52 -------- d-----w- c:\progra~2\AVG10
2011-04-29 01:18:48 -------- d-s---w- C:\ComboFix
2011-04-29 00:22:41 -------- d-----w- c:\progra~2\Alwil Software
2011-04-29 00:20:18 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-29 00:20:18 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-29 00:20:17 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-29 00:20:17 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-29 00:20:13 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-29 00:20:13 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-29 00:19:39 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-29 00:19:09 -------- d-----w- c:\users\mcmulk98\appdata\roaming\PC Tools
2011-04-29 00:19:09 -------- d-----w- c:\program files\PC Tools Security
2011-04-29 00:19:09 -------- d-----w- c:\program files\common files\PC Tools
2011-04-29 00:19:09 -------- d-----w- c:\progra~2\PC Tools
2011-04-26 22:35:15 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 22:35:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 22:32:46 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{179400f3-ee96-477b-8159-7d488f6f6217}\mpengine.dll
2011-04-14 03:06:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 03:06:03 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-13 05:28:16 -------- d-----w- c:\windows\system32\wbem\Logs
2011-04-12 09:08:24 -------- d--h--w- c:\users\mcmulk98\appdata\roaming\DriverCure
2011-04-12 09:08:23 -------- d--h--w- c:\users\mcmulk98\appdata\roaming\ParetoLogic
2011-04-02 14:08:00 -------- d--h--w- c:\users\mcmulk98\appdata\roaming\WildTangent
.
==================== Find3M ====================
.
2011-04-23 01:43:57 101 ---ha-w- c:\windows\wpd99.drv
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-06 20:22:02 20480 ----a-w- c:\windows\system32\cliconfg.728
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:25:03.31 ===============

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-29 23:36:19
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.8909
Running: gmer.exe; Driver: C:\Users\mcmulk98\AppData\Local\Temp\pfrdqkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8B578F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8B579230]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA27267A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA2726848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA27268E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA2726980]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8B57952C]

