Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Webhp redirects


  • This topic is locked This topic is locked
3 replies to this topic

#1 creepshow99

creepshow99

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 21 July 2010 - 03:13 PM

Hey hey, I'm hoping you guys can help me out. I have started getting webhp redirects in google. I have tried running MBAM and it says my system is clean (MBAM is up to date). I have tried starting in safe mode and I can't. I hit F8 and the screen that asks if I want to load the windows recovery console or windows flashes briefly before windows starts. I hope someone will please walk me through a removal process.

I've seen other websites where it is said that this is a known rootkit that takes a lot of steps to remove. I'll be typing in google and it's not an "auto-complete" type of thing. The web address changes to google.com/webhp... (then a long list of characters) before I can finish what I was typing. And I can't finish what I was typing in google because it keeps getting redirected.

Please take a look at my gmer and dds logs. I know the activity I'm dealing with is not just google auto-complete.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-21 17:14:01
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:DOCUME~1MikeLOCALS~1Temppwtyqpow.sys


---- System - GMER 1.0.15 ----

SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB49B8CD2]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB49B8B8E]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB49B9142]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB49B906C]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB49B8764]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB49B8C68]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB49B86A4]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB49B8708]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB49B8D88]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB49B9210]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB49B8D48]
SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB49B8EC8]

Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB49C5B9C]
Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB49C59C0]
Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB49C5AFA]
Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8057832A 7 Bytes JMP B49C5AFE SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8059F23E 7 Bytes JMP B49C59C4 SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B073A 5 Bytes JMP B49C15B4 SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B7428 5 Bytes JMP B49C2F6C SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5C32 7 Bytes JMP B49C5BA0 SystemRootSystem32DriversaswSP.SYS (avast! self protection module/ALWIL Software)
.text C:WINDOWSsystem32DRIVERSnv4_mini.sys section is writeable [0xB723D3A0, 0x592C35, 0xE8000020]

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 13:29:06.87 on Wed 07/21/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2415.1956 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1ALWILS~1Avast5avastUI.exe
C:Program FilesMicrosoft IntelliType Proitype.exe
C:Program FilesMicrosoft IntelliPointipoint.exe
C:Program FilesCommon FilesCorelStandbyStandby.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesStardockObjectDockObjectDock.exe
C:WINDOWSsystem32devldr32.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Documents and SettingsMikeDesktopdds.scr

============== Pseudo HJT Report ===============

uRun: [Google Update] "c:documents and settingsmikelocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c
uRun: [DriverMax_RESTART] "c:program filesinnovative solutionsdrivermaxdevices.exe" -RESTART
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:program filescommon filesnerolibNMBgMonitor.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [avast5] c:progra~1alwils~1avast5avastUI.exe /nogui
mRun: [itype] "c:program filesmicrosoft intellitype proitype.exe"
mRun: [IntelliPoint] "c:program filesmicrosoft intellipointipoint.exe"
mRun: [NeroFilterCheck] c:program filescommon filesnerolibNeroCheck.exe
mRun: [NBKeyScan] "c:program filesneronero8nero backitupNBKeyScan.exe"
mRun: [Standby] "c:program filescommon filescorelstandbyStandby.exe" -START
mRun: [Adobe_ID0EYTHM] c:progra~1common~1adobeadobev~1serverbinVERSIO~2.EXE
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
StartupFolder: c:docume~1mikestartm~1programsstartupstardo~1.lnk - c:program filesstardockobjectdockObjectDock.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: WBSrv - c:program filesstardockobject desktopwindowblindswbsrv.dll
AppInit_DLLs: c:windowssystem32wbsys.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:program filesstardockobject desktopiconpackageriprepair.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-7-16 165456]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2010-7-16 17744]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-16 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-16 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-16 40384]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:windowssystem32driversULILAN51.SYS [2010-7-16 28672]
S3 gUSBSTOi;gUSBSTOi;??c:docume~1mikelocals~1tempgusbstoi.sys --> c:docume~1mikelocals~1tempgUSBSTOi.sys [?]

