Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Clickker.cn virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 dal9796

dal9796

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 09 September 2009 - 03:42 PM

When I use either Firefox 3.5.2 or IE7, search result links from Google searches get redirected to hxxp://clickker.cn

I can't seem to get rid of it. If it helps, when I use Firefox and right click the link to say "Open Link in Foreground Tab", I can bypass this problem. If I simply click on the link or if I right click and say "Open Link in New Tab", the problem happens and they both get redirected.

Thanks for any assistance.

Les

**** DDS LOG POSTING ****

DDS (Ver_09-07-30.01) - NTFSx86
Run by Lester at 16:03:12.86 on Wed 09/09/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2046.842 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
E:\Security\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Security\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\SysTools\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Other Apps\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
E:\Security\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
E:\SysTools\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
E:\Security\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Other Apps\Directory Opus\dopusrt.exe
C:\WINDOWS\ehome\ehtray.exe
E:\Clipboard Magic401\ClipboardMagic.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
E:\Communications\Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
E:\Other Apps\Directory Opus\dopus.exe
E:\Finance\KeePass\KeePass.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\DllHost.exe
F:\Downloads to scan\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
uRun: [Directory Opus Desktop Dblclk] "e:\other apps\directory opus\dopusrt.exe" /dblclk
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [FinePrint Dispatcher v5] "c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe" /source=HKLM
mRun: [avgnt] "e:\security\avira\antivir desktop\avgnt.exe" /min
mRun: [Ad-Watch] e:\security\ad-aware\AAWTray.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\lester\appdata\roaming\micros~1\windows\startm~1\programs\startup\clipbo~1.lnk - e:\clipboard magic401\ClipboardMagic.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - e:\micros~1\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {06305358-99CE-4C47-B59C-939B76856C2B} - hxxp://download.microsoft.com/download/A/C/4/AC43418A-8C86-4205-803E-249B637EE96B/pmupd806.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: APSHook.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - e:\other apps\directory opus\dopuslib.dll
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\users\lester\appdata\roaming\mozilla\firefox\profiles\lmt7g2o0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_enCA321CA322
FF - plugin: e:\entertainment\vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\communications\firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\communications\firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\communications\firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\communications\firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\communications\firefox\greprefs\all.js - pref("media.cache_size", 51200);
e:\communications\firefox\greprefs\all.js - pref("media.ogg.enabled", true);
e:\communications\firefox\greprefs\all.js - pref("media.wave.enabled", true);
e:\communications\firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\communications\firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\communications\firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\communications\firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
e:\communications\firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
e:\communications\firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\communications\firefox\greprefs\all.js - pref("layout.css.dpi", -1);
e:\communications\firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
e:\communications\firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
e:\communications\firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
e:\communications\firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\communications\firefox\greprefs\all.js - pref("geo.enabled", true);
e:\communications\firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
e:\communications\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
e:\communications\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
e:\communications\firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\communications\firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\communications\firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\communications\firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\communications\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
e:\communications\firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-27 64160]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-7-26 902592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\security\avira\antivir desktop\sched.exe [2009-4-22 108289]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-6-20 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-6-20 21504]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SbieDrv;SbieDrv;e:\other apps\sandboxie\SbieDrv.sys [2009-4-13 107520]
S3 IACMZOZL;IACMZOZL;c:\users\lester\appdata\local\temp\IACMZOZL.exe [2008-1-5 478080]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\security\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 NSELGOO;NSELGOO;c:\users\lester\appdata\local\temp\NSELGOO.exe [2008-1-5 560000]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2008-1-20 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2008-1-20 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2008-1-20 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2008-1-20 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2008-1-20 98696]

=============== Created Last 30 ================

2009-09-09 14:59 <DIR> --d----- c:\program files\Trend Micro
2009-09-03 01:07 <DIR> --d----- c:\programdata\is-707LQ
2009-09-03 01:07 <DIR> --d----- c:\progra~2\is-707LQ
2009-09-03 01:07 3,782,688 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-03 01:07 47,492 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-02 17:49 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 17:49 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 15:34 <DIR> --d----- c:\windows\pss
2009-08-26 10:38 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-26 09:59 <DIR> --d----- c:\programdata\NVIDIA
2009-08-26 09:16 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 09:12 139,316 a------- c:\programdata\nvModes.dat
2009-08-26 09:12 139,316 a------- c:\progra~2\nvModes.dat
2009-08-26 08:35 <DIR> --d----- c:\programdata\NortonInstaller
2009-08-26 08:35 <DIR> --d----- c:\progra~2\NortonInstaller
2009-08-16 13:38 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-16 13:38 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-16 13:38 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-16 13:38 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-16 13:38 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-16 13:38 270,848 a------- c:\windows\system32\schannel.dll
2009-08-16 13:38 72,704 a------- c:\windows\system32\secur32.dll
2009-08-16 13:38 9,728 a------- c:\windows\system32\lsass.exe
2009-08-13 20:32 15,360 a------- c:\windows\system32\TSD32.DLL
2009-08-13 20:32 8,192 a------- c:\windows\system32\TSSOFT32.ACM
2009-08-13 20:32 947,472 a------- c:\windows\system32\msjava.dll
2009-08-13 20:32 <DIR> --d----- c:\programdata\1stWorks
2009-08-13 20:32 <DIR> --d----- c:\program files\1stWORKS
2009-08-13 20:32 <DIR> --d----- c:\progra~2\1stWorks
2009-08-11 19:48 71,680 a------- c:\windows\system32\atl.dll
2009-08-11 19:48 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-11 19:48 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-11 19:47 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-11 19:47 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-11 19:47 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 19:47 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 19:47 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 19:47 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-11 19:47 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-11 19:47 18,432 a------- c:\windows\system32\amcompat.tlb

==================== Find3M ====================

2009-09-01 01:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-01 01:24 86,016 a------- c:\windows\inf\infpub.dat
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-26 10:27 143,360 a------- c:\windows\inf\infstor.dat
2009-08-26 10:13 319,456 a------- c:\windows\DIFxAPI.dll
2009-08-24 17:28 109,278 a------- c:\users\lester\appdata\roaming\nvModes.dat
2009-08-10 23:47 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-05 19:30 60,744 a------- c:\users\lester\g2mdlhlpx.exe
2009-08-05 19:27 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-26 13:30 902,592 a------- c:\windows\system32\drivers\tdrpm228.sys
2009-07-26 13:30 44,704 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-07-26 13:30 540,000 a------- c:\windows\system32\drivers\timntr.sys
2009-07-26 13:30 138,208 a------- c:\windows\system32\drivers\snapman.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-06-15 11:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 11:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 11:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 08:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-11 19:59 34 a------- c:\users\lester\jagex_runescape_preferences.dat
2008-06-21 18:25 174 a--sh--- c:\program files\desktop.ini
2008-06-21 18:10 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-03 02:26 0 a------- c:\users\lester\appdata\roaming\wklnhst.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-12-02 19:43 108 a--shr-- c:\windows\neoqaz2.dll

============= FINISH: 16:06:10.53 ===============

See the attachments which have the "attach.txt" and the "ark.txt" files as per your instructions for posting.

Attached Files


Edited by Orange Blossom, 09 September 2009 - 08:00 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 dal9796

dal9796
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 September 2009 - 06:25 PM

Hi. Please consider this posting CLOSED. Sorry I'm a new user. This problem appears gone but another one is still around. I saw something on this site (I think anyway) that suggested I try Malwarebytes' AntiMalware and also SUPERAntispyware to see if the problem could be solved.

Anyway, the redirect problem seems solved. However, in the MBAM scans, I'm getting a rootkit type virus that seems to avoid being deleted, even after restarting.

I'm going to post this new problem in a new post with a new log, etc.

Thanks.

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:42 AM

Posted 23 September 2009 - 08:59 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users