INT 0x52 ? 87E2ABF8
INT 0x62 ? 87E2ABF8
INT 0x72 ? 86135BF8
INT 0x72 ? 87E2ABF8
INT 0x72 ? 87E2ABF8
INT 0x72 ? 86135BF8
INT 0x82 ? 87E2ABF8
INT 0xA2 ? 87E2ABF8
INT 0xA2 ? 857A2BF8
INT 0xA2 ? 857A2BF8
INT 0xA2 ? 857A2BF8
INT 0xA2 ? 857A2BF8
INT 0xA2 ? 87E2ABF8
INT 0xA2 ? 87E2ABF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 43C 822EBA60 8 Bytes [68, 8F, 57, 8B, 30, 92, 57, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 624 822EBC48 4 Bytes [A0, 67, 72, A2]
.text ntkrnlpa.exe!KeSetTimerEx + 854 822EBE78 8 Bytes [48, 68, 72, A2, E4, 68, 72, ...] {DEC EAX; PUSH 0x68e4a272; JB 0xffffffffffffffaa}
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 822EBED8 4 Bytes [80, 69, 72, A2] {SUB BYTE [ECX+0x72], 0xa2}
.text ntkrnlpa.exe!KeSetTimerEx + 918 822EBF3C 4 Bytes [2C, 95, 57, 8B]
? System32\Drivers\spea.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 909C046F 5 Bytes JMP 87E2A1D8
.text asdxh9b6.SYS 8BBA2000 22 Bytes [26, 72, 20, 82, 10, 71, 20, ...]
.text asdxh9b6.SYS 8BBA2017 145 Bytes [00, 32, 27, 79, 80, 3D, 25, ...]
.text asdxh9b6.SYS 8BBA20A9 35 Bytes [60, 28, 82, 60, 57, 28, 82, ...]
.text asdxh9b6.SYS 8BBA20CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text asdxh9b6.SYS 8BBA20DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
? C:\Windows\TEMP\mc218DC.tmp The system cannot find the file specified. !
? C:\Users\mcmulk98\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1480] USER32.dll!TrackPopupMenu 75C41417 5 Bytes JMP 60C42024 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\Explorer.EXE[2156] WININET.dll!HttpAddRequestHeadersA 76D6CF4E 3 Bytes JMP 006218D5
.text C:\Windows\Explorer.EXE[2156] WININET.dll!HttpAddRequestHeadersA + 4 76D6CF52 1 Byte [89]
.text C:\Windows\Explorer.EXE[2156] WININET.dll!HttpAddRequestHeadersW 76D6FE49 3 Bytes JMP 00621A9D
.text C:\Windows\Explorer.EXE[2156] WININET.dll!HttpAddRequestHeadersW + 4 76D6FE4D 1 Byte [89]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4912] ntdll.dll!LdrLoadDll 778379B3 5 Bytes JMP 00FE13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4912] WS2_32.dll!closesocket 771B330C 5 Bytes JMP 00C2000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4912] WS2_32.dll!connect 771B40D9 5 Bytes JMP 00C1000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4912] WS2_32.dll!getaddrinfo 771B418A 5 Bytes JMP 00D9000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4912] WS2_32.dll!send 771B659B 5 Bytes JMP 00C3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4912] WS2_32.dll!gethostbyname 771C62D4 5 Bytes JMP 00D8000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 861581F8
Device \FileSystem\fastfat \FatCdrom 859161F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 861331F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\netbt \Device\NetBT_Tcpip_{8CFB482C-1B36-4D7A-B248-31978F5477F6} 891C31F8
Device \Driver\usbuhci \Device\USBPDO-0 8829A1F8
Device \Driver\usbuhci \Device\USBPDO-1 8829A1F8
Device \Driver\usbehci \Device\USBPDO-2 882AC1F8
Device \Driver\usbuhci \Device\USBPDO-3 8829A1F8
Device \Driver\usbuhci \Device\USBPDO-4 8829A1F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 8829A1F8
Device \Driver\usbuhci \Device\USBPDO-6 8829A1F8
Device \Driver\volmgr \Device\HarddiskVolume1 861331F8
Device \Driver\usbehci \Device\USBPDO-7 882AC1F8
Device \Driver\volmgr \Device\HarddiskVolume2 861331F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E21CD2AC-11D5-4472-9BC1-6C3AA407B934} 891C31F8
Device \Driver\cdrom \Device\CdRom0 8842E1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8B054EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B054EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B054EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 8842E1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 891C31F8
Device \Driver\Smb \Device\NetbiosSmb 891891F8
Device \Driver\netbt \Device\NetBT_Tcpip_{B1C980ED-83DB-4171-9073-273AA2289657} 891C31F8
Device \Driver\iScsiPrt \Device\RaidPort0 884611F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\4104114870 spea.sys

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8829A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8829A1F8
Device \Driver\usbehci \Device\USBFDO-2 882AC1F8
Device \Driver\usbuhci \Device\USBFDO-3 8829A1F8
Device \Driver\BTHUSB \Device\000000bb bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-4 8829A1F8
Device \Driver\usbuhci \Device\USBFDO-5 8829A1F8
Device \Driver\BTHUSB \Device\000000bd bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-6 8829A1F8
Device \Driver\usbehci \Device\USBFDO-7 882AC1F8
Device \Driver\asdxh9b6 \Device\Scsi\asdxh9b61Port6Path0Target0Lun0 884341F8
Device \Driver\JMCR \Device\Scsi\JMCR1 883DC1F8
Device \Driver\JMCR \Device\Scsi\JMCR2 883DC1F8
Device \Driver\JMCR \Device\Scsi\JMCR3 883DC1F8
Device \Driver\JMCR \Device\Scsi\JMCR4 883DC1F8
Device \Driver\asdxh9b6 \Device\Scsi\asdxh9b61 884341F8
Device \Driver\PCI_PNP4845 \Device\0000008d spea.sys
Device \FileSystem\fastfat \Fat 859161F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\cdfs \Cdfs 85C611F8

---- Threads - GMER 1.0.15 ----

Thread System [4:324] 87AADE7A
Thread System [4:328] 87AB0008

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186b347ad
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xE5 0xB0 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0x89 0x0D 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE1 0xB9 0x33 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186b347ad (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xE5 0xB0 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0x89 0x0D 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE1 0xB9 0x33 0x14 ...

