Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • This topic is locked This topic is locked
1 reply to this topic

#1 Hiei

Hiei

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 30 October 2010 - 11:53 PM

So I've had this virus on my PC for about a week and I tried everything. Malewarebytes, AVG, SpyDoctor, and Spybot. After running all these and still having the virus I tried going to run and typing in c:\windows\system32\drivers\etc\hosts deleting everything except the first IP, saving it to my desktop and making it read only then resaving it but it just kept coming back (all the IP Adresses). After doing all of that to no avail I ran combofix which did fix the problem...for one day. I clicked on a couple of links today while searching google and started getting redirected again. I have absolutely no idea what to do so I decided to come here. I am running Windows Vista if anyone needs to know and using Firefox. Any suggestions at all would be greatly appreciated!
Here's a post of my log.

DDS (Ver_10-10-21.02) - NTFSx86
Run by Hiei at 22:17:14.54 on Sat 10/30/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3070.2063 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\Steam\Steam.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Hiei\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {10fcd613-1002-4640-ab70-92128fd11434} - c:\windows\system32\appinfo32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - c:\users\hiei\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\hiei\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\hiei\appdata\roaming\mozilla\firefox\profiles\hzf0p3ix.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c4dac3d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\hiei\appdata\roaming\mozilla\firefox\profiles\hzf0p3ix.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\hiei\appdata\roaming\mozilla\firefox\profiles\hzf0p3ix.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\hiei\appdata\roaming\mozilla\firefox\profiles\hzf0p3ix.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc,
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-27 218592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-7 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-10-27 112592]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-7 6380032]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-7 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-7-15 99344]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 VKeyboard;Virtual Keyboard Device;c:\windows\system32\drivers\VKeyboard.sys [2010-10-14 302080]
R3 VMouse;Virtual Mouse;c:\windows\system32\drivers\VMouse.sys [2010-10-14 303104]
R3 VPS3Joy;Virtual Playstation(3) Joystick;c:\windows\system32\drivers\VPS3Joy.sys [2010-10-14 304128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-23 517448]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-9-7 73216]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-10-27 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-10-27 1142224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-29 22:02:08 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-29 22:02:06 -------- d-----w- c:\users\hiei\appdata\local\temp
2010-10-29 21:49:00 98816 ----a-w- c:\windows\sed.exe
2010-10-29 21:49:00 84992 ----a-w- c:\windows\MBR.exe
2010-10-29 21:49:00 256512 ----a-w- c:\windows\PEV.exe
2010-10-29 21:49:00 161792 ----a-w- c:\windows\SWREG.exe
2010-10-29 20:51:03 -------- d-----w- c:\users\hiei\appdata\local\Threat Expert
2010-10-29 16:35:25 -------- d-----w- c:\users\hiei\appdata\roaming\FrostWire
2010-10-29 16:35:04 -------- d-----w- c:\program files\Ask.com
2010-10-29 16:34:52 -------- d-----w- c:\program files\FrostWire
2010-10-28 02:54:14 767952 ----a-w- c:\windows\BDTSupport.dll
2010-10-28 02:54:14 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-10-28 02:54:14 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-10-28 02:54:14 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-10-28 02:46:45 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-28 02:46:45 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-10-28 02:46:38 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-28 02:46:38 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-28 02:46:34 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-28 02:46:30 -------- d-----w- c:\users\hiei\appdata\roaming\PC Tools
2010-10-28 02:46:30 -------- d-----w- c:\program files\Spyware Doctor
2010-10-28 02:46:30 -------- d-----w- c:\program files\common files\PC Tools
2010-10-28 02:46:30 -------- d-----w- c:\progra~2\PC Tools
2010-10-28 01:46:17 0 ---ha-w- c:\windows\dsdxvmbbur.tmp
2010-10-27 20:53:00 -------- d-----w- c:\users\hiei\appdata\local\iMesh
2010-10-27 20:51:08 -------- d-----w- c:\users\hiei\appdata\local\PackageAware
2010-10-27 16:48:59 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 16:48:59 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 16:48:59 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 21:07:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-26 21:07:35 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-26 03:40:41 -------- d-----w- c:\program files\PCSX2 0.9.7
2010-10-26 03:14:37 -------- d-----w- c:\program files\Pcsx2
2010-10-25 15:17:09 0 ---ha-w- c:\windows\system32\dsdxvmbbur.tmp
2010-10-25 15:15:56 363520 ----a-w- c:\windows\system32\appinfo32.dll
2010-10-24 21:55:24 -------- d-----w- c:\program files\Microsoft
2010-10-23 18:56:09 -------- d-----w- c:\users\hiei\appdata\local\AVG Security Toolbar
2010-10-23 18:55:33 -------- d-----w- c:\users\hiei\appdata\roaming\AVG10
2010-10-23 18:32:15 -------- d--h--w- c:\progra~2\Common Files
2010-10-23 18:31:59 -------- d-----w- c:\progra~2\AVG Security Toolbar
2010-10-23 18:31:04 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-23 18:31:04 -------- d-----w- c:\progra~2\AVG10
2010-10-23 18:17:59 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{557ba102-7fd6-4ee4-ab0f-550036ac183d}\mpengine.dll
2010-10-21 05:37:18 -------- d-----w- c:\program files\TuneUpMedia
2010-10-20 00:23:08 -------- d-----w- c:\progra~2\MFAData
2010-10-19 04:22:32 -------- d-----w- c:\program files\iTunes
2010-10-19 04:22:32 -------- d-----w- c:\program files\iPod
2010-10-19 04:20:37 -------- d-----w- c:\program files\Bonjour
2010-10-15 01:11:33 -------- d-----w- c:\progra~2\PowerUp Software
2010-10-14 21:18:41 304128 ----a-w- c:\windows\system32\vps3joy.sys
2010-10-14 21:18:41 304128 ----a-w- c:\windows\system32\drivers\VPS3Joy.sys
2010-10-14 21:18:41 303104 ----a-w- c:\windows\system32\vmouse.sys
2010-10-14 21:18:41 303104 ----a-w- c:\windows\system32\drivers\VMouse.sys
2010-10-14 21:18:41 302080 ----a-w- c:\windows\system32\vkeyboard.sys
2010-10-14 21:18:41 302080 ----a-w- c:\windows\system32\drivers\VKeyboard.sys
2010-10-14 21:18:39 -------- d-----w- c:\program files\The Force Studio
2010-10-14 16:50:14 -------- d-----w- C:\169e99635245c3f473decc115521a3
2010-10-14 03:38:56 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-14 03:38:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-14 03:38:56 389632 ----a-w- c:\windows\system32\html.iec
2010-10-08 04:32:20 -------- d-----w- c:\program files\ControlMK
2010-10-08 01:02:02 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-08 01:02:01 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-08 01:01:56 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-08 01:01:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-08 01:01:33 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-08 01:01:33 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-08 01:01:11 3914240 ----a-w- c:\windows\system32\atidxx32.dll
2010-10-08 01:00:57 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-08 01:00:55 6380032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-08 01:00:55 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-10-08 01:00:52 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-10-08 01:00:43 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-08 01:00:43 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-08 00:59:11 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-08 00:58:38 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-08 00:58:08 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-08 00:58:07 15830016 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-08 00:57:43 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-08 00:57:26 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-10-08 00:57:25 4375552 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-08 00:56:59 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-08 00:56:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-08 00:56:28 221696 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-06 00:04:18 -------- d-----w- c:\program files\common files\Steam
2010-10-06 00:04:16 -------- d-----w- c:\program files\Steam
2010-10-04 01:37:54 -------- d-----w- c:\program files\Veetle
2010-10-02 02:54:32 -------- d-----w- c:\program files\World of Warcraft Beta
2010-10-02 00:43:54 -------- d-----w- c:\users\hiei\Cataclysm-Beta-Installer-4.0.0.12635-enUS

==================== Find3M ====================

2010-10-30 13:05:12 119296 ----a-w- c:\windows\system32\zlib.dll
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-08 01:00:59 28160 ----a-w- c:\windows\system32\atiu9pag.dll
2010-10-08 01:00:33 3392000 ----a-w- c:\windows\system32\atiumdva.dll
2010-10-08 00:59:37 65536 ----a-w- c:\windows\system32\coinst.dll
2010-10-08 00:58:52 4032512 ----a-w- c:\windows\system32\atiumdag.dll
2010-10-08 00:57:45 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-10-08 00:56:59 528384 ----a-w- c:\windows\system32\aticfx32.dll
2010-09-26 07:15:11 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-26 07:10:17 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 22:18:11.85 ===============

BC AdBot (Login to Remove)

 


#2 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 AM

Posted 01 November 2010 - 10:21 PM

Is this you as well? http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/525329-redirect-virus.html

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users