Results 1 to 3 of 3

Thread: [HELP] to remove google redirect virus...

  1. #1
    Junior Member
    Join Date
    May 2011
    Posts
    3

    Unhappy [HELP] to remove google redirect virus...

    first of all, thx to TASHI for guidances... i wish i dont make mistakes now... LOL
    ------------------------------------------------------------
    Hallo guys, please help me, this "google redirected virus" is very stubborn to remove...

    At the first, I got "windows recovery virus" but it had been resolved by using spybot.

    After that, I have "google redirected virus", so everytime I open firefox (my default browser), it ALWAYS asks me to set as default browser, and the proxy always changes to 127.0.0.1:59677. Every google search result is often redirected to other site. In Additions, I always find that iexplorer.exe is running in background (when opening task manager).

    I did virus scanning repeatly both in normal mode and safe mode, by using spybot, avira, turn to vipre, malwarebites, RKILL, etc. But there's always no threads found..

    I also had tried Combofix but it results nothing, I didn't read this before:
    http://forums.spybot.info/showthread.php?t=16806, because I found combofix info from other site..

    ------------------------------------
    Here is my DDS log:
    ------------------------------------
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Medoose at 20:12:03.09 on 01/01/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.62.1033.18.3038.2041 [GMT 7:00]
    .
    AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Sun\SDK\lib\appservService.exe
    C:\Program Files\Immunet Protect\2.0.17\agent.exe
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Sun\SDK\jdk\bin\java.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Medoose\Desktop\dds.com
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: H - No File
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    uRun: [CPU temperature and system information utility] c:\program files\core temp\Core Temp.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
    mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
    StartupFolder: c:\users\medoose\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\medoose\appdata\roaming\mozilla\firefox\profiles\tdm5tdp7.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 59677
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-19 239168]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-19 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-19 656320]
    R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-5-19 41424]
    R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-5-19 31184]
    R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-6-2 38976]
    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2011-5-17 202928]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\sdk\lib\appservservice.exe "\"c:\sun\sdk\bin\asadmin.bat\" start-domain --user admin domain1" "\"c:\sun\sdk\bin\asadmin.bat\" stop-domain domain1\" --> c:\sun\sdk\lib\appservservice.exe \c:\sun\sdk\bin\asadmin.bat\ [?]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-4-22 86792]
    R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-5-19 756680]
    R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2008-10-28 886056]
    R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [2010-6-2 241664]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-3-4 48600]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-2 176128]
    S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-9-12 69168]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-2 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-2 112128]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-3-2 103040]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-6-2 9728]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 pr3gmdm;PROLiNK 3.5G USB Adapter - MODEM;c:\windows\system32\drivers\pr3gmdm.sys [2010-2-25 106880]
    S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-19 366840]
    S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-19 1150936]
    S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1343400]
    S3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [2010-10-4 102656]
    .
    =============== Created Last 30 ================
    .
    2011-05-19 11:10:14 -------- d-----w- c:\program files\ESET
    2011-05-19 10:44:12 1407280 ----a-w- C:\TeDeEsESKiller.exe
    2011-05-19 06:20:41 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-05-18 22:43:12 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2011-05-18 22:43:12 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-05-18 22:43:10 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-05-18 22:43:10 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2011-05-18 22:42:57 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-05-18 22:42:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-05-18 22:42:35 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-05-18 22:42:13 -------- d-----w- c:\program files\common files\PC Tools
    2011-05-18 22:42:12 -------- d-----w- c:\users\medoose\appdata\roaming\PC Tools
    2011-05-18 22:42:12 -------- d-----w- c:\program files\PC Tools Security
    2011-05-18 22:42:12 -------- d-----w- c:\progra~2\PC Tools
    2011-05-18 22:25:18 -------- d-----w- c:\users\medoose\appdata\local\Immunet
    2011-05-18 22:25:18 -------- d-----w- c:\progra~2\Immunet
    2011-05-18 22:25:07 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
    2011-05-18 22:25:03 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
    2011-05-18 22:24:57 -------- d-----w- c:\program files\Immunet Protect
    2011-05-17 02:00:28 -------- d-----w- c:\users\medoose\appdata\roaming\Sunbelt
    2011-05-17 01:56:06 -------- d-----w- c:\progra~2\Sunbelt
    2011-05-17 01:53:24 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2011-05-17 01:52:55 -------- d-----w- c:\program files\Sunbelt Software
    2011-05-16 16:44:02 -------- d-----w- c:\program files\FileASSASSIN
    2011-05-16 13:59:34 388096 ----a-r- c:\users\medoose\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-05-16 13:59:33 -------- d-----w- c:\program files\Trend Micro
    2011-05-16 12:57:42 -------- d-----w- c:\users\medoose\appdata\local\temp
    2011-05-16 12:47:15 98816 ----a-w- c:\windows\sed.exe
    2011-05-16 12:47:15 89088 ----a-w- c:\windows\MBR.exe
    2011-05-16 12:47:15 256512 ----a-w- c:\windows\PEV.exe
    2011-05-16 12:47:15 161792 ----a-w- c:\windows\SWREG.exe
    2011-05-16 11:56:16 -------- d-----w- c:\users\medoose\appdata\roaming\Malwarebytes
    2011-05-16 11:55:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-16 11:55:57 -------- d-----w- c:\progra~2\Malwarebytes
    2011-05-16 11:55:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-14 01:24:53 -------- d-----w- c:\program files\Blog Comment Poster EXTREME
    2011-05-13 09:25:38 -------- d-----w- c:\users\medoose\appdata\roaming\ScrapeBox Link Checker Free Edition
    2011-05-12 08:08:42 -------- d-----w- c:\users\medoose\appdata\local\Xenocode
    2011-05-11 22:44:22 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f26152a8-88cd-4ff9-807e-83ad05674188}\mpengine.dll
    2011-05-09 09:53:07 -------- d-----w- c:\users\medoose\appdata\roaming\Bryxen Software
    2011-05-09 09:53:06 -------- d-----w- c:\program files\Article Submitter
    2011-05-08 04:19:58 -------- d-----w- c:\program files\Intelore
    2011-05-06 08:54:02 -------- d-----w- c:\program files\Intenet Download Manager
    2011-05-06 08:44:01 -------- d-----w- c:\program files\Internet Download Manager
    2011-05-06 08:38:48 -------- d-----w- c:\users\medoose\appdata\roaming\IDM
    2011-05-06 08:06:57 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-05-06 08:06:57 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-05-06 08:06:57 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-05-06 08:06:56 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-05-06 08:06:56 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-05-06 08:06:55 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-05-06 08:06:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-05-06 08:06:54 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-05-05 06:40:43 -------- d-----w- c:\program files\AffiliateSupportDesk.com
    2011-05-02 18:00:44 -------- d-----w- c:\program files\common files\DVDVideoSoft
    2011-04-21 17:30:21 86792 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
    2011-04-09 15:40:05 -------- d-----w- c:\program files\Lame For Audacity
    2011-04-09 12:57:22 -------- d-----w- c:\program files\Guitar FX BOX 2.6
    2011-04-09 11:55:18 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-03-26 18:34:26 -------- d-----w- c:\program files\Guitar Pro 5
    2011-03-15 18:13:13 -------- d-----w- c:\users\medoose\appdata\roaming\Topten Software
    2011-03-15 18:13:08 -------- d-----w- c:\program files\Topten Software
    2011-03-14 10:15:08 -------- d-----w- c:\program files\Core Temp
    2011-03-02 11:29:50 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2011-03-02 11:29:50 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2011-03-02 11:29:50 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
    2011-03-02 11:29:50 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
    2011-03-02 11:29:50 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2011-03-02 11:27:58 -------- d-----w- c:\program files\3 Mobile Broadband
    2011-02-20 05:04:57 -------- d-----w- c:\users\medoose\appdata\local\Unity
    2011-02-14 22:07:51 -------- d-----w- c:\program files\oscpmwin
    2011-02-06 13:48:24 -------- d-----w- c:\users\medoose\appdata\local\K-Meleon
    2011-02-06 13:48:21 -------- d-----w- c:\users\medoose\appdata\roaming\K-Meleon
    2011-02-06 13:48:06 -------- d-----w- c:\program files\K-Meleon
    2011-02-03 08:47:25 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
    2011-02-02 15:20:38 286720 ----a-w- c:\windows\iun506.exe
    2011-02-02 15:20:37 -------- d-----w- c:\program files\Mp3 File Editor
    2011-02-02 09:47:44 94208 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
    2011-02-02 09:47:44 144984 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2011-02-02 09:47:39 -------- d-----w- c:\users\medoose\appdata\local\Real
    2011-02-02 09:47:37 84480 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-02-02 09:47:36 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2011-02-02 09:32:18 -------- d-----w- c:\program files\Sonne Screen Video Capture
    2011-02-02 03:05:38 1233920 ----a-w- c:\windows\system32\msxml4.dll
    2011-02-02 03:05:36 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2011-02-02 03:05:36 -------- d-----w- c:\program files\common files\SourceTec
    2011-02-02 02:17:01 77824 ----a-w- c:\windows\system32\xvid.ax
    2011-02-02 02:17:01 413760 ----a-w- c:\windows\system32\MPG4c32.dll
    2011-02-02 02:17:01 262144 ----a-w- c:\windows\system32\mpg4ds32.ax
    2011-02-02 02:17:01 135168 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-02-02 02:16:59 -------- d-----w- c:\program files\SourceTec
    2011-02-02 01:12:26 -------- d-----w- c:\program files\E.M. Magic Swf2Avi
    2011-02-02 01:04:40 5692838 ----a-w- c:\users\medoose\appdata\roaming\swf2video.bin
    2011-02-02 00:54:31 606208 ----a-w- c:\windows\system32\xvidcore.dll
    2011-02-01 21:15:40 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
    2011-02-01 20:51:01 -------- d-----w- c:\users\medoose\appdata\roaming\Moyea
    2011-02-01 20:49:03 -------- d-----w- c:\program files\Moyea
    2011-01-30 12:45:08 -------- d-----w- c:\program files\FDRLab
    2011-01-21 06:52:51 -------- d-----w- c:\windows\system32\SDA
    2011-01-21 06:52:51 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
    2011-01-18 06:30:21 -------- d-----w- c:\users\medoose\appdata\local\WMTools Downloaded Files
    2011-01-13 19:42:50 -------- d-----w- c:\users\medoose\appdata\local\Yahoo
    2011-01-13 19:34:11 -------- d-----w- c:\program files\Yahoo!
    2011-01-09 05:24:36 -------- d-----w- c:\users\medoose\appdata\local\Microsoft Games
    2011-01-01 12:26:39 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2011-01-01 12:26:39 75264 ----a-w- c:\windows\system32\unacev2.dll
    2011-01-01 12:26:39 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2011-01-01 12:26:39 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2011-01-01 12:26:38 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2011-01-01 12:26:37 -------- d-----w- c:\users\medoose\appdata\roaming\Simply Super Software
    2011-01-01 12:26:37 -------- d-----w- c:\program files\Trojan Remover
    2011-01-01 12:26:37 -------- d-----w- c:\progra~2\Simply Super Software
    2011-01-01 11:39:59 -------- d-----w- c:\users\medoose\appdata\roaming\AnvSoft
    2011-01-01 11:39:55 -------- d-----w- c:\program files\AnvSoft
    2010-12-31 22:58:34 73728 ----a-w- c:\windows\system\vdremote.dll
    2010-12-31 22:58:34 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
    2010-12-31 22:48:34 -------- d-----w- c:\users\medoose\appdata\roaming\avidemux
    2010-12-31 22:28:21 -------- d-----w- c:\program files\DebugMode
    2010-12-28 19:52:44 60 ----a-w- c:\windows\system32\SYSWQDRV.SYS
    2010-12-28 19:52:00 306688 ----a-w- c:\windows\IsUninst.exe
    2010-12-28 19:32:39 -------- d-----w- c:\users\medoose\appdata\roaming\foobar2000
    2010-12-28 19:03:55 -------- d-----w- c:\program files\RTEQ
    2010-12-28 18:59:25 -------- d-----w- c:\program files\Sheep Friends
    2010-12-21 02:19:18 3608448 ----a-w- c:\windows\system32\GameMon.des
    2010-12-21 01:16:28 4682 ----a-w- c:\windows\system32\npptNT2.sys
    2010-12-21 01:16:27 5174 ----a-w- c:\windows\system32\nppt9x.vxd
    2010-12-21 01:08:49 -------- d-----w- c:\program files\common files\INCA Shared
    2010-12-20 22:20:59 -------- d-----w- C:\YNK
    2010-12-17 03:43:29 -------- d-----w- c:\users\medoose\appdata\roaming\GetRightToGo
    2010-12-04 16:08:32 -------- d-----w- c:\program files\MP3Gain
    .
    ==================== Find3M ====================
    .
    2011-05-04 03:26:58 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2011-02-02 11:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 20:13:32.74 ===============

    Sorry for my bad english

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    If help still needed post fresh dds logs.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •