Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to various sites


  • This topic is locked This topic is locked
9 replies to this topic

#1 Mo2311

Mo2311

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 10 December 2010 - 11:53 PM

Hello,
I have tried many different things to shake this, including reformatting hd and installing windows, but nothing has worked. I find that google analytic is the most common redirect. Anyhow heres the required txts.

DDS (Ver_10-12-05.01) - NTFSx86
Run by Mom & Dad at 21:09:29.07 on Fri 12/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1483 [GMT -7:00]

AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Mom & Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/webhp?hl=en
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\mom&da~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-9 3229728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

=============== Created Last 30 ================

2010-12-09 04:20:05 -------- d-----w- c:\docume~1\mom&da~1\applic~1\Scan2PDF
2010-12-09 04:20:03 -------- d-----w- c:\program files\Scan2PDF
2010-12-07 01:22:44 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-12-07 01:22:44 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-12-07 01:22:43 -------- d-----w- c:\windows\system32\Lang
2010-12-05 22:54:53 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-05 22:32:59 -------- d-sha-r- C:\cmdcons
2010-12-05 22:31:49 89088 ----a-w- c:\windows\MBR.exe
2010-12-05 22:31:48 98816 ----a-w- c:\windows\sed.exe
2010-12-05 22:31:48 256512 ----a-w- c:\windows\PEV.exe
2010-12-05 22:31:48 161792 ----a-w- c:\windows\SWREG.exe
2010-12-05 22:04:46 -------- d-----w- c:\docume~1\mom&da~1\applic~1\Malwarebytes
2010-12-05 22:04:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 22:04:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-05 22:04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 22:04:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 20:10:18 -------- d-----w- c:\program files\VideoLAN
2010-12-05 19:47:27 -------- d-----r- c:\program files\Skype
2010-12-04 17:09:20 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-04 17:09:20 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-04 17:01:16 53248 ----a-r- c:\docume~1\mom&da~1\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-12-04 17:00:11 -------- d-----w- c:\windows\system32\logishrd
2010-12-04 16:59:13 -------- d-----w- c:\program files\common files\LWS
2010-12-02 23:11:05 -------- d-----w- c:\program files\uTorrent
2010-12-02 23:10:19 -------- d-----w- c:\docume~1\mom&da~1\applic~1\uTorrent
2010-12-02 23:02:58 -------- d-----w- c:\windows\ie8updates
2010-12-02 23:02:44 -------- d-----w- c:\program files\MSXML 4.0
2010-12-02 23:00:38 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-02 23:00:38 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-02 23:00:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-02 22:58:49 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-02 22:58:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-02 22:58:47 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-02 22:58:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-02 22:58:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-02 22:58:46 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-02 22:58:44 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-02 22:48:41 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\Identities
2010-12-02 07:38:05 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-12-02 07:38:05 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-02 07:38:01 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-02 07:24:52 -------- d-sh--w- c:\documents and settings\mom & dad\PrivacIE
2010-12-02 07:05:19 -------- d-----w- c:\windows\system32\scripting
2010-12-02 07:05:19 -------- d-----w- c:\windows\system32\en
2010-12-02 07:05:19 -------- d-----w- c:\windows\system32\bits
2010-12-02 07:05:19 -------- d-----w- c:\windows\l2schemas
2010-12-02 07:03:28 -------- d-----w- c:\windows\network diagnostic
2010-12-02 07:02:28 -------- d-----w- c:\windows\EHome
2010-12-02 06:57:55 -------- d-sh--w- c:\documents and settings\mom & dad\IETldCache
2010-12-02 06:54:45 -------- dc-h--w- c:\windows\ie8
2010-12-02 06:52:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-02 06:52:47 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-02 06:52:26 -------- d-----w- c:\program files\iPod
2010-12-02 06:52:24 -------- d-----w- c:\program files\iTunes
2010-12-02 06:52:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-02 06:50:27 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\Apple
2010-12-02 06:50:19 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-02 06:50:18 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-02 06:50:06 -------- d-----w- c:\program files\Bonjour
2010-12-02 06:49:28 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\Apple Computer
2010-12-02 06:44:45 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-02 06:34:40 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-12-02 06:20:33 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-12-02 06:20:13 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-12-02 06:19:53 8704 ----a-w- c:\windows\system32\CNMVS7R.DLL
2010-12-02 06:19:53 59392 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP7R.DLL
2010-12-02 06:19:53 20992 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD7R.DLL
2010-12-02 06:19:53 140288 ----a-w- c:\windows\system32\CNMLM7R.DLL
2010-12-02 06:19:53 -------- d-----w- C:\CanonMP
2010-12-02 06:19:23 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-02 06:17:35 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-12-02 06:17:16 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-12-02 06:17:08 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-12-02 06:17:07 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-12-02 06:17:02 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-12-02 06:16:49 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-02 06:16:41 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-12-02 06:16:41 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-12-02 06:15:23 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-12-02 06:14:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-12-02 06:14:40 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-12-02 06:10:48 335872 ----a-w- c:\windows\system32\WDBtnMgr.exe
2010-12-02 06:10:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Retrospect
2010-12-02 06:10:34 -------- d-----w- c:\program files\Dantz
2010-12-02 06:10:20 53248 ------w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2010-12-02 06:10:19 126976 ------w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2010-12-02 06:10:19 114688 ------w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2010-12-02 06:07:49 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\LogiShrd
2010-12-02 06:07:10 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-12-02 06:07:10 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-12-02 06:07:10 4323040 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-12-02 06:07:10 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-12-02 06:06:58 38238 ----a-w- c:\windows\system32\Repository.reg
2010-12-02 06:06:58 283744 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-12-02 06:06:58 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2010-12-02 06:06:58 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2010-12-02 06:06:48 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-12-02 05:58:06 -------- d-----w- c:\program files\Canon
2010-12-02 05:57:36 304128 ----a-w- c:\windows\IsUninst.exe
2010-12-02 05:57:33 -------- d-----w- c:\documents and settings\mom & dad\WINDOWS
2010-12-02 05:55:37 6475096 ----a-w- c:\windows\system32\NEFcodec.dll
2010-12-02 05:55:37 200704 ----a-r- c:\windows\system32\Strato7.dll
2010-12-02 05:55:37 110592 ----a-r- c:\windows\system32\RCSigProc.dll
2010-12-02 05:54:22 49152 ----a-r- c:\docume~1\mom&da~1\applic~1\microsoft\installer\{d2fcc1ae-6311-47c5-8130-c6c66d77dd71}\ARPPRODUCTICON.exe
2010-12-02 05:54:01 57344 ----a-r- c:\docume~1\mom&da~1\applic~1\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
2010-12-02 05:47:22 -------- d-----w- c:\program files\common files\muvee Technologies
2010-12-02 05:47:20 -------- d-----w- c:\program files\common files\Nikon
2010-12-02 05:47:17 -------- d-----w- c:\program files\Nikon
2010-12-02 05:31:52 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-12-02 05:31:52 -------- d-----w- c:\windows\system32\PreInstall
2010-12-02 05:31:51 -------- d--h--w- c:\windows\$hf_mig$
2010-12-02 05:30:45 -------- d-----w- c:\docume~1\mom&da~1\applic~1\AVG10
2010-12-02 05:28:46 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-02 05:28:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-02 05:26:56 -------- d-----w- c:\program files\AVG
2010-12-02 05:23:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-02 05:20:27 -------- d-sh--w- c:\documents and settings\mom & dad\UserData
2010-12-02 05:15:15 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\Mozilla
2010-12-02 05:07:59 7204864 ----a-w- c:\windows\system32\nvcpl.dll
2010-12-02 05:04:23 -------- d-----w- c:\windows\Downloaded Installations
2010-12-02 05:03:53 454656 ----a-w- c:\windows\system32\CapabilityTable.exe
2010-12-02 05:03:44 92800 ----a-r- c:\windows\system32\drivers\nvata.sys
2010-12-02 05:03:44 300032 ----a-r- c:\windows\system32\idecoi.dll
2010-12-02 05:03:09 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-12-02 05:03:09 -------- d-----w- c:\program files\AMD
2010-12-02 05:01:55 33536 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-12-02 05:00:57 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-12-02 05:00:54 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

