Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

got a redirect virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 pokerprick

pokerprick

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 02 April 2012 - 10:50 AM

Both Mozilla and Explorer keep redirecting my searchs to "mevio" page no matter what my search is. Now if I type in the full url it goes fine. Otherwise its redirected. Thank you for the help you guys and gals are great. Heres my logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Cool One at 5:15:42 on 2012-04-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1916.922 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Game Booster 3\gbtray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [CPN Notifier] "c:\program files\cake poker 2.0\CakeNotifier.exe"
uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [NDSTray.exe] NDSTray.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgRemover] c:\documents and settings\cool one\local settings\temporary internet files\content.ie5\ctizsjuh\avg_remover_stf_x86_2012_1796[1].exe /run_number=2 /avgdir="c:\program files\avg\avg2012\" /avgdatadir="c:\documents and settings\all users\application data\avg2012\"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{73A37DC9-4369-4791-ABF0-5DC5D5152D49} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E4D88F34-E6F6-47F7-B2AB-E1F1E90A972F} : DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cool one\application data\mozilla\firefox\profiles\jwbx5in9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\cool one\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\cool one\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-13 242240]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [2012-2-28 55408]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 aawservice;Inotask;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 avgascln;Regservice;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 aw_host;Se26unic;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 mcafeeframework;Ksthunk;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 mcupdmgr.exe;Nim32;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 mfeavfk;NsTrcNT;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 pctavsvc;Ooclevercacheagent;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
S2 savrtpel;Websensepolicyserver;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 SbieDrv;Adiloader;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-2-15 1691480]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-02 12:12:07 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83827e1c-90fd-4fc1-a49c-8b171ad7cbf6}\offreg.dll
2012-04-02 11:50:35 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-02 11:49:50 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83827e1c-90fd-4fc1-a49c-8b171ad7cbf6}\mpengine.dll
2012-04-01 20:46:42 -------- d-----w- c:\program files\Future Wars
2012-04-01 10:02:41 456704 -c----w- c:\windows\system32\dllcache\smtpsvc.dll
2012-04-01 10:01:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-01 09:37:00 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-01 09:36:59 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-01 09:36:59 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-04-01 09:35:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-01 09:26:48 -------- d-----w- C:\Rbackup
2012-04-01 09:19:19 -------- d-----w- c:\program files\Best Removal Tool
2012-04-01 09:06:59 -------- d-----w- c:\documents and settings\cool one\local settings\application data\Yahoo
2012-04-01 09:06:58 -------- d-sh--w- c:\documents and settings\cool one\PrivacIE
2012-04-01 08:46:32 -------- d-sh--w- c:\documents and settings\cool one\IETldCache
2012-04-01 08:38:42 -------- d-----w- c:\windows\ie8updates
2012-04-01 08:34:32 -------- d-----w- c:\program files\Yahoo!
2012-04-01 08:29:29 -------- dc-h--w- c:\windows\ie8
2012-04-01 08:18:22 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-04-01 08:17:50 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-04-01 08:17:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-04-01 08:17:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-04-01 08:17:40 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-04-01 08:17:38 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-04-01 08:17:37 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-04-01 08:17:34 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-03-31 15:22:51 -------- d-----w- c:\program files\Lead Pursuit
2012-03-31 12:24:27 -------- d-----w- c:\windows\system32\AGEIA
2012-03-31 04:41:26 -------- d-----w- c:\program files\Rayman Origins
2012-03-30 13:54:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-30 13:51:51 -------- d-----w- c:\documents and settings\cool one\application data\Anarchy
2012-03-30 02:55:31 -------- d-----w- c:\program files\Star Defender 4
2012-03-27 08:20:54 -------- d--h--w- c:\windows\PIF
2012-03-25 06:14:49 -------- d-----w- c:\documents and settings\cool one\local settings\application data\LaunchpadEnhanced
2012-03-25 06:14:28 -------- d-----w- C:\SWGEmu
2012-03-25 06:12:53 533408 ----a-w- c:\program files\mozilla firefox\Xceed.UI.dll
2012-03-25 06:12:53 -------- d-----w- c:\documents and settings\cool one\application data\LPECommon
2012-03-25 06:12:49 266240 ----a-w- c:\program files\mozilla firefox\MySql.Data.dll
2012-03-25 06:12:47 1270688 ----a-w- c:\program files\mozilla firefox\Xceed.Grid.dll
2012-03-25 06:12:37 516096 ----a-w- c:\program files\mozilla firefox\Xceed.Editors.dll
2012-03-25 06:12:19 -------- d-----w- c:\program files\Launchpad Enhanced
2012-03-25 06:11:48 -------- d-----w- c:\documents and settings\cool one\local settings\application data\Downloaded Installations
2012-03-25 05:53:57 -------- d-----w- c:\program files\Sony Online Entertainment
2012-03-25 05:53:57 -------- d-----w- c:\documents and settings\cool one\local settings\application data\SCE
2012-03-25 05:53:57 -------- d-----w- c:\documents and settings\cool one\application data\Sony Online Entertainment
2012-03-25 05:44:37 -------- d-----w- c:\program files\StarWarsGalaxies
2012-03-25 05:44:33 -------- d-----w- c:\program files\Sony
2012-03-25 02:33:53 -------- d-----w- C:\Games
2012-03-23 16:06:14 -------- d-----w- c:\documents and settings\cool one\local settings\application data\LucasArts
2012-03-23 13:47:59 -------- d-----w- c:\program files\LucasArts
2012-03-22 18:23:20 -------- d-----w- c:\documents and settings\cool one\application data\Activision
2012-03-21 11:53:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-03-21 11:53:42 -------- d-----w- c:\program files\Windows Media Connect 2
2012-03-21 11:52:41 276992 ------w- c:\windows\system32\audiodev.dll
2012-03-21 11:52:05 -------- d-----w- c:\windows\system32\LogFiles
2012-03-21 11:39:36 153088 ----a-w- c:\windows\system32\xvid.ax
2012-03-21 11:39:24 -------- d-----w- c:\program files\Xvid
2012-03-20 13:00:50 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2012-03-20 05:32:08 103784 ----a-w- c:\documents and settings\cool one\GoToAssistDownloadHelper.exe
2012-03-20 05:13:09 -------- d-----w- c:\documents and settings\cool one\application data\McAfee
2012-03-19 09:39:48 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2012-03-19 05:42:35 -------- d-----w- c:\documents and settings\cool one\application data\EntwinedSoD
2012-03-17 12:10:38 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-03-17 12:10:38 59888 ------w- c:\windows\system32\pxwma.dll
2012-03-17 12:10:38 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2012-03-15 17:12:02 -------- d-----w- c:\documents and settings\cool one\application data\SUPERAntiSpyware.com
2012-03-15 17:11:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-15 17:11:32 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-14 14:25:04 -------- d-----w- c:\documents and settings\cool one\local settings\application data\bitComposer
2012-03-14 13:31:02 -------- d-----w- c:\documents and settings\cool one\local settings\application data\Ubisoft
2012-03-14 12:25:55 -------- d-----w- c:\program files\Western Digital
2012-03-12 13:11:29 -------- d-----w- c:\documents and settings\cool one\local settings\application data\Babylon
2012-03-12 13:11:28 -------- d-----w- c:\documents and settings\cool one\application data\Babylon
2012-03-12 13:11:28 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-03-12 10:29:39 -------- d-----w- C:\DOCS
2012-03-10 07:11:11 -------- d-----w- c:\program files\Biart
2012-03-09 06:56:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-08 14:42:22 -------- d-----w- c:\windows\system32\xlive
2012-03-08 14:42:21 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-03-08 14:41:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-08 11:32:16 -------- d-----w- c:\program files\Delta
2012-03-06 12:25:56 -------- d-----w- c:\documents and settings\cool one\Saved Games
2012-03-06 10:42:10 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-03-06 10:42:10 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-03-06 08:04:26 -------- d-sh--w- c:\documents and settings\cool one\UserData
2012-03-05 08:04:28 -------- d-----w- c:\documents and settings\all users\application data\Mastiff
2012-03-05 07:46:16 -------- d-----w- c:\program files\Mastiff
2012-03-03 23:01:26 -------- d-----w- c:\documents and settings\cool one\local settings\application data\Painkiller Recurring Evil
2012-03-03 22:48:57 -------- d-----w- c:\program files\Nordic Games
2012-03-03 22:36:53 -------- d-----w- c:\program files\Strange Loop Games
.
==================== Find3M ====================
.
2012-03-20 09:12:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-17 12:10:28 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-03-09 06:55:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-03 08:35:27 54016 ----a-w- c:\windows\system32\drivers\jettku.sys
2012-02-28 12:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-28 12:48:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-13 09:32:14 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-13 09:27:21 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-07 03:35:28 40960 ----a-w- c:\windows\uneng.exe
2012-02-07 03:35:27 52464 ----a-w- c:\windows\system32\drivers\cdr4_2K.sys
2012-02-07 03:35:27 45056 ----a-w- c:\windows\system32\cdrtc.dll
2012-02-07 03:35:27 45056 ----a-w- c:\windows\system32\cdral.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 03:47:14 315392 ----a-w- c:\windows\HideWin.exe
2012-01-12 16:53:24 1859968 ------w- c:\windows\system32\_000006_.tmp.dll
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 5:17:26.67 ===============

Attached Files


Edited by Noviciate, 02 April 2012 - 02:00 PM.
Added DDS from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:19 AM

Posted 02 April 2012 - 02:04 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:19 AM

Posted 09 April 2012 - 04:49 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users