Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
4 replies to this topic

#1 kristin.diesel

kristin.diesel

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 11 July 2012 - 09:38 AM

Please help. I think I have the Google redirect virus,however I haven't been able to track down the TDSS in my Control Panel to shut down. Every time I try to search for something I am redirected and when I've run Malwarebytes, "contained" the virus and restarted the virus shows back up again. Please let me know if you can think of anything that can help me out. Please let me know if I've left any relevant information out.

Thank you, thank you, thank you for any help you can give.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by owner at 8:56:26 on 2012-07-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.566 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\GManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\LivCam\LivCam.exe
C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\DesktopUtil\MCTDUtil.exe
C:\Program Files\Common Files\DesktopUtil\FDispPos.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
"C:\windows\System32\svchost.exe" -k LocalServiceDns
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\system32\wbem\WmiApSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FCToolbarURLSearchHook Class: {4d95229d-bcd1-51b4-d184-411b9857a1f4} - c:\program files\bucksbee loyalty plugin - 100815\Helper.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ArcSoft Video Helper: {4e18e9a4-95b3-4f8b-ae3b-ab7478de92ee} - c:\progra~1\arcsoft\totalm~1\codec\ArcIEVideoUp.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Bucksbee Loyalty Plugin - 100815: {e5c2a1fe-86db-87b4-11f0-1aa2579e81dd} - c:\program files\bucksbee loyalty plugin - 100815\BucksBee Loyalty Plugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [AdobeBridge]
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PC Speed Maximizer] "c:\program files\pc speed maximizer\SPMStarter.exe"
uRun: [SPMTray] "c:\program files\pc speed maximizer\SPMTray.exe"
uRun: [Apple] rundll32.exe "c:\users\owner\appdata\local\broadcom\apple\wvxrj.dll",CreateInstance
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [LivCam] "c:\program files\asus\livcam\LivCam.exe"
mRun: [EeeStorageBackup] c:\program files\asus\asus webstorage\service\AsusWSService.exe MySyncFolder
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [DTRun] c:\program files\arcsoft\totalmedia theatre 3\uDTRun.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MCTDUtil] c:\program files\common files\desktoputil\Util-Desktop.exe Launch SuperUtil
mRun: [FDispPos] c:\program files\common files\desktoputil\Util-Desktop.exe Launch FixPos
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{979892FE-BBB8-423C-B977-DBCEF5F75115} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{979892FE-BBB8-423C-B977-DBCEF5F75115}\2736F6 : DhcpNameServer = 10.0.0.254 66.18.32.2 66.18.32.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r033zc5g.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/?ourmark=3&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R0 mctkmdldr;mctkmdldr;c:\windows\system32\drivers\mctKmdldr.sys [2012-6-4 17024]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-15 11448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-1-15 219136]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 GManager;GManager;c:\windows\system32\GManager.exe [2012-6-4 222584]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-5-11 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-4-2 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-5-16 47640]
R2 MCTDesktopSvr;MCTDesktopSvr;c:\program files\common files\desktoputil\MCTDesktopSvr.exe [2012-6-4 199296]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\asus\game park\gameconsole\OberonGameConsoleService.exe [2010-1-15 44312]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-16 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-15 29472]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-11-16 51712]
R3 mctkmd;mctkmd;c:\windows\system32\drivers\mctkmd.sys [2012-6-4 102016]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-25 66592]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-15 862208]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-10 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-10 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-8 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-10 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 t1pusb;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb.sys [2012-6-4 146304]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-5-15 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-15 1343400]
.
=============== Created Last 30 ================
.
2012-07-11 01:42:35 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-07-11 01:31:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 01:13:00 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 19:29:02 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-10 19:29:01 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-10 19:28:59 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2012-07-10 19:28:58 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2012-07-10 19:28:57 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2012-07-10 19:28:57 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
2012-07-10 19:28:56 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2012-07-10 19:28:43 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 19:28:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 19:28:39 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 19:26:30 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 19:26:29 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 19:26:28 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 19:26:27 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 19:26:26 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 12:20:35 -------- d-----w- c:\programdata\AVAST Software
2012-07-10 12:20:35 -------- d-----w- c:\program files\AVAST Software
2012-07-09 12:26:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-07 00:56:21 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{69c9af61-04f8-4bc6-b6d6-12ac90430abc}\mpengine.dll
2012-07-06 17:45:19 -------- d-----w- C:\adobeTemp
2012-07-01 23:13:02 -------- d-----w- c:\users\owner\appdata\roaming\PC Speed Maximizer
2012-07-01 23:07:30 -------- d-----w- c:\program files\Yahoo!
2012-07-01 22:53:32 -------- d-----w- c:\users\owner\appdata\roaming\.purple
2012-07-01 22:52:06 -------- d-----w- c:\programdata\Tarma Installer
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-21 11:19:55 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:19:34 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:19:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 11:19:17 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 21:35:14 4967624 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-06-16 14:12:21 -------- d-----w- c:\users\owner\appdata\local\Google
2012-06-14 16:00:57 -------- d-----w- c:\users\owner\appdata\local\Macromedia
2012-06-13 22:34:00 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:33:59 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:33:53 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:33:53 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:33:53 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:33:51 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:33:45 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:33:44 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:33:44 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 17:15:02 -------- d-----w- c:\program files\iPod
2012-06-12 17:14:55 -------- d-----w- c:\program files\iTunes
2012-06-12 17:07:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-12 17:07:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-12 17:07:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-12 17:07:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-12 17:07:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-12 17:07:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-12 17:07:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-07-09 12:17:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-09 12:17:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-27 12:48:26 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-11 14:40:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-11 14:40:48 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-05-11 14:40:40 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-11 14:40:38 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 8:59:15.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:55 PM

Posted 11 July 2012 - 09:56 AM

Hi kristin.diesel,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#3 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:55 PM

Posted 11 July 2012 - 11:01 AM

Hi kristin.diesel,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Every time I try to search for something I am redirected and when I've run Malwarebytes, "contained" the virus and restarted the virus shows back up again.

I would like you to post the logfiles from Malwarebytes' Anti-Malware (MBAM).
Start MBAM, click on the log tab. Copy and paste the contents of those logfiles.





Step 1
I want you to uninstall Bucksbee Loyalty Plugin as it is a known Adware toolbar.
Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Bucksbee Loyalty Plugin

Additional instructions can be found here if needed.





Step 2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.





Step 3
I would like you to answer the following questions as exactly and detailed as you can:
  • How is your compter running at the moment?
  • Are you still being redirected?
  • Did/do those redirects happen with every internet browser (Internet Explorer, Firefox, ...)?





What you should post with your next answer:
  • the logfile(s) from MBAM,
  • the logfile from ComboFix,
  • an answer to my questions,
  • any further information that seems to be important in your eyes.

Regards,
M-K-D-B

#4 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:55 PM

Posted 14 July 2012 - 03:47 AM

Hi kristin.diesel,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:55 PM

Posted 16 July 2012 - 07:57 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users