Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31

Thread: Google redirects

  1. 2010-02-04, 20:44 #11
    BooBoo
    BooBoo is offline
    Member
    Join Date
    Jan 2006
    Posts
    41

    Default

    Found it. Wonder why windows search did not find it. Oh well here it is.


    Volume in drive C has no label.
    Volume Serial Number is 5C36-5238

    Directory of c:\

    02/04/2010 09:28 AM 32,435 ComboFix.txt
    1 File(s) 32,435 bytes

    Directory of c:\Qoobox

    02/04/2010 09:28 AM 57,809 ComboFix-quarantined-files.txt
    01/26/2010 08:15 PM 27,996 ComboFix2.txt
    01/26/2010 07:42 PM 28,237 ComboFix3.txt
    01/22/2010 08:38 PM 27,947 ComboFix4.txt
    01/27/2010 05:39 PM 1,065,479 ComboFix5.txt
    5 File(s) 1,207,468 bytes

    Total Files Listed:
    6 File(s) 1,239,903 bytes
    0 Dir(s) 43,639,119,872 bytes free






    ComboFix 10-01-21.08 - Mike 01/22/2010 20:22:13.9.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.1183 [GMT -7:00]
    Running from: c:\users\Mike\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
    .

    2010-01-23 03:32 . 2010-01-23 03:33 -------- d-----w- c:\users\Mike\AppData\Local\temp
    2010-01-23 03:32 . 2010-01-23 03:32 -------- d-----w- c:\users\The McNabs\AppData\Local\temp
    2010-01-23 03:32 . 2010-01-23 03:32 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-01-23 03:32 . 2010-01-23 03:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-01-23 03:32 . 2010-01-23 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-01-22 10:12 . 2010-01-22 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000507\maindata.sys
    2010-01-21 10:12 . 2010-01-21 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000506\maindata.sys
    2010-01-20 10:11 . 2010-01-20 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000505\maindata.sys
    2010-01-19 10:08 . 2010-01-19 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000504\maindata.sys
    2010-01-18 10:09 . 2010-01-18 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000503\maindata.sys
    2010-01-17 10:07 . 2010-01-17 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000502\maindata.sys
    2010-01-16 10:45 . 2010-01-16 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000501\maindata.sys
    2010-01-15 11:21 . 2010-01-15 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000500\maindata.sys
    2010-01-14 10:52 . 2010-01-14 08:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000499\maindata.sys
    2010-01-13 11:35 . 2010-01-13 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000498\maindata.sys
    2010-01-13 01:05 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-01-13 01:05 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
    2010-01-12 10:12 . 2010-01-12 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000497\maindata.sys
    2010-01-11 10:12 . 2010-01-11 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000496\maindata.sys
    2010-01-10 10:12 . 2010-01-10 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000495\maindata.sys
    2010-01-09 11:13 . 2010-01-09 08:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000494\maindata.sys
    2010-01-08 11:22 . 2010-01-08 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000493\maindata.sys
    2010-01-07 10:59 . 2010-01-07 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000492\maindata.sys
    2010-01-06 12:04 . 2010-01-06 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000491\maindata.sys
    2010-01-05 10:54 . 2010-01-05 08:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000490\maindata.sys
    2010-01-04 10:14 . 2010-01-04 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000489\maindata.sys
    2010-01-03 10:15 . 2010-01-03 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000488\maindata.sys
    2010-01-02 10:07 . 2010-01-02 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000487\maindata.sys
    2010-01-01 10:08 . 2010-01-01 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000486\maindata.sys
    2009-12-31 10:14 . 2009-12-31 08:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000485\maindata.sys
    2009-12-28 11:25 . 2009-12-28 08:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000484\maindata.sys
    2009-12-27 11:12 . 2009-12-27 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000483\maindata.sys
    2009-12-26 11:19 . 2009-12-26 08:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000482\maindata.sys
    2009-12-25 10:18 . 2009-12-25 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000481\maindata.sys
    2009-12-24 10:10 . 2009-12-24 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000480\maindata.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-23 03:17 . 2007-12-11 02:23 -------- d-----w- c:\program files\Weather Watcher
    2010-01-23 02:08 . 2009-05-21 19:54 -------- d-----w- c:\program files\GE Security Supra
    2010-01-23 02:05 . 2009-08-10 01:10 -------- d-----w- c:\users\Mike\AppData\Roaming\uTorrent
    2010-01-22 21:22 . 2009-02-26 15:01 -------- d-----w- c:\users\Mike\AppData\Roaming\SolidDocuments
    2010-01-22 21:19 . 2007-10-10 14:53 -------- d-----w- c:\programdata\Google Updater
    2010-01-22 10:21 . 2008-07-20 15:42 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-16 18:58 . 2008-02-15 21:00 -------- d-----w- c:\users\Mike\AppData\Roaming\CoreFTP
    2010-01-16 16:37 . 2009-07-30 17:03 -------- d-----w- c:\program files\Citrix
    2010-01-16 16:37 . 2007-10-08 22:15 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-14 18:12 . 2009-10-03 08:40 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-13 10:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-01-02 06:38 . 2010-01-21 23:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-01-02 06:32 . 2010-01-21 23:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-01-02 06:32 . 2010-01-21 23:20 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-01-02 04:57 . 2010-01-21 23:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-12-23 08:02 . 2009-12-23 10:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000479\maindata.sys
    2009-12-22 08:01 . 2009-12-22 10:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000478\maindata.sys
    2009-12-21 08:01 . 2009-12-21 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000477\maindata.sys
    2009-12-20 17:43 . 2009-03-16 02:11 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-12-20 17:40 . 2009-03-16 02:10 -------- d-----w- c:\program files\Java
    2009-12-20 08:04 . 2009-12-20 10:11 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000476\maindata.sys
    2009-12-19 23:17 . 2007-10-10 14:53 -------- d-----w- c:\program files\Google
    2009-12-19 08:03 . 2009-12-19 10:13 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000475\maindata.sys
    2009-12-19 03:49 . 2009-12-19 03:47 -------- d-----w- c:\program files\PokerStars
    2009-12-18 08:03 . 2009-12-18 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000474\maindata.sys
    2009-12-17 08:03 . 2009-12-17 10:15 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000473\maindata.sys
    2009-12-16 08:03 . 2009-12-16 10:13 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000472\maindata.sys
    2009-12-15 08:02 . 2009-12-15 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000471\maindata.sys
    2009-12-14 08:01 . 2009-12-14 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000470\maindata.sys
    2009-12-13 08:04 . 2009-12-13 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000469\maindata.sys
    2009-12-12 08:03 . 2009-12-12 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000468\maindata.sys
    2009-12-11 08:02 . 2009-12-11 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000467\maindata.sys
    2009-12-10 08:01 . 2009-12-10 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000466\maindata.sys
    2009-12-09 08:01 . 2009-12-09 09:45 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000465\maindata.sys
    2009-12-08 08:01 . 2009-12-08 09:57 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000464\maindata.sys
    2009-12-07 08:00 . 2009-12-07 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000463\maindata.sys
    2009-12-06 08:01 . 2009-12-06 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000462\maindata.sys
    2009-12-05 08:01 . 2009-12-05 09:58 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000461\maindata.sys
    2009-12-04 08:00 . 2009-12-04 09:55 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000460\maindata.sys
    2009-12-03 08:03 . 2009-12-03 10:50 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000459\maindata.sys
    2009-12-02 08:02 . 2009-12-02 10:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000458\maindata.sys
    2009-12-01 08:03 . 2009-12-01 11:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000457\maindata.sys
    2009-11-30 08:03 . 2009-11-30 10:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000456\maindata.sys
    2009-11-29 08:06 . 2009-11-29 10:57 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000455\maindata.sys
    2009-11-28 17:50 . 2009-09-21 17:50 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2009-11-28 08:07 . 2009-11-28 10:40 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000454\maindata.sys
    2009-11-27 08:05 . 2009-11-27 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000453\maindata.sys
    2009-11-26 08:03 . 2009-11-26 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000452\maindata.sys
    2009-11-25 08:02 . 2009-11-25 09:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000451\maindata.sys
    2009-11-25 02:40 . 2009-11-25 02:40 975648 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
    2009-11-25 02:40 . 2009-11-25 02:40 499712 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcp71.dll
    2009-11-25 02:40 . 2009-11-25 02:40 348160 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcr71.dll
    2009-11-24 08:04 . 2009-11-24 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000450\maindata.sys
    2009-11-23 21:46 . 2007-10-08 21:09 229352 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-11-21 08:03 . 2009-11-21 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000449\maindata.sys
    2009-11-20 08:04 . 2009-11-20 10:10 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000448\maindata.sys
    2009-11-19 15:18 . 2009-11-19 15:18 1745 ----a-w- c:\programdata\Intuit\QuickBooks 2010\qbbackup.sys
    2009-11-19 08:03 . 2009-11-19 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000447\maindata.sys
    2009-11-18 08:01 . 2009-11-18 09:58 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000446\maindata.sys
    2009-11-17 08:04 . 2009-11-17 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000445\maindata.sys
    2009-11-16 08:02 . 2009-11-16 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000444\maindata.sys
    2009-11-15 08:03 . 2009-11-15 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000443\maindata.sys
    2009-11-14 08:01 . 2009-11-14 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000442\maindata.sys
    2009-11-13 08:02 . 2009-11-13 11:41 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000441\maindata.sys
    2009-11-12 08:03 . 2009-11-12 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000440\maindata.sys
    2009-11-11 08:03 . 2009-11-11 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000439\maindata.sys
    2009-11-10 08:03 . 2009-11-10 10:10 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000438\maindata.sys
    2009-11-09 12:31 . 2009-12-09 23:58 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-11-09 12:30 . 2009-12-09 23:58 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-09 10:36 . 2009-12-09 23:58 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-11-09 08:03 . 2009-11-09 09:56 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000437\maindata.sys
    2009-11-09 00:01 . 2009-11-09 00:01 79052 ----a-w- c:\windows\system32\drivers\AFS.SYS
    2009-11-08 08:02 . 2009-11-08 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000436\maindata.sys
    2009-11-07 08:03 . 2009-11-07 09:55 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000435\maindata.sys
    2009-11-06 08:04 . 2009-11-06 09:55 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000434\maindata.sys
    2009-11-05 08:01 . 2009-11-05 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000433\maindata.sys
    2009-11-04 08:01 . 2009-11-04 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000432\maindata.sys
    2009-11-03 10:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-02 08:01 . 2009-11-02 10:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000431\maindata.sys
    2009-11-01 08:03 . 2009-11-01 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000430\maindata.sys
    2009-10-31 08:02 . 2009-10-31 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000429\maindata.sys
    2009-10-30 08:03 . 2009-10-30 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000428\maindata.sys
    2009-10-29 09:17 . 2009-11-25 01:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-29 08:04 . 2009-10-29 10:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000427\maindata.sys
    2009-10-28 08:03 . 2009-10-28 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000426\maindata.sys
    2009-10-27 08:03 . 2009-10-27 10:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000425\maindata.sys
    2009-10-26 23:24 . 2009-10-26 23:24 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
    2009-10-26 08:02 . 2009-10-26 09:55 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000424\maindata.sys
    2009-10-25 08:02 . 2009-10-25 09:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000423\maindata.sys
    .

    ((((((((((((((((((((((((((((( SnapShot_2010-01-23_01.58.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-08 21:43 . 2010-01-23 02:10 50432 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2010-01-23 02:10 56496 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2007-10-08 21:10 . 2010-01-23 02:10 13630 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1304129043-3560768821-2314269622-1000_UserData.bin
    + 2009-02-07 18:00 . 2009-09-21 17:51 15688 c:\windows\System32\lsdelete.exe
    - 2009-02-07 18:00 . 2009-06-01 17:51 15688 c:\windows\System32\lsdelete.exe
    + 2006-11-02 13:02 . 2010-01-23 03:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2006-11-02 13:02 . 2010-01-23 01:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2006-11-02 13:02 . 2010-01-23 03:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2006-11-02 13:02 . 2010-01-23 01:12 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-04 00:42 . 2010-01-22 20:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-04 00:42 . 2010-01-23 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-04 00:42 . 2010-01-22 20:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-04 00:42 . 2010-01-23 02:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-04 00:42 . 2010-01-23 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-04 00:42 . 2010-01-22 20:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-01-23 02:08 . 2010-01-23 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-01-22 10:21 . 2010-01-22 20:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-01-22 10:21 . 2010-01-22 20:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-01-23 02:08 . 2010-01-23 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-05-29 16:02 . 2010-01-23 03:08 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-05-29 16:02 . 2010-01-23 01:12 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2006-11-02 13:02 . 2010-01-23 01:12 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2006-11-02 13:02 . 2010-01-23 03:08 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2007-09-24 1024000]
    "HeavyWeatherPublisher"="c:\heavyweather\HeavyWeatherPublisher.exe" [2004-02-23 1302528]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
    "eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-20 149280]

    c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    heavy weather.lnk - c:\heavyweather\heavy weather.exe [2008-5-29 781312]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-10-16 267520]
    DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2009-5-21 102400]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-25 66864]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):d6,05,a9,7a,15,33,ca,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1304129043-3560768821-2314269622-1000]
    "EnableNotificationsRef"=dword:00000002

    R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [11/8/2009 5:01 PM 79052]
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/25/2009 10:51 AM 64160]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/4/2007 11:31 AM 1153368]
    R2 SPDFCreatorPlusReadSpool;SolidPDFPlusCreatorReadSpool;c:\windows\Installer\MSIF8BC.tmp [2/26/2009 8:00 AM 189696]
    R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\Installer\MSIEE5E.tmp [2/26/2009 8:18 AM 189696]
    S2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [3/15/2009 6:58 PM 192512]
    S2 gupdate1c9bca6f4ea33cd;Google Update Service (gupdate1c9bca6f4ea33cd);c:\program files\Google\Update\GoogleUpdate.exe [4/13/2009 7:16 PM 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/5/2008 8:46 AM 21504]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1028432]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KXLDYPOW
    *Deregistered* - kxldypow

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:50]

    2010-01-22 c:\windows\Tasks\GBM - Backup Job-Full.job
    - c:\program files\Genie-Soft\GBMHome8\GBM8.exe [2007-10-08 12:28]

    2010-01-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-10 06:07]

    2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]

    2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    Trusted Zone: bing.com
    Trusted Zone: doccentral.com
    Trusted Zone: fnismls.com
    Trusted Zone: getmedianow.com
    Trusted Zone: live.com
    Trusted Zone: rdesk.com
    Trusted Zone: rexplorer.net
    Trusted Zone: safemls.net
    Trusted Zone: showingtime.com
    Trusted Zone: sitexdata.com
    Trusted Zone: spellchecker.net
    Trusted Zone: superior-host.com
    Trusted Zone: transactionpoint.com
    Trusted Zone: trpoint.com
    Trusted Zone: virtualearth.net
    Trusted Zone: xmlsweb.com
    TCP: {30BBADAE-3AF0-48DB-BFFA-9AD645AF925A} = 208.67.220.220,208.67.222.222
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    DPF: ImageUploader - hxxp://www.assetval.com/app/ImageUploader.CAB
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://facefun.com/FaceFun_webinstall/FaceFun.cab
    DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
    DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://pro.realquest.com/mapviewer/mapviewer.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-22 20:32
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x85E058C8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x87da2d24
    \Driver\ACPI -> acpi.sys @ 0x82495d68
    \Driver\atapi -> atapi.sys @ 0x825a79b0
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFCreatorPlusReadSpool]
    "ImagePath"="c:\windows\Installer\MSIF8BC.tmp"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFToolsReadSpool]
    "ImagePath"="c:\windows\Installer\MSIEE5E.tmp"
    .
    Completion time: 2010-01-22 20:38:49
    ComboFix-quarantined-files.txt 2010-01-23 03:38
    ComboFix2.txt 2010-01-23 02:04
    ComboFix3.txt 2009-11-03 05:01
    ComboFix4.txt 2009-09-03 21:53
    ComboFix5.txt 2010-01-23 03:20

