Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Websites search gets redirected randomly, please help.

  • This topic is locked This topic is locked
5 replies to this topic

#1 Hamutz Meseta

Hamutz Meseta

  • Members
  • 2 posts
  • Local time:06:10 AM

Posted 31 October 2010 - 10:53 PM

Hi, I've been having difficulties browsing sites lately. At 1st my computer would restart randomly by itself, and it always restarts twice in a row, I told my friends about it and they recommended me to download Malwarebytes, update it and scan it in safe mode, so I downloaded Malwarebytes, then I noticed that I can not open malwarebytes in normal mode, so I restarted my PC in safe mode, this time malwarebytes worked, so I opened it and tried to update it, but then I got a beep sound from my computer and an error popped out, so I clicked OK and started the scan without updating malwarebytes. It detected 11files and deleted them all, I thought I was in the safe zone so I switched back to normal mode. Then I updated my Kaspersky internet security, while I was browsing I noticed the redirecting issue, I've had it for couple weeks but I never took it seriously, because it redirects sites randomly. Sometimes my browser(firefox) would work fine, sometimes it would have redirecting issues, I don't really know how to describe it, it comes and go, and sites such as youtube and this site would never give me redirect problem. While I was searching for the solution to my redirect problem my kaspersky detected a rootkit "MEM:Rootkit.win32.TDSS.d" in my system, and asked me to disinfect the files, so I did that, after that the computer rebooted itself. Malwarebytes is now working in normal mode, so I updated it. Eventhough my computer does not restart by itself that much anymore, the redirect problem is still here. I've been reading this site for solutions since this is one of the few sites that never give me redirect problem. I tried tdsskiller RKUnhookerLE, and Trojan Remover, they all detected something but none of them were the redirect virus. I am the novice of novices at virus problems, so I'd really like someone with the right knowledge to help me on this issue, thanks for your time and I hope to hear from you soon.

Below is the report I got from TDSSkiller and DDS reports.

DDS reports:

DDS (Ver_10-10-31.01) - NTFSx86
Run by Vince at 21:13:23.06 on 2010-10-31 星期日
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.3327.1800 [GMT -7:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Vince\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - d:\easymule\modules\IE2EM.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\vince\application data\flashgetbho\FlashGetBHO3.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [eMuleAutoStart] d:\easymule\emule.exe -AutoStart
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
IE: &U使用米人下载并收藏 - c:\program files\namirobot\data\du.html
IE: &使用BitComet下载 - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &使用BitComet下载全部链接 - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &使用BitComet下载本页视频 - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: Download all by FlashGet3 - c:\documents and settings\vince\application data\flashgetbho\GetAllUrl.htm
IE: Download by easyMule - d:\easymule\IE2EM.htm
IE: Download by FlashGet3 - c:\documents and settings\vince\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: 使用快车3下载 - c:\documents and settings\vince\application data\flashgetbho\GetUrl.htm
IE: 使用快车3下载全部链接 - c:\documents and settings\vince\application data\flashgetbho\GetAllUrl.htm
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
Trusted Zone: 111222.cn\list1
Trusted Zone: kuaiche.com\software
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/new_MMCShell.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vince\applic~1\mozilla\firefox\profiles\y00epb8s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\vince\application data\mozilla\firefox\profiles\y00epb8s.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\vince\application data\mozilla\firefox\profiles\y00epb8s.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\vince\application data\mozilla\firefox\profiles\y00epb8s.default\extensions\npnami@npnami.com\plugins\npnami.dll
FF - plugin: c:\documents and settings\vince\local settings\application data\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\final codecs\mozillaplugins\nppl3260.dll
FF - plugin: c:\program files\final codecs\mozillaplugins\nprjplug.dll
FF - plugin: c:\program files\final codecs\mozillaplugins\nprpjplug.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-7-23 475736]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe -r [?]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-14 27992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 32856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-27 38224]
S0 ralains;ralains;c:\windows\system32\drivers\wxutmai.sys --> c:\windows\system32\drivers\wxutmai.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-4-19 1691480]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva296;XDva296;\??\c:\windows\system32\xdva296.sys --> c:\windows\system32\XDva296.sys [?]

=============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2010-11-01 02:25:16 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-01 02:25:16 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-01 02:25:16 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-01 02:25:16 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-01 02:25:16 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-01 02:25:15 -------- d-----w- c:\program files\Trojan Remover
2010-11-01 02:25:15 -------- d-----w- c:\docume~1\vince\applic~1\Simply Super Software
2010-11-01 02:25:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-10-28 06:01:01 -------- d-----w- c:\docume~1\vince\applic~1\Malwarebytes
2010-10-28 05:23:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 05:23:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 05:23:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 05:23:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-28 05:16:06 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-28 05:15:59 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-28 05:15:59 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-28 05:15:37 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-28 05:15:37 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-28 05:15:37 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-28 05:15:36 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-27 20:33:28 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2010-10-27 20:33:23 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-10-27 00:38:05 -------- d-----w- c:\program files\DriverFinder
2010-10-27 00:36:53 -------- d-----w- c:\docume~1\vince\applic~1\DriverFinder
2010-10-25 05:14:12 -------- d-----w- c:\docume~1\vince\locals~1\applic~1\FalloutNV
2010-10-24 03:53:58 -------- d-----w- c:\docume~1\vince\applic~1\RayV
2010-10-24 03:53:48 -------- d-----w- c:\program files\RayV
2010-10-20 02:01:10 -------- d-----w- c:\program files\Elaborate Bytes
2010-10-18 02:00:14 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-18 02:00:09 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-16 19:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 19:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 19:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 19:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 19:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 19:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-15 04:33:13 -------- d-----w- c:\docume~1\vince\applic~1\Codemasters
2010-10-14 18:36:11 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 18:36:11 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 18:35:44 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 22:20:09 -------- d-----w- c:\program files\Interface
2010-10-12 22:14:43 -------- d-----w- c:\program files\WOW sucks
2010-10-06 01:16:13 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-10-06 01:16:13 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-10-06 01:16:13 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-10-06 01:16:13 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-10-06 01:16:13 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-10-06 01:16:11 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-10-06 01:16:11 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-10-03 10:49:44 -------- d-----w- c:\docume~1\vince\locals~1\applic~1\Oblivion

==================== Find3M ====================

2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 21:15:27.10 ===============


Attached Files

Edited by Hamutz Meseta, 31 October 2010 - 11:18 PM.

BC AdBot (Login to Remove)


#2 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:02:10 PM

Posted 08 November 2010 - 05:50 AM


Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Hamutz Meseta

Hamutz Meseta
  • Topic Starter

  • Members
  • 2 posts
  • Local time:06:10 AM

Posted 10 November 2010 - 03:55 PM

OMG finally, hello there m0le :), Im still here :)

#4 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:02:10 PM

Posted 10 November 2010 - 05:55 PM

Rerun TDSKiller but please note what you should do when you come to a malicious file

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:02:10 PM

Posted 15 November 2010 - 08:27 PM


I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.


Posted Image
m0le is a proud member of UNITE

#6 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:02:10 PM

Posted 16 November 2010 - 08:57 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users