Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Redirect Google Searches (fake av?)


  • This topic is locked This topic is locked
4 replies to this topic

#1 erenner

erenner

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 26 December 2010 - 05:55 PM

The symptom is that my google search results are redirected elsewhere. My virus scanning program Symantec picked up a virus something like fake av however the logs have since been removed. Spybot picked up some registry entries and they were removed. Upon reboot it started redirecting search results again.

DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by erenner at 11:36:14.34 on Sun 12/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1823 [GMT -8:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *Enabled*
FW: Symantec Endpoint Protection *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\vcsFPService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\idt\wdm\STacSV.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\erenner\My Documents\Downloads\HiJackThis.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Shoreline Communications\ShoreWare Client\STCLogin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\erenner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://internal/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: google.com
Trusted Zone: sjc01-mesdev4
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280878324546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281387412758
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://portal.hitachiomd.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.teslamotors.com/dana-cached/sc/JuniperSetupClient.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 12.180.99.76 vpn.teslamotors.com
Hosts: 10.32.0.82 sjc01-mesdev4
Hosts: 10.32.0.249 vm-sr2sp2-mso

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\erenner\applic~1\mozilla\firefox\profiles\r5bi29fm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62125&p=
FF - component: c:\program files\webex\productivity tools\components\OCFF.dll
FF - plugin: c:\documents and settings\erenner\application data\mozilla\firefox\profiles\r5bi29fm.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\erenner\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: GUtil!: {9a3fa4df-b5e1-4520-a207-ec1c32ea9fb0} - %profile%\extensions\{9a3fa4df-b5e1-4520-a207-ec1c32ea9fb0}
FF - Ext: Gmail Space: {B9C8BE50-7105-4ec6-8FB4-4935C0671648} - %profile%\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Coral IE Tab: ietab@ip.cn - %profile%\extensions\ietab@ip.cn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ocplugin: ocplugin@webex.com - c:\program files\webex\Productivity Tools

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-12-22 532224]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-29 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-29 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-29 1831024]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-8-3 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-8-3 113664]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-8-3 228408]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-8-3 166568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-9 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-8-3 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-3 125696]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101222.018\NAVENG.SYS [2010-12-22 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101222.018\NAVEX15.SYS [2010-12-22 1360760]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-8-3 58600]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-11-26 13312]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-8-3 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-6-29 23888]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FlexNetMachineConnector;FlexNet Machine Connector;c:\program files\apriso\flexnet 9.5\machine integrator connector\MachineIntegratorService.exe [2010-7-20 24328]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-9 36640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-12-23 30192]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-11-24 9472]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-12 1120752]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-12-9 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-12-9 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-12-9 121576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-24 06:32:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-12-24 06:32:37 -------- d-----w- c:\docume~1\erenner\locals~1\applic~1\Google
2010-12-23 05:20:59 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-12-23 05:20:58 -------- d-----w- c:\windows\system32\ZoneLabs
2010-12-23 05:20:56 -------- d-----w- c:\program files\Zone Labs
2010-12-23 05:20:02 -------- d-----w- c:\windows\Internet Logs
2010-12-23 04:19:33 -------- d-----w- c:\docume~1\erenner\applic~1\Auslogics
2010-12-23 04:19:25 -------- d-----w- c:\program files\Auslogics
2010-12-21 00:23:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-21 00:23:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-20 23:22:29 126464 --sha-r- c:\windows\system32\spnpinst4.dll
2010-12-20 19:46:35 -------- d-----r- c:\program files\Skype
2010-12-10 00:54:25 96488 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2010-12-10 00:54:25 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2010-12-10 00:54:25 121576 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2010-12-10 00:54:25 10344 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2010-12-10 00:54:25 10216 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2010-12-10 00:53:01 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-12-10 00:53:01 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-12-10 00:53:01 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-12-10 00:52:27 -------- d-----w- c:\program files\PC Connectivity Solution
2010-12-10 00:51:58 -------- d-----w- c:\program files\MarkAny
2010-12-10 00:51:58 -------- d-----w- c:\docume~1\erenner\applic~1\Samsung
2010-12-10 00:51:35 -------- d-----w- c:\program files\common files\Samsung
2010-12-08 16:07:37 -------- d-----w- c:\windows\system32\appmgmt
2010-12-03 22:53:52 -------- d-----w- c:\docume~1\erenner\applic~1\SQL Developer
2010-12-01 17:20:44 -------- d-----w- c:\docume~1\erenner\applic~1\Windows Search
2010-12-01 00:25:32 236812 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-01 00:25:28 236812 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-01 00:25:28 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-01 00:24:54 -------- d-----w- c:\docume~1\erenner\locals~1\applic~1\ApplicationHistory
2010-12-01 00:16:16 -------- d-----w- c:\docume~1\erenner\locals~1\applic~1\Microsoft Help
2010-11-30 01:01:09 -------- d-----w- c:\docume~1\erenner\locals~1\applic~1\WebEx
2010-11-30 00:55:41 -------- d-----w- c:\docume~1\erenner\applic~1\WebEx
2010-11-30 00:55:32 -------- d-----w- c:\program files\WebEx
2010-11-28 19:55:02 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\cl31cpc.dll
2010-11-28 19:55:02 151552 ----a-w- c:\windows\system32\cl31cci.exe
2010-11-28 19:55:01 65536 ----a-w- c:\windows\system32\cl31cci.dll
2010-11-28 19:55:01 22723 ----a-w- c:\windows\system32\cl31cl3.dll
2010-11-27 00:03:01 13312 ----a-w- c:\windows\system32\drivers\pneteth.sys
2010-11-27 00:03:00 -------- d-----w- c:\program files\PdaNet for Android
2010-11-26 23:49:49 -------- d-----w- C:\AC_SWM
2010-11-26 22:29:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Raize
2010-11-26 22:29:36 778240 ----a-w- c:\windows\system32\rtl70.bpl
2010-11-26 22:29:36 24064 ----a-w- c:\windows\system32\CS30Inspectors70.bpl
2010-11-26 22:29:36 227328 ----a-w- c:\windows\system32\vclie70.bpl
2010-11-26 22:29:36 1381376 ----a-w- c:\windows\system32\vcl70.bpl
2010-11-26 22:29:35 -------- d-----w- c:\program files\Raize
2010-11-26 22:29:08 -------- d-----w- c:\docume~1\erenner\applic~1\Software
2010-11-26 22:29:08 -------- d-----w- C:\CodeSite

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 07:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-25 09:09:30 511328 ----a-w- c:\windows\system32\Synchronization2.dll
2010-10-25 09:09:30 288608 ----a-w- c:\windows\system32\Microsoft.Synchronization.dll
2010-10-25 09:09:30 253280 ----a-w- c:\windows\system32\MetaStore2.dll
2010-10-21 02:33:10 23096 ----a-w- c:\windows\system32\HPMDPCoInst01.dll
2010-10-21 02:32:58 19512 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-10-03 02:46:00 6352512 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-03 02:46:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-03 02:46:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-03 02:46:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-03 02:46:00 2506856 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-03 02:46:00 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-10-03 02:46:00 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-10-03 02:46:00 2195350 ----a-w- c:\windows\system32\nvdata.bin
2010-10-03 02:46:00 1396736 ----a-w- c:\windows\system32\nvapi.dll
2010-10-03 02:46:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-03 02:46:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-02 21:12:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-02 21:12:40 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-02 21:12:40 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-02 21:12:38 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-02 21:12:38 13932136 ----a-w- c:\windows\system32\nvcpl.dll
2010-09-27 23:28:06 196096 ----a-w- c:\windows\system32\bzpdf.dll
2010-09-27 23:27:58 135168 ----a-w- c:\windows\system32\bzpdfc.dll

============= FINISH: 11:37:01.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 02 January 2011 - 10:10 AM

Hello erenner ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 erenner

erenner
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 02 January 2011 - 10:41 PM

Thanks teacup. Through a mixture of different malware removal programs I managed to finally find and remove it.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 02 January 2011 - 10:58 PM

Thank you so much for letting me know. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:25 PM

Posted 10 January 2011 - 12:37 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users