Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE/Google re-direct infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 akc1

akc1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 11 January 2011 - 12:51 PM

A few days ago, I started noticing that my Web pages were being re-directed. This happens during a Google search and while clicking on a link in the search results. Not every link is affected, but probably every other one (probably random). This happened after the computer was infected by a fake virus software that wouldn't allow use of system tools and kept giving warnings about infections. I managed to System Restore the computer to an earlier restore point and renew my subscription for Trend Micro Titanium which seemed to resolve the fake virus software issue. But now I'm left with other symptoms, that the Trend Micro can't resolve. The re-direct problem is the big issue, but other symptoms noted: 1) when wife tried to sign on to a web site, the password began typing in Asian Characters (she closed out) 2) the search provider defaulted to MyHeritage, a site that my wife visited, but we never accepted or set their search provider as default (kept happening even after I changed the default to Google) 3) random sound plays, even though no programs are running (computer is idle) - sounds like 10 seconds of infomercials or news magazine programming. Which has gotten less (diminished) since running some other malware programs - but still happening. I tried, Hitman Pro, Malwarebytes, Threatfire, Avast in addition to the Trend Micro - the first 2 on this list got rid of some cookies and virus, but the Google re-direct remains (along with symptoms 1-3 above). I followed the steps indicated in the "Preparation Guide for use Before Using Malware Removal Tools and Requesting Help". See logs and attachments. Thanks in advance, AKC1


DDS (Ver_10-12-12.02) - NTFSx86
Run by Alex at 22:11:03.14 on Mon 01/10/2011
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1276 [GMT -8:00]

AV: Trend Micro Titanium Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Architectural Data Systems\ADSymphony\ArchDat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Documents and Settings\Alex\Desktop\dds.com
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tdameritrade.com/welcome1.html
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: TrendProtect: {f83be649-1cc3-48ee-b2e2-0826cef3822a} - c:\program files\trend micro\trendprotect\msie\wrs.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {7435856C-6CA1-45CF-A00D-82178387F223} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NWEReboot]
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [ArchDat] c:\program files\architectural data systems\adsymphony\ArchDat.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Xtreme N Dual Band DWA-160] c:\program files\d-link\d-link xtreme n dual band dwa-160\AirNCFG.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: download.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {5724F34C-4861-4E3F-8C50-375BD9B2C22F} - hxxp://sselearning.autodesk.com/sselprd/evsfiles/external/0016356AF65D10079DEA120C000E3D18/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\trend micro\trendprotect\msie\WRS.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\rnm3bnoi.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: keyword.enabled - true
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-1-3 196320]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-1-3 64080]
R3 arusb(Atheros);Atheros Wireless Network Adapter Service(Atheros);c:\windows\system32\drivers\arusb.sys [2010-5-21 434688]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2010-5-21 57440]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2011-1-5 341072]
S2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys --> c:\windows\system32\drivers\portd2k.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\d-link xtreme n dual band dwa-160\jswutil\jswpsapi.exe [2010-5-21 356434]

=============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2011-01-09 22:16:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-09 05:17:32 -------- d-----w- c:\docume~1\alex\applic~1\Malwarebytes
2011-01-09 05:16:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-09 05:16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-09 04:39:15 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-08 19:46:18 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-08 19:27:05 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-08 19:25:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-01-06 04:31:05 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2011-01-03 22:18:29 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-01-03 22:18:20 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-01-03 22:18:20 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-01-03 22:18:20 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-03 21:34:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-03 21:34:48 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-03 19:59:15 0 ----a-w- c:\windows\system32\drivers\sst2F.tmp
2011-01-03 19:58:59 0 ----a-w- c:\windows\system32\drivers\sst2C.tmp
2010-12-15 16:34:30 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-15 16:33:33 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

==================== Find3M ====================

2011-01-05 23:19:11 5642 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2011-01-05 23:19:08 88 --sh--r- c:\docume~1\alluse~1\applic~1\0EC0B52DF8.sys
2010-11-26 07:36:37 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-11-26 07:36:37 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-26 07:36:31 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ------w- c:\windows\system32\win32k.sys
2010-10-16 20:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 20:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 20:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 20:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 20:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 20:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

============= FINISH: 22:18:35.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 AM

Posted 15 January 2011 - 02:50 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 akc1

akc1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 15 January 2011 - 09:21 PM

Hi Gringo,
Thanks for getting back to me. After reading some other posts, I realized that the computer remains unsafe even after the malware removal - due to this I've decided to reformat the hard drive and reload the os and programs. I was looking for a means of removing my post, but didn't see one, but I no longer require your assist. Thanks again.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 AM

Posted 15 January 2011 - 09:31 PM

no problem thanks for letting me know and I will lock this now for you



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users