---- EOF - GMER 1.0.15 ----

I hope this stuff helps! Please let me know whatever I can do to help.

Kevin

I am operating Windows Vista!

Is there anyone out there who would be willing to assist me?

EDIT: Please be patient. There are over 300 unanswered topics in this forum at present and the current average wait time to receive help is 7 days. ~Budapest

A new "rogue security" item opened, listed as "vista security 2011". I'm running a whole mess of anti-virus programs to try and fix it (namely ParetoLogic PC and AVG) but neither seem to be catching the key problem!

A little more background on my situation. I have TDSSKiller, which I have tried to run (it would not load). I tried to re-name it and also change the extension from .exe to .com, it still did not run. Initially, around April 11 perhaps, I must have been infected. All of my files went hidden (even start menu). I've since corrected that so that I can see my files again. AVG, when ran, said volsnap.sys perhaps has been infected. I ran a program called Malwarebytes Anti-Malware today; 1-2 trojans are found and eliminated. I think the Vista Security 2011 may have been eliminated, but the re-direct persists. I've deleted the Java history earlier today as well. I'm going to run CCleaner as well to clear out temp internet files and all else that it can wash out (except for the log files, I will keep those). I've ran rkill also before running TDSSKiller (which I have since renamed to 123abc.com and also taxseason.exe). I downloaded combofix and tried to run that, however the last time I ran it I received a BSOD so I am now thinking that it IS a rootkit and if I were to run it again (even though... I ran a scan for it, now the name escapes me,... but a scan I ran came back showing "0" rootkits on the system. There is an online scan called EMET or SMET or something of the likes that I am going to try next. If that scan does not work then I may try to re- download and install combofix, although I would rather wait until I hear a response. But I, like everyone else on these boards, is at the end of my rope computer-virus-wise and am willing to take on more risk and go to desperate measures! I'm going to keep at it, and will be able to actively respond to any questions or requests from anyone who will help. I work bankers hours out of the midwest, so after 5PM is the best chance to get me by the home computer. Some background on the machine: I'm running Windows Vista Home Premium and it is an HP, 32bit operating system. Thank you! -Kevin

ESET is the name of the online scanner. I also just now received a Internet Explorer Script Error "http://cdn.onescreen.net/os/static/pixels/miva2.js"

I think the most frustrating thing right now is not being able to run TDSSKiller.exe. I keep reading that this is the fix for the issue I am having! I just tried to run it in safe mode but to no avail.

Ok last update before I go to bed. I was reading this link: My link and it told me to look in the device manager for a tdss component. I couldn't find one, but I did see under storage volume shadow copies about 26 copies of the generic volume shadow copy. I also saw 2 storage volumes. I don't know whether that means anything pertaining to this but I have a feeling that the volsnap.sys is the culprit here. I have to go to bed. Sorry for my persistence.. I feel like I'm doing more harm than good, but despite all the frustration... I have to admit I am enjoying learning about how everything works.

Goodnight Bleepingcomputer!

EDIT: 6 Posts merged ~Budapest

I ran ESET Online Scanner and it found the following: C:\Windows\System32\Drivers\volsnap.sys has a threat associated with it. Win32/Olmasco.E trojan. It is unable to clean.

Another update: I ran Microsoft Windows Malicious Software Removal Tool - Apr. 2011 which has identified and partially removed "Virus: Win32/Alureon.K". Man this computer is infected!

EDIT: Another 2 posts merged ~Budapest

Edited by Budapest, 06 May 2011 - 05:13 PM.
Moved from Vista to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 mcmulk98

mcmulk98
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 08 May 2011 - 02:11 PM

Microsoft Consumer Security Support Center fixed my problem free of charge in about 2 hours time. I appreciate all the work that everyone does here, but this may be a good place to re-direct some of the high volume of issues that this wonderful forum sees!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:50 AM

Posted 08 May 2011 - 03:00 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users