==================== Find3M ====================

2010-12-02 05:42:49 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-11-10 02:47:28 195168 ----a-w- c:\windows\system32\lvci13101216.dll
2010-11-10 02:45:32 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-11-10 02:45:30 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
2010-11-10 02:45:20 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-10-07 19:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 19:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 19:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 19:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 21:10:07.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 AM

Posted 18 December 2010 - 04:38 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Mo2311

Mo2311
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 19 December 2010 - 03:10 PM

Here's the log report from combo fix.
ComboFix 10-12-18.02 - Mom & Dad 12/19/2010 13:02:00.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1764 [GMT -7:00]
Running from: c:\documents and settings\Mom & Dad\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-02 06:19 . 2010-12-02 06:19 -------- d-----w- C:\CanonMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 05:42 . 2003-03-19 19:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-11-10 02:47 . 2010-11-10 02:47 195168 ----a-w- c:\windows\system32\lvci13101216.dll
2010-11-10 02:45 . 2010-11-10 02:45 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-11-10 02:45 . 2010-11-10 02:45 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
2010-11-10 02:45 . 2010-11-10 02:45 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-07 19:23 . 2010-10-07 19:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 19:23 . 2010-10-07 19:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 19:23 . 2010-10-07 19:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 19:23 . 2010-10-07 19:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_22.45.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-02 06:17 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2010-12-02 06:17 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 11:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 11:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-12-07 01:22 . 2010-12-07 01:22 11973 c:\windows\system32\Lang\Thai.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 13267 c:\windows\system32\Lang\SWEDISH.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 15093 c:\windows\system32\Lang\Spanish.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 15176 c:\windows\system32\Lang\Russian.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 14329 c:\windows\system32\Lang\Portuguese.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 11682 c:\windows\system32\Lang\Korean.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 13055 c:\windows\system32\Lang\Japanese.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 15410 c:\windows\system32\Lang\Italian.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 14417 c:\windows\system32\Lang\German.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 15434 c:\windows\system32\Lang\French.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 11743 c:\windows\system32\Lang\English.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 14173 c:\windows\system32\Lang\Dutch.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 13536 c:\windows\system32\Lang\Danish.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 11548 c:\windows\system32\Lang\Arabic.bin
- 2004-08-04 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2010-12-02 04:10 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2010-12-02 04:10 . 2008-04-14 00:11 81920 c:\windows\system32\isign32.dll
+ 2010-12-01 21:01 . 2010-12-16 17:10 92680 c:\windows\system32\FNTCACHE.DAT
+ 2010-07-12 11:33 . 2010-07-12 11:33 30432 c:\windows\system32\drivers\avgfwdx.sys
- 2010-12-02 22:58 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-12-02 22:58 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-12-15 15:16 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2010-12-15 15:16 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-12-02 22:58 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-12-02 22:58 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2010-07-12 11:33 . 2010-07-12 11:33 51040 c:\windows\system32\avgfwdx.dll
+ 2009-12-18 12:05 . 2009-12-18 12:05 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\ViewerPS.dll
+ 2009-12-18 15:58 . 2009-12-18 15:58 40368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\reader_sl.exe
+ 2009-12-18 12:05 . 2009-12-18 12:05 67016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\PDFPrevHndlrShim.exe
+ 2009-12-18 12:04 . 2009-12-18 12:04 83376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\PDFPrevHndlr.dll
+ 2009-12-18 09:43 . 2009-12-18 09:43 95672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\nppdf32.dll
+ 2009-12-18 09:57 . 2009-12-18 09:57 13752 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32Info.exe
+ 2009-12-18 09:16 . 2009-12-18 09:16 65536 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\Acrofx32.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2010-12-07 01:22 . 2010-12-07 01:22 60416 c:\windows\ALCFDRTM.EXE
+ 2010-12-07 01:22 . 2010-12-07 01:22 9909 c:\windows\system32\Lang\TradChin.bin
+ 2010-12-07 01:22 . 2010-12-07 01:22 9695 c:\windows\system32\Lang\SimChin.bin
+ 2004-01-07 18:21 . 2004-01-07 18:21 237936 c:\windows\system32\unicows.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
- 2009-03-08 11:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 11:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-12-02 22:58 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-12-02 22:58 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-12-02 22:58 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-12-02 22:58 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-12-02 22:58 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-12-02 22:58 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-12-11 00:21 . 2010-12-11 17:53 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
+ 2009-12-18 09:51 . 2009-12-18 09:51 372736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\pdfshell.dll
+ 2009-11-10 05:34 . 2009-11-10 05:34 448512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\JP2KLib.dll
+ 2009-12-18 09:14 . 2009-12-18 09:14 140728 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AdobeUpdateCheck.exe
+ 2009-12-18 11:55 . 2009-12-18 11:55 738776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AdobeCollabSync.exe
+ 2009-12-18 10:21 . 2009-12-18 10:21 112048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRdIF.dll
+ 2009-12-18 15:58 . 2009-12-18 15:58 345520 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32.exe
+ 2009-12-18 09:17 . 2009-12-18 09:17 632240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroPDF.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-16 15:42 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-16 15:42 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-16 15:42 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-16 15:42 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2010-05-02 05:22 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll
+ 2010-12-02 22:58 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-12-11 00:21 . 2010-12-11 00:21 4272128 c:\windows\Installer\473fdd.msi
+ 2010-12-17 15:24 . 2010-12-17 15:24 1568768 c:\windows\Installer\46255.msi
+ 2010-04-02 18:53 . 2010-04-02 18:53 7220736 c:\windows\Installer\2595a1.msp
+ 2010-06-17 08:25 . 2010-06-17 08:25 3906560 c:\windows\Installer\2595a0.msp
+ 2010-09-24 10:26 . 2010-09-24 10:26 8233984 c:\windows\Installer\25959f.msp
+ 2010-12-17 15:56 . 2010-12-17 15:56 3141632 c:\windows\Installer\2183f9.msi
+ 2009-12-18 09:16 . 2009-12-18 09:16 1949696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\rt3d.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2010-12-02 06:46 . 2010-12-16 15:41 37366216 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2010-12-02 22:58 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-18 15:30 . 2009-12-18 15:30 13313464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32.dll
+ 2010-12-16 15:42 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-27 7204864]
"nwiz"="nwiz.exe" [2005-08-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-27 86016]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"WD Button Manager"="WDBtnMgr.exe" [2010-12-02 335872]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lds.org
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 13:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-19 13:07:55
ComboFix-quarantined-files.txt 2010-12-19 20:07
ComboFix2.txt 2010-12-05 22:46

Pre-Run: 56,520,810,496 bytes free
Post-Run: 57,016,864,768 bytes free

- - End Of File - - 1F91C4394CFB1228B78B2727AB2FB508

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 AM

Posted 19 December 2010 - 06:14 PM

Hi

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Mo2311

Mo2311
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 21 December 2010 - 11:20 AM

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5366

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/21/2010 8:45:09 AM
mbam-log-2010-12-21 (08-45-09).txt

Scan type: Quick scan
Objects scanned: 126245
Time elapsed: 1 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)


I ran the ESET scan but it produced no results and would not let me access any log file.

Next?
Thanks

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 AM

Posted 21 December 2010 - 03:09 PM

Hi,

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Please download and install the latest Java from here

http://java.com/en/download/index.jsp

Java version 6 update 23


NEXT



P2P - I see you have P2P software utorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Add or Remove Programs.


NEXT


Please post a fresh DDS log and advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Mo2311

Mo2311
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 21 December 2010 - 06:59 PM

DDS (Ver_10-12-05.01) - NTFSx86
Run by Mom & Dad at 15:55:15.21 on Tue 12/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1653 [GMT -7:00]

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Mom & Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lds.org
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

=============== Created Last 30 ================

2010-12-21 22:50:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-21 22:50:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-15 15:16:25 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 15:16:09 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-15 03:24:25 -------- d-----w- c:\docume~1\mom&da~1\applic~1\MSNInstaller
2010-12-11 18:36:47 -------- d-----w- c:\docume~1\mom&da~1\applic~1\SUPERAntiSpyware.com
2010-12-11 18:36:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-11 18:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-09 04:20:05 -------- d-----w- c:\docume~1\mom&da~1\applic~1\Scan2PDF
2010-12-09 04:20:03 -------- d-----w- c:\program files\Scan2PDF
2010-12-07 01:22:44 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-12-07 01:22:44 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-12-07 01:22:43 -------- d-----w- c:\windows\system32\Lang
2010-12-05 22:32:59 -------- d-sha-r- C:\cmdcons
2010-12-05 22:31:49 89088 ----a-w- c:\windows\MBR.exe
2010-12-05 22:31:48 98816 ----a-w- c:\windows\sed.exe
2010-12-05 22:31:48 256512 ----a-w- c:\windows\PEV.exe
2010-12-05 22:31:48 161792 ----a-w- c:\windows\SWREG.exe
2010-12-05 22:04:46 -------- d-----w- c:\docume~1\mom&da~1\applic~1\Malwarebytes
2010-12-05 22:04:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 22:04:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-05 22:04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 22:04:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 20:10:18 -------- d-----w- c:\program files\VideoLAN
2010-12-05 19:47:27 -------- d-----r- c:\program files\Skype
2010-12-04 17:09:20 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-04 17:09:20 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-04 17:01:16 53248 ----a-r- c:\docume~1\mom&da~1\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-12-04 17:00:11 -------- d-----w- c:\windows\system32\logishrd
2010-12-04 16:59:13 -------- d-----w- c:\program files\common files\LWS
2010-12-02 23:10:19 -------- d-----w- c:\docume~1\mom&da~1\applic~1\uTorrent
2010-12-02 23:02:58 -------- d-----w- c:\windows\ie8updates
2010-12-02 23:02:44 -------- d-----w- c:\program files\MSXML 4.0
2010-12-02 23:00:38 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-02 23:00:38 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-02 23:00:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-02 22:58:49 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-02 22:58:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-02 22:58:47 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-02 22:58:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-02 22:58:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-02 22:58:46 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-02 22:58:44 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-02 22:48:41 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\Identities
2010-12-02 07:38:05 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-12-02 07:38:05 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-02 07:38:01 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-02 07:24:52 -------- d-sh--w- c:\documents and settings\mom & dad\PrivacIE
2010-12-02 07:05:19 -------- d-----w- c:\windows\system32\scripting
2010-12-02 07:05:19 -------- d-----w- c:\windows\system32\en
2010-12-02 07:05:19 -------- d-----w- c:\windows\system32\bits
2010-12-02 07:05:19 -------- d-----w- c:\windows\l2schemas
2010-12-02 07:03:28 -------- d-----w- c:\windows\network diagnostic
2010-12-02 07:02:28 -------- d-----w- c:\windows\EHome
2010-12-02 06:57:55 -------- d-sh--w- c:\documents and settings\mom & dad\IETldCache
2010-12-02 06:54:45 -------- dc-h--w- c:\windows\ie8
2010-12-02 06:52:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-02 06:52:47 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-02 06:52:26 -------- d-----w- c:\program files\