Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox / Google Redirect Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 alsnchns

alsnchns

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 17 June 2009 - 03:13 PM

I have contracted the dreaded Firefox / Google / Yahoo redirect virus. Search results are redirected mainly through a website called search-tracker.net.

I looked at similar posts and went ahead and ran combofix and have attached the output log for combofix in addition to the logs for attach.txt and dds.txt.

I ran malwarebytes, in safe mode, and it deleted 5 entries. Once I rebooted, the problem returned and the malwarebytes wouldn't run unless I reverted to safe mode.

All help appreciated.


DDS (Ver_09-05-14.01) - NTFSx86
Run by admin at 14:45:36.12 on 06/17/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2113 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\C4ebreg\c4ebreg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\lexmvservice.exe
C:\WINDOWS\system32\lexwebservice.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\PowerMenu.exe
C:\temp\Scheduler\JobSched.exe
C:\Program Files\Taskbar Activate\TaskbarActivate.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\TitleBarClock\TBC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\a\a\a.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://w3.ibm.com
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/download/standardsoftware/
uInternet Settings,ProxyOverride = <local>;*.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t network client\NetSP.exe" -show
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TVT Scheduler Proxy] "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPKMAPHELPER] "c:\program files\thinkpad\utilities\TpKmapAp.exe" -helper
mRun: [TP4EX] tp4ex.exe
mRun: [AwaySch] "c:\program files\lenovo\awaytask\AwaySch.EXE"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\powerm~2.lnk - c:\windows\system32\PowerMenu.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\schedu~1.lnk - c:\temp\scheduler\JobSched.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\taskba~1.lnk - c:\program files\taskbar activate\TaskbarActivate.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\thunde~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\titleb~1.lnk - c:\program files\titlebarclock\TBC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\~disab~1\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
IE: Download with Xilisoft Download YouTube Video - c:\program files\xilisoft\download youtube video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: //
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
Trusted Zone: passport.net
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://206.40.195.71/ActiveViewGUI.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://206.40.195.71/ActiveView.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - hxxps://swfhyp1t.pok.ibm.com/Hyperion/zeroadmin/component/Brio.Insight.en.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {98425C13-952B-4459-A742-B1B85BDFF330} - hxxp://demo.dvr.com/WebCamX.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://www.worldeyecam.com/webcam8200/cab/OCXChecker_8198.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - hxxp://www.dvrstation.com/pdvratl.php?vendor=0
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
TCP: interfaces = 9.0.6.11,9.0.7.1
TCP: {5CE51416-0E3A-43E0-B31E-9A68285852CB} = 9.0.6.11,9.0.7.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: atmgrtok - atmgrtok.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: pcsinst - pcsinst.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\s1pojzpj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\s1pojzpj.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava11.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava12.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava13.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava14.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava32.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJPI150.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPOJI610.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\npwebscl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcpsweb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-5-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-7-24 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2007-7-24 4224]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-1-2 33824]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2007-7-24 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys [2004-4-29 19328]
R2 AppnApi;AppnApi;c:\windows\system32\drivers\appnapi.sys [2005-9-6 120192]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [2007-10-7 61440]
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);c:\program files\ibm\tivoli\dcd\client\issi\cds\CDSWinSrv.exe [2008-8-18 53248]
R2 ISAMSvc;IBM Standard Asset Manager Service;c:\program files\c4ebreg\c4ebreg.exe [2009-6-11 433392]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 NsTrcNT;NsTrcNT;c:\windows\system32\drivers\nstrcnt.sys [2005-9-6 12028]
R2 pdlnctdl;Twinax CUT Adapter;c:\windows\system32\drivers\pdlnctdl.sys [2005-9-6 12288]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);c:\windows\system32\drivers\pdlndldl.sys [2005-9-6 59392]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-11-7 94208]
R2 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 253952]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-6 24652]
R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys [2006-5-19 180864]
R3 Anydlc;Anydlc;c:\windows\system32\drivers\anydlc.sys [2005-9-6 38236]
R3 Appn;Appn;c:\windows\system32\drivers\appn.sys [2005-9-6 1286560]
R3 AppnBase;AppnBase;c:\windows\system32\drivers\appnbase.sys [2005-9-6 195872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 KLOGNT;KLOGNT;c:\windows\system32\drivers\klognt.sys [2005-9-6 24588]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090617.003\naveng.sys [2009-6-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090617.003\navex15.sys [2009-6-17 876144]
R3 pdlnacom;PDLC Adapter -- COM;c:\windows\system32\drivers\pdlnacom.sys [2005-9-6 75200]
R3 pdlnafac;PDLC Adapter Factory;c:\windows\system32\drivers\pdlnafac.sys [2005-9-6 36048]
R3 pdlnatcm;Twinax Adapter Common;c:\windows\system32\drivers\pdlnatcm.sys [2005-9-6 20480]
R3 pdlnatdl;Twinax Adapter;c:\windows\system32\drivers\pdlnatdl.sys [2005-9-6 18432]
R3 pdlncbas;PDLC CxM Classes;c:\windows\system32\drivers\pdlncbas.sys [2005-9-6 6784]
R3 pdlncfwk;PDLC Connection Manager;c:\windows\system32\drivers\pdlncfwk.sys [2005-9-6 160288]
R3 pdlndint;PDLC DLC Classes;c:\windows\system32\drivers\pdlndint.sys [2005-9-6 12800]
R3 pdlndlpb;PDLC LAPB;c:\windows\system32\drivers\pdlndlpb.sys [2005-9-6 70144]
R3 pdlndoem;PDLC OEM Interface;c:\windows\system32\drivers\pdlndoem.sys [2005-9-6 18944]
R3 pdlndqll;PDLC QLLC;c:\windows\system32\drivers\pdlndqll.sys [2005-9-6 53248]
R3 pdlndsdl;PDLC SDLC;c:\windows\system32\drivers\pdlndsdl.sys [2005-9-6 67072]
R3 pdlndtdl;Twinax DLC;c:\windows\system32\drivers\pdlndtdl.sys [2005-9-6 51712]
R3 pdlnebas;PDLC Environment;c:\windows\system32\drivers\pdlnebas.sys [2005-9-6 8608]
R3 pdlnecfg;PDLC Configuration;c:\windows\system32\drivers\pdlnecfg.sys [2005-9-6 50336]
R3 pdlnemap;PDLC Mapper;c:\windows\system32\drivers\pdlnemap.sys [2005-9-6 67184]
R3 pdlnemsg;PDLC Message Driver;c:\windows\system32\drivers\pdlnemsg.sys [2005-9-6 12768]
R3 pdlnepkt;PDLC Buffer Manager;c:\windows\system32\drivers\pdlnepkt.sys [2005-9-6 19984]
R3 pdlnshay;PDLC Hayes At signalling;c:\windows\system32\drivers\pdlnshay.sys [2005-9-6 59504]
R3 pdlnslea;PDLC SDLC Leased;c:\windows\system32\drivers\pdlnslea.sys [2005-9-6 22384]
R3 pdlnsv25;PDLC V25bis signalling;c:\windows\system32\drivers\pdlnsv25.sys [2005-9-6 54416]
R3 pdlnsx25;PDLC X.25;c:\windows\system32\drivers\pdlnsx25.sys [2005-9-6 58432]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2008-6-20 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2008-6-20 9216]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-1-7 57344]
S0 jbffj;jbffj;c:\windows\system32\drivers\oyxj.sys --> c:\windows\system32\drivers\oyxj.sys [?]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2008-7-9 99248]
S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [2007-7-24 13952]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2007-11-26 11648]
S3 PrTgressep;PrTgressep;c:\windows\system32\srvany.exe [2008-2-15 8192]
S3 wcndis;IBM Mobility Client Virtual Miniport;c:\windows\system32\drivers\wcndis.sys [2008-2-12 8704]

=============== Created Last 30 ================

2009-06-17 11:41 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-06-17 11:39 <DIR> --d----- c:\program files\a
2009-06-17 11:29 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 17:46 <DIR> --d----- c:\program files\Malware1
2009-06-16 12:42 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 12:42 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 12:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 12:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-11 11:06 <DIR> --d----- c:\program files\iPod
2009-06-11 11:06 <DIR> --d----- c:\program files\iTunes
2009-06-11 09:15 <DIR> --d----- c:\program files\CompanionLink
2009-06-09 14:57 <DIR> --d----- c:\docume~1\admini~1\applic~1\CompanionLink
2009-06-09 12:48 <DIR> --d----- c:\program files\Winfonie mobile 2
2009-06-08 09:36 294,912 a------- c:\windows\system32\Euphoria.scr
2009-06-07 23:39 <DIR> --d----- c:\docume~1\admini~1\applic~1\Greenshot
2009-06-07 19:35 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-07 19:21 <DIR> --d----- C:\UtilitySpotlight
2009-06-07 19:15 <DIR> --d----- c:\docume~1\admini~1\applic~1\TeraCopy
2009-06-04 15:19 <DIR> --d----- c:\program files\Glary Utilities
2009-06-03 12:44 90,112 a------- c:\windows\system32\oemres.dll
2009-06-03 12:43 1,257,566 a----r-- c:\windows\system32\dsa.dll
2009-06-03 12:43 82,017 a----r-- c:\windows\system32\dsaNac.dll
2009-06-03 12:43 254,023 a------- c:\windows\system32\wsfwDS.dll
2009-06-03 12:43 249,925 a------- c:\windows\system32\wsimd.dll
2009-06-03 12:42 57,344 a------- c:\windows\system32\wsimd.sys
2009-06-03 12:42 12,552 a------- c:\windows\system32\wsimdp.cat
2009-06-03 12:42 12,129 a------- c:\windows\system32\wsimd.cat
2009-06-03 12:42 5,361 a------- c:\windows\system32\wsimdp.inf
2009-06-03 12:42 2,179 a------- c:\windows\system32\wsimd.inf
2009-06-03 12:42 549,184 a------- c:\windows\system32\drivers\ar5211.sys
2009-06-03 12:42 549,184 a------- c:\windows\system32\ar5211.sys
2009-06-03 12:42 100,996 a------- c:\windows\system32\net5211.inf
2009-06-03 07:13 <DIR> --d----- c:\program files\MozBackup
2009-06-01 10:15 <DIR> --d----- c:\program files\iPodRobot
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-21 08:26 <DIR> --d----- c:\docume~1\admini~1\applic~1\Xilisoft Corporation
2009-05-21 08:25 <DIR> --d----- c:\program files\Xilisoft
2009-05-20 13:16 761,856 a------- c:\windows\system32\xvidcore.dll
2009-05-20 13:16 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-05-20 13:16 381,459 a------- c:\windows\system32\Instcodec.exe
2009-05-20 13:13 <DIR> --d----- c:\program files\remoteAP

==================== Find3M ====================

2009-06-11 11:06 64,752 a------- c:\windows\isamunin.exe
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-12 10:20 115,224 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2008-05-07 08:27 45,435 a------- c:\program files\shexview.zip
2008-01-17 09:50 389,120 a------- c:\documents and settings\administrator\stas75_20060810.0001.dll
2008-10-08 07:41 56 ---shr-- c:\windows\system32\836250FCDB.sys
2007-10-31 08:14 8 ---shr-- c:\windows\system32\B88FED2435.sys
2008-10-08 07:41 10,332 a--sh--- c:\windows\system32\KGyGaAvL.sys
2004-08-04 01:00 60,416 ac-sh--- c:\windows\system32\dllcache\msimn.exe

============= FINISH: 14:46:05.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:15 AM

Posted 23 June 2009 - 11:40 AM

Hello alsnchns,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:15 AM

Posted 30 June 2009 - 05:31 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users