=============== Created Last 30 ================

2010-07-21 19:41:58 0 ----a-w- c:documents and settingsmikedefogger_reenable
2010-07-21 19:29:07 0 d-----w- C:ComboFix
2010-07-21 18:18:03 0 d-sha-r- C:cmdcons
2010-07-21 18:15:26 98816 ----a-w- c:windowssed.exe
2010-07-21 18:15:26 77312 ----a-w- c:windowsMBR.exe
2010-07-21 18:15:26 256512 ----a-w- c:windowsPEV.exe
2010-07-21 18:15:26 161792 ----a-w- c:windowsSWREG.exe
2010-07-21 11:51:20 98304 ----a-w- c:windowssystem32CmdLineExt.dll
2010-07-21 07:59:37 819200 ----a-w- c:windowssystem32xvidcore.dll
2010-07-21 07:59:37 77824 ----a-w- c:windowssystem32xvid.ax
2010-07-21 07:59:37 180224 ----a-w- c:windowssystem32xvidvfw.dll
2010-07-21 07:59:37 0 d-----w- c:program filesXvid
2010-07-21 01:43:02 73728 ----a-w- c:windowssystem32javacpl.cpl
2010-07-21 01:43:02 423656 ----a-w- c:windowssystem32deployJava1.dll
2010-07-19 16:23:21 65 ----a-w- c:documents and settingsmikedefault.pls
2010-07-19 11:44:33 0 d-----w- c:program filesUnlocker
2010-07-19 11:00:34 0 d-----w- c:program filescommon filesControl Panels
2010-07-19 10:58:51 0 d-----w- c:docume~1alluse~1applic~1ALM
2010-07-19 10:52:46 2463976 ----a-w- c:windowssystem32NPSWF32.dll
2010-07-19 10:52:46 190696 ----a-w- c:windowssystem32NPSWF32_FlashUtil.exe
2010-07-19 10:47:41 0 d-----w- c:program filesBonjour
2010-07-19 10:44:16 0 d-----w- c:program filescommon filesMacrovision Shared
2010-07-19 09:52:06 88 --sh--r- c:docume~1alluse~1applic~147A4C2FF9F.sys
2010-07-19 09:52:06 7520 --sha-w- c:docume~1alluse~1applic~1KGyGaAvL.sys
2010-07-19 09:37:23 0 d-----w- c:program filesSmartSound Software
2010-07-19 09:37:22 0 d-----w- c:docume~1alluse~1applic~1SmartSound Software Inc
2010-07-19 09:37:07 0 d-----w- c:windowssystem32windows media
2010-07-19 09:37:01 0 d--h--w- c:windowsmsdownld.tmp
2010-07-19 09:36:48 0 d-----w- c:docume~1alluse~1applic~1InterVideo
2010-07-19 09:35:40 0 d-----w- c:docume~1alluse~1applic~1Corel
2010-07-19 09:32:04 0 d-----w- c:program filescommon filesProtexis
2010-07-19 09:31:31 0 d-----w- c:program filescommon filesCorel
2010-07-19 09:31:04 0 d-----w- c:program filesWindows Media Components
2010-07-19 09:30:41 0 d-----w- c:program filescommon filesUlead Systems
2010-07-19 09:30:24 0 d-----w- c:program filesCorel
2010-07-19 09:29:10 0 d-----w- c:windowssystem32XPSViewer
2010-07-19 09:28:30 89088 -c----w- c:windowssystem32dllcachefilterpipelineprintproc.dll
2010-07-19 09:28:30 597504 -c----w- c:windowssystem32dllcacheprintfilterpipelinesvc.exe
2010-07-19 09:28:30 575488 -c----w- c:windowssystem32dllcachexpsshhdr.dll
2010-07-19 09:28:30 575488 ------w- c:windowssystem32xpsshhdr.dll
2010-07-19 09:28:30 1676288 -c----w- c:windowssystem32dllcachexpssvcs.dll
2010-07-19 09:28:30 1676288 ------w- c:windowssystem32xpssvcs.dll
2010-07-19 09:28:30 117760 ------w- c:windowssystem32prntvpt.dll
2010-07-19 09:28:30 0 d-----w- C:c8a28e6e4e71f87aab
2010-07-18 16:06:52 0 d-----w- c:docume~1mikeapplic~1Polynomial
2010-07-18 16:06:38 0 d-----w- c:program filesPolynomial-free-00m_windows
2010-07-18 14:33:37 0 d-----w- c:program filesWestern Digital Corporation
2010-07-18 12:19:39 799 ----a-w- c:windowsunins000.dat
2010-07-18 12:19:39 640957 ----a-w- c:windowsunins000.exe
2010-07-18 12:19:39 237568 ----a-w- c:windowsMatrix Code Emulator.scr
2010-07-18 12:16:02 53 ----a-w- c:windowsRainCast v2.0.ini
2010-07-18 12:16:01 186368 ----a-w- c:windowsRainCast v2.0.scr
2010-07-18 12:16:01 0 d-----w- c:program filesRainCast v2.0
2010-07-18 10:25:50 0 d-----w- c:docume~1alluse~1applic~1AIM
2010-07-18 10:25:47 0 d-----w- c:program filescommon filesSoftware Update Utility
2010-07-18 10:25:47 0 d-----w- c:program filesAIM
2010-07-18 10:25:46 0 d-----w- c:program filescommon filesAOL
2010-07-18 10:25:28 425 ---ha-w- C:IPH.PH
2010-07-18 10:03:24 0 d-----w- c:program filesWindows Media Connect 2
2010-07-18 10:02:21 0 d-----w- c:windowssystem32LogFiles
2010-07-18 09:23:58 69 ----a-w- c:windowsNeroDigital.ini
2010-07-18 07:29:02 0 d-----w- C:CloneDVDTemp
2010-07-18 03:14:58 0 d-----w- c:program filesTrend Micro
2010-07-18 02:54:26 0 d-----w- c:program filesNero
2010-07-18 02:54:26 0 d-----w- c:docume~1alluse~1applic~1Nero
2010-07-18 02:52:58 0 d-----w- c:windowsRegisteredPackages
2010-07-17 10:15:07 0 d-----w- c:docume~1alluse~1applic~1Innovative Solutions
2010-07-17 10:15:03 0 d-----w- c:program filesInnovative Solutions
2010-07-17 03:08:54 0 d-----w- c:docume~1mikeapplic~1Auslogics
2010-07-16 20:42:31 0 d-----w- c:program filesVS Revo Group
2010-07-16 18:05:32 0 d-----w- c:program filesLavalys
2010-07-16 16:24:48 15 ----a-w- c:windowsFirestorm.INI
2010-07-16 16:24:26 0 d-----w- c:program filesZOTAC FireStorm
2010-07-16 16:19:15 0 dc-h--w- c:docume~1alluse~1applic~1{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-07-16 16:01:24 0 d-----w- c:docume~1mikeapplic~1Malwarebytes
2010-07-16 16:01:11 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-07-16 16:01:10 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-07-16 16:01:10 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-07-16 16:01:10 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2010-07-16 15:52:34 0 d-----w- c:program filescommon filesStardock
2010-07-16 15:07:44 0 ----a-w- c:windowsWB.ini
2010-07-16 15:01:13 42672 ----a-w- c:windowssystem32wbsys.dll
2010-07-16 15:01:13 0 d-----w- c:program filesStardock
2010-07-16 14:31:34 0 d-----w- c:program filesAuslogics
2010-07-16 14:16:45 0 d-----w- c:program filesElaborate Bytes
2010-07-16 14:12:14 0 d-----w- c:program filesSlySoft
2010-07-16 13:43:54 0 d-----w- c:docume~1mikeapplic~1Foxit Software
2010-07-16 13:42:57 0 d-----w- c:program filesFoxit Software
2010-07-16 13:28:36 0 d-----w- c:program filesLast.fm
2010-07-16 13:23:08 0 d-----w- c:docume~1alluse~1applic~1MediaMonkey
2010-07-16 12:40:49 0 d-----w- c:program filesMediaMonkey
2010-07-16 12:25:33 0 d-----w- C:RCT3
2010-07-16 11:53:24 0 d-----w- c:program filesuTorrent
2010-07-16 11:53:15 0 d-----w- c:docume~1mikeapplic~1uTorrent
2010-07-16 10:46:45 0 d-----w- c:program filesmplayerc_20100214
2010-07-16 10:09:36 0 d-----w- c:docume~1mikeapplic~1Atari
2010-07-16 10:09:28 43520 ----a-w- c:windowssystem32CmdLineExt03.dll
2010-07-16 10:09:04 197120 ----a-w- c:windowspatchw32.dll
2010-07-16 10:09:04 0 d-----w- c:program filescommon filesPocketSoft
2010-07-16 10:06:36 0 d-----w- c:program filesAtari
2010-07-16 10:00:42 26496 -c--a-w- c:windowssystem32dllcacheusbstor.sys
2010-07-16 09:55:06 27744 ----a-w- c:windowssystem32driverspoint32.sys
2010-07-16 09:55:02 0 d-----w- c:program filesMicrosoft IntelliPoint
2010-07-16 09:47:42 0 ---ha-w- c:windowssystem32driversMsft_Kernel_NuidFltr_01005.Wdf
2010-07-16 09:47:41 0 ---ha-w- c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-16 09:47:34 26488 ----a-w- c:windowssystem32spupdsvc.exe
2010-07-16 09:47:27 21504 ----a-w- c:windowssystem32drivershidserv.dll
2010-07-16 09:47:25 14736 ----a-w- c:windowssystem32driversnuidfltr.sys
2010-07-16 09:47:25 1421736 ----a-w- c:windowssystem32wdfcoinstaller01005.dll
2010-07-16 09:47:22 0 d-----w- c:program filesMicrosoft IntelliType Pro
2010-07-16 09:45:18 0 d-----w- c:program filesMSXML 6.0
2010-07-16 09:37:34 38848 ----a-w- c:windowsavastSS.scr
2010-07-16 09:37:29 0 d-----w- c:docume~1alluse~1applic~1Alwil Software
2010-07-16 09:26:59 29696 ----a-w- c:windowssystem32dev32.exe
2010-07-16 09:22:11 0 d-----w- c:windowssystem32ReinstallBackups
2010-07-16 09:22:09 36864 ----a-w- c:windowssystem32driversAmdK8.sys
2010-07-16 09:22:08 0 d-----w- c:program filesAMD
2010-07-16 09:08:42 0 d-----w- c:docume~1alluse~1applic~1NVIDIA Corporation
2010-07-16 09:08:34 0 d-----w- c:program filesNVIDIA Corporation
2010-07-16 08:22:36 0 d-sh--w- c:documents and settingsall usersDRM
2010-07-16 08:22:19 0 d--h--w- c:program filesWindowsUpdate
2010-07-16 08:21:32 0 d-----w- c:program filescommon filesMSSoap
2010-07-16 08:20:26 0 d-----w- c:program filesOnline Services
2010-07-16 08:20:21 0 d-----w- c:program filesMessenger
2010-07-16 08:20:18 0 d-----w- c:program filesMSN Gaming Zone
2010-07-16 08:19:48 0 d-----w- c:program filesWindows NT
2010-07-16 01:13:43 0 d-----w- c:program filescommon filesODBC
2010-07-16 01:13:40 0 d-----w- c:program filescommon filesSpeechEngines
2010-07-16 01:13:18 0 d-----r- c:documents and settingsall usersDocuments

==================== Find3M ====================

2010-07-16 09:08:39 217180 ----a-w- c:windowssystem32nvdrsdb0.bin
2010-07-16 09:08:37 217180 ----a-w- c:windowssystem32nvdrsdb1.bin
2010-07-16 08:20:46 21640 ----a-w- c:windowssystem32emptyregdb.dat
2010-06-08 00:34:52 81920 ----a-w- c:windowssystem32nvwddi.dll
2010-06-08 00:34:42 277608 ----a-w- c:windowssystem32nvmccs.dll
2010-06-08 00:34:42 13902440 ----a-w- c:windowssystem32nvcpl.dll
2010-06-08 00:34:42 110696 ----a-w- c:windowssystem32nvmctray.dll
2010-06-08 00:34:40 154728 ----a-w- c:windowssystem32nvsvc32.exe
2010-06-08 00:34:40 145000 ----a-w- c:windowssystem32nvcolor.exe
2010-06-07 23:57:00 6300544 ----a-w- c:windowssystem32nv4_disp.dll
2010-06-07 23:57:00 61440 ----a-w- c:windowssystem32OpenCL.dll
2010-06-07 23:57:00 4554752 ----a-w- c:windowssystem32nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:windowssystem32nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:windowssystem32nvcodins.dll
2010-06-07 23:57:00 232040 ----a-w- c:windowssystem32nvcod.dll
2010-06-07 23:57:00 2186342 ----a-w- c:windowssystem32nvdata.bin
2010-06-07 23:57:00 2165352 ----a-w- c:windowssystem32nvcuvid.dll
2010-06-07 23:57:00 15192064 ----a-w- c:windowssystem32nvoglnt.dll
2010-06-07 23:57:00 1359872 ----a-w- c:windowssystem32nvapi.dll
2010-06-07 23:57:00 10531200 ----a-w- c:windowssystem32driversnv4_mini.sys
2010-06-07 23:57:00 10256384 ----a-w- c:windowssystem32nvcompiler.dll

============= FINISH: 13:29:24.84 ===============

EDIT: Combined posts and moved from XP to Malware Removal Logs forum ~ Hamluis.

Edited by hamluis, 22 July 2010 - 07:15 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:21 PM

Posted 28 July 2010 - 04:35 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 creepshow99

creepshow99
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 28 July 2010 - 10:01 AM

This issue has been resolved

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:21 PM

Posted 28 July 2010 - 10:09 AM

Since this topic appears to be resolved, I will now close it. Thanks for letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users