    Pre-Run: 43,886,989,312 bytes free
    Post-Run: 43,837,460,480 bytes free

    - - End Of File - - 585A0A4BC6739D3F96C89F249A26C187
  2. 2010-02-04, 21:19 #12
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Does the redirecting still occur?

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • Please post contents of that file in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2010-02-04, 22:09 #13
    BooBoo
    BooBoo is offline
    Member
    Join Date
    Jan 2006
    Posts
    41

    Default

    The redirects were occuring before running malwarebytes. After running it they stopped.



    Malwarebytes' Anti-Malware 1.44
    Database version: 3690
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18882

    2/4/2010 2:07:15 PM
    mbam-log-2010-02-04 (14-07-15).txt

    Scan type: Quick Scan
    Objects scanned: 125948
    Time elapsed: 4 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. 2010-02-04, 22:13 #14
    BooBoo
    BooBoo is offline
    Member
    Join Date
    Jan 2006
    Posts
    41

    Default

    The fix was temporary. The redirects started again.
  5. 2010-02-04, 22:27 #15
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Click start->run->type control userpasswords2 and press enter. Is there HelpAssistant account present there? If yes, remove it (let me know if it was present).
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  6. 2010-02-04, 23:36 #16
    BooBoo
    BooBoo is offline
    Member
    Join Date
    Jan 2006
    Posts
    41

    Default

    No it was not there.
  7. 2010-02-05, 17:53 #17
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Ok. Do you have your Windows Vista installation media handy?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  8. 2010-02-05, 18:38 #18
    BooBoo
    BooBoo is offline
    Member
    Join Date
    Jan 2006
    Posts
    41

    Default

    Yes I do
  9. 2010-02-05, 19:42 #19
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Good. Please follow the instructions given in a tutorial here to access Windows Recovery Environment.

    Access command prompt as shown in the tutorial. Then write following bolded commands (each line presents command, have enter pressed after each one):
    C:
    cd\windows\system32\drivers
    copy atapi.sys atapi.sys.bad
    exit

    After that you should end up back to System Recovery Options -window. Click Restart there and wait until Windows starts up.

    Find and upload following file to http://www.virustotal.com and post back the results:

    c:\windows\system32\drivers\atapi.sys.bad
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  10. 2010-02-06, 03:39 #20
    BooBoo
    BooBoo is offline
    Member
    Join Date
    Jan 2006
    Posts
    41

    Default

    Antivirus Version Last Update Result
    a-squared 4.5.0.50 2010.02.06 Rootkit.Win32.TDSS!IK
    AhnLab-V3 5.0.0.2 2010.02.05 Win-Trojan/Patched.X
    AntiVir 7.9.1.158 2010.02.05 TR/Patched.Gen
    Antiy-AVL 2.0.3.7 2010.02.05 -
    Authentium 5.2.0.5 2010.02.05 -
    Avast 4.8.1351.0 2010.02.06 -
    AVG 9.0.0.730 2010.02.05 Rootkit-Pakes.U
    BitDefender 7.2 2010.02.06 Rootkit.TDSS.AH
    CAT-QuickHeal 10.00 2010.02.05 -
    ClamAV 0.96.0.0-git 2010.02.05 -
    Comodo 3835 2010.02.06 -
    DrWeb 5.0.1.12222 2010.02.06 BackDoor.Tdss.565
    eSafe 7.0.17.0 2010.02.04 -
    eTrust-Vet 35.2.7286 2010.02.05 -
    F-Prot 4.5.1.85 2010.02.05 -
    F-Secure 9.0.15370.0 2010.02.05 Rootkit.TDSS.AH
    Fortinet 4.0.14.0 2010.02.06 -
    GData 19 2010.02.06 Rootkit.TDSS.AH
    Ikarus T3.1.1.80.0 2010.02.05 Rootkit.Win32.TDSS
    Jiangmin 13.0.900 2010.02.05 Rootkit.TDSS.cty
    K7AntiVirus 7.10.967 2010.02.05 -
    Kaspersky 7.0.0.125 2010.02.06 Rootkit.Win32.TDSS.u
    McAfee 5883 2010.02.05 Patched-SYSFile
    McAfee+Artemis 5883 2010.02.05 Patched-SYSFile
    McAfee-GW-Edition 6.8.5 2010.02.05 Heuristic.LooksLike.Trojan.Patched.H
    Microsoft 1.5406 2010.02.06 Virus:Win32/Alureon.A
    NOD32 4840 2010.02.06 Win32/Olmarik.TM
    Norman 6.04.03 2010.02.05 W32/TDSS.drv.gen4.A
    nProtect 2009.1.8.0 2010.02.05 Trojan/W32.Rootkit.19944
    Panda 10.0.2.2 2010.02.05 -
    PCTools 7.0.3.5 2010.02.05 -
    Rising 22.33.05.01 2010.02.06 -
    Sophos 4.50.0 2010.02.06 Mal/TDSSRt-A
    Sunbelt 3.2.1858.2 2010.02.06 Trojan.Win32.Olmarik.of!damaged (V)
    TheHacker 6.5.1.0.181 2010.02.06 -
    TrendMicro 9.120.0.1004 2010.02.05 TROJ_TDSS.SME
    VBA32 3.12.12.1 2010.02.05 Rootkit.Win32.TDSL
    ViRobot 2010.2.5.2174 2010.02.05 -
    VirusBuster 5.0.21.0 2010.02.05 Rootkit.Alureon.Gen!Pac.7
    Additional information
    File size: 19944 bytes
    MD5...: c717ecf3ab805ec263a5c0aa59588d84
    SHA1..: daf0d04e9c68cb81251b33bad3c8ab83fb9a42f1
    SHA256: af315f35312d858df65719cd8dec8a87ce8ea6c797984bcf29a8ed7b68aa0447
    ssdeep: 384:OzY0Vgd1RrKzBgMvSn8G6FuT+quHpBjbOjBMwzt8:Oz/Vgd1gzyCSuBxkMwz
    t8

    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x6000
    timedatestamp.....: 0x49e01eed (Sat Apr 11 04:39:09 2009)
    machinetype.......: 0x14c (I386)

    ( 6 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x19b0 0x1a00 6.30 4ac8c9f82cf23d85316bd85d3d8e4efb
    .rdata 0x3000 0xae 0x200 1.49 3d541e69f96e97a837841ad289adeac7
    .data 0x4000 0xc 0x200 0.18 7c80b151582aa6280e754b477343e54e
    INIT 0x5000 0x364 0x400 4.51 f238fffd3a9917d72f4888f4276b3b06
    .rsrc 0x6000 0x3f8 0x400 5.35 b2bfc67ad7fc675f876f9b4ae5339cdf
    .reloc 0x7000 0x8a 0x200 1.37 064d7db7c16955d4dc6d3f7afb703e06

    ( 2 imports )
    > ataport.SYS: AtaPortNotification, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortMoveMemory, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortUshort, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange
    > NTOSKRNL.exe: KeTickCount

    ( 0 exports )

    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Generic Win/DOS Executable (49.9%)
    DOS Executable Generic (49.8%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
    sigcheck:
    publisher....: n/a
    copyright....: n/a
    product......: n/a
    description..: n/a
    original name: n/a
    internal name: n/a
    file version.: n/a
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules