Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

FAKE flash player appearing on my toolbar. Flash player virus? Help!

This is a discussion on FAKE flash player appearing on my toolbar. Flash player virus? Help! within the Inactive Malware Help Topics forums, part of the Tech Support Forum category.


 
 
Thread Tools Search this Thread
Old 09-15-2012, 10:01 PM   #1
Registered Member
 
Join Date: Sep 2012
Posts: 1
OS: windows vista home premium service pack 2


Send a message via Yahoo to eccle Send a message via Skype™ to eccle

There is this fake flash player thing on my toolbar (a white "f" inside a red box) and when I click on it, no flash player update window pops up. It's just plain weird. I am having trouble with Internet Explorer lately probably because of this. Every time I close the IE window, I always get that "Windows IE stopped from working" thing.

A few days ago, I had a blue screen. I restarted my laptop and it's working fine lately but that fake player virus/trojan keeps on appearing on my toolbar and I am scared. Kaspersky 2003 didn't work. I ran it (normal and safe mode) but it didn't remove it. Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_35
Run by Rev at 12:41:43 on 2012-09-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.585 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCRTP.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\program files\kingsoft\kingsoft antivirus\kxescore.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Smart Bro\OnlineUpdate\ouc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\SMART BRO\AssistantServices.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotkey Utility\tray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SMART BRO\UIExec.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Rev\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Tencent\QQMusic\QQMusic.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PPLive\PPTV\PPLive.exe
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Windows\system32\conime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\svchost.exe -k PPTVServiceGroup
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCWebShield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hao123.com/?tn=62002018_3_hao_pg
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564cc73-efa7-4cbf-918a-5cf7fbbfff4f} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-e40c-433c-9784-c78dc7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Baidu Toolbar BHO: {77fef28e-eb96-44ff-b511-3185dea48697} - c:\program files\baidu\toolbar\BaiduBarX.dll
BHO: QQ?????????: {7c260b4b-f7a0-40b5-b403-befcdc6a4c3b} - c:\program files\tencent\qqpcmgr\6.8.2387.401\TSWebMon.dat
BHO: Safe Money Plugin: {9e6d0d23-3d72-4a94-ae1f-2d167624e3d9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: A3AA4C3C-3C93-5013-63C1-DE7B16E904E7 Class: {a3aa4c3c-3c93-5013-63c1-de7b16e904e7} - c:\progra~1\baidu\{a3aa4~1\AddressBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
TB: °Ù¶È¹¤¾ßÀ¸: {b580cf65-e151-49c3-b73f-70b13fca8e86} - c:\program files\baidu\toolbar\BaiduBarX.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\rev\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [QQMusic] "c:\program files\tencent\qqmusic\QQMusic.exe" /background
uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [FIC HotKey] c:\program files\hotkey utility\tray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UIExec] "c:\program files\smart bro\UIExec.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [ QQPCTray] "c:\program files\tencent\qqpcmgr\6.8.2387.401\QQPCTray.exe" /regrun
mRun: [kxesc] "c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
mRun: [SetRoute] c:\program files\l2tphelp\setroute.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
StartupFolder: c:\users\rev\appdata\roaming\micros~1\windows\startm~1\programs\startup\pptv.lnk - c:\program files\pplive\pptv\PPLive.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: Interfaces\{5D47F38F-14A7-4A54-BF32-7CE1D5424C30} : NameServer = 10.10.0.21
TCP: Interfaces\{824ECD50-A390-4846-878B-75A8B0171671} : DhcpNameServer = 202.101.172.46 202.101.172.47
TCP: Interfaces\{ED23D40D-2D7B-4EB6-B2FB-CC7310F911B2} : NameServer = 10.10.0.21 10.10.2.21
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rev\appdata\roaming\mozilla\firefox\profiles\13aujkpt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\tencent\npqscall\npqscall.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.42\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\internet explorer\pplite\plugin\1.0.1.1919\npplugin2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\kingsoft\kingsoft antivirus\npkvip.dll
FF - plugin: c:\program files\kingsoft\kingsoft antivirus\npkws.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tencent\qqmusic\npQzoneMusic.dll
FF - plugin: c:\users\rev\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 KAVBootC;KAVBootC;c:\windows\system32\drivers\kavbootc.sys [2012-9-4 27240]
R0 TsFltMgr;tencent TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [2012-6-7 65624]
R0 TSysCare;TSysCare;c:\windows\system32\drivers\TSysCare.sys [2012-6-7 24824]
R1 KDHacker;KDHacker;c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [2012-9-4 127992]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
R1 TCSafeBox;TCSafeBox;c:\program files\tencent\qqpcmgr\6.8.2387.401\TCSafeBox.sys [2012-6-7 53240]
R1 TSCPM;TSCPM;c:\program files\tencent\qqpcmgr\6.8.2387.401\tscpm.sys [2012-6-7 32888]
R1 TSDefenseBt;TSDefenseBt;c:\windows\system32\drivers\TSDefenseBt.sys [2012-9-4 60408]
R1 TSKSP;TSKsp;c:\program files\tencent\qqpcmgr\6.8.2387.401\TSKsp.sys [2012-6-7 153112]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/08/17 08:21:15];c:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-7-5 88312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 218880]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-8-17 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-8-17 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-8-17 295440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys [2012-9-4 165368]
R2 kxescore;Kingsoft Core Service;c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [2012-9-4 128072]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-8-17 121208]
R2 QQSysMon;QQSysMon;c:\program files\tencent\qqpcmgr\6.8.2387.401\QQSysMon.sys [2012-6-7 56568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-6-15 73216]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25432]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
R3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [2012-9-4 82296]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2012-9-10 22016]
R3 TcHardWare;TcHardWare;c:\program files\tencent\qqpcmgr\6.8.2387.401\QQPCHW.sys [2012-6-7 34168]
R4 TSSysKit;TSSysKit;c:\program files\tencent\qqpcmgr\6.8.2387.401\TSSysKit.sys [2012-6-7 91256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-6-15 102784]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-4-10 9216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 114144]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2012-9-10 22016]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-9-16 27192]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2012-4-10 107776]
.
=============== File Associations ===============
.
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2012-09-15 17:04:56 -------- d-----w- c:\users\rev\appdata\local\Macromedia
2012-09-15 16:47:56 -------- d-----w- c:\users\rev\appdata\local\VS Revo Group
2012-09-15 16:47:30 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-15 16:47:28 -------- d-----w- c:\program files\VS Revo Group
2012-09-14 13:51:29 -------- d-----w- c:\program files\Kaspersky Lab
2012-09-14 13:51:28 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-14 13:49:03 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-09-14 10:22:13 -------- d-----w- c:\users\rev\appdata\roaming\Wandoujia2
2012-09-10 16:25:35 -------- d-----w- c:\program files\common files\Symantec Shared
2012-09-10 13:33:32 -------- d-----w- c:\programdata\Symantec
2012-09-10 13:33:07 -------- d-----w- c:\programdata\Norton
2012-09-10 13:33:01 -------- d-----w- c:\programdata\NortonInstaller
2012-09-10 12:35:29 22016 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2012-09-08 02:55:23 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-06 14:19:30 61440 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-09-06 14:19:30 61440 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\ARPPRODUCTICON.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-09-06 09:17:07 -------- d-----w- c:\windows\system32\Tencent
2012-09-06 05:20:09 -------- d-----w- c:\users\rev\appdata\local\visi_coupon
2012-09-06 00:34:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-05 23:59:26 -------- d-----r- c:\program files\Skype
2012-09-05 11:35:46 737280 ----a-w- c:\windows\iun6002.exe
2012-09-05 11:35:45 -------- d-----w- c:\program files\L2TPHelp
2012-09-04 06:27:29 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2012-09-04 06:18:05 -------- d-----w- C:\PPDownload
2012-09-04 05:59:32 -------- d-----w- C:\FavoriteVideo
2012-09-04 05:59:06 -------- d-----w- c:\programdata\Jlcm
2012-09-04 05:58:36 -------- d-----w- c:\users\rev\appdata\roaming\PPLive
2012-09-04 05:58:36 -------- d-----w- c:\programdata\PPLive
2012-09-04 05:58:07 -------- d-----w- c:\program files\PPLive
2012-09-04 05:58:07 -------- d-----w- c:\program files\common files\PPLiveNetwork
2012-09-04 05:44:51 60408 ----a-w- c:\windows\system32\drivers\TSDefenseBt.sys
2012-09-04 05:42:10 308640 ----a-w- c:\windows\system32\MMInstaller.dll
2012-09-04 05:42:06 -------- d-----w- c:\program files\common files\Tencent
2012-09-04 05:42:05 -------- d-----w- c:\program files\Tencent
2012-09-04 05:41:49 -------- d-----w- c:\users\rev\appdata\roaming\Tencent
2012-09-04 05:41:49 -------- d-----w- c:\programdata\Tencent
2012-09-04 05:41:21 -------- d-----w- c:\program files\Baidu
2012-09-04 05:41:04 -------- d-----w- c:\users\rev\funshion
.
==================== Find3M ====================
.
2012-09-08 08:36:03 82296 ----a-w- c:\windows\system32\drivers\ksapi.sys
2012-09-08 08:31:50 165368 ----a-w- c:\windows\system32\drivers\kisknl.sys
2012-09-08 08:29:30 166776 ----a-w- c:\windows\system32\drivers\kdhacker64.sys
2012-09-08 08:29:23 127992 ----a-w- c:\windows\system32\drivers\kdhacker.sys
2012-09-06 00:34:21 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-04 05:45:15 19352 ----a-w- c:\windows\system32\drivers\ksskrpr.sys
2012-09-04 05:45:14 31848 ----a-w- c:\windows\system32\drivers\kavbootc64.sys
2012-09-04 05:45:14 27240 ----a-w- c:\windows\system32\drivers\kavbootc.sys
2012-09-04 05:45:14 208728 ----a-w- c:\windows\system32\drivers\kisknl64.sys
2012-09-04 05:45:13 24472 ----a-w- c:\windows\system32\drivers\bc.sys
2012-08-18 09:22:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 09:22:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 07:37:30 491912 ----a-w- c:\windows\system32\PPTVSvc.dll
2012-08-15 07:37:18 2291592 ----a-w- c:\windows\system32\kindling.dll
2012-08-13 08:49:44 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-02 07:09:30 24408 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-07-25 06:53:48 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-06-19 09:28:12 136024 ----a-w- c:\windows\system32\drivers\kl1.sys
.
============= FINISH: 12:44:47.62 ===============
Attached Files
File Type: zip Attach.zip (14.0 KB, 7 views)

__________________
eccle is offline  
Old 09-19-2012, 12:59 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Do you use conduit engine?

Was kingsoft antivirus a previous install?

------------------------------------------------------

Please download aswMBR.exe to your desktop.
  • Double-click aswMBR.exe to run it.
  • When prompted to download the latest Avast! virus definitions, please choose Yes
  • Click the Scan button to start scan.
  • Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
  • Click Save log, and save it to your desktop.
  • Click Exit.
  • Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.8.8.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist log.txt del /s/q log.txt
dir /a /s "c:\users\rev\appdata\roaming\Wandoujia2" > log.txt
notepad log.txt
del %0
Save this as peek.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on peek.bat and choose 'Run as administrator' to allow it to run. A Notepad file will open. Post the contents of that file in your next reply.

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 09-23-2012, 09:28 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirecting and virus problems
My computer is redirecting and im sure i have a virus. When i try to run gmer it shuts my computer down even when only checking sections and c drive. Here is the logs that i could get. Thanks in advance. Timmy This is not the same computer as my previous problems. Thanks timmy DDS...
toliver30471 Resolved HJT Threads 21 02-23-2011 05:09 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM
Random popups and site redirecting virus
Hello, I'm new to the forum and my problem is that I'm being redirected to unwanted sites like Tazinga or Binkx. I'm running Windows XP and my laptop is about 7 years old. Any help would be great! Here are the Hijack specc UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED,...
Hexamus Inactive Malware Help Topics 2 01-11-2011 07:15 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 11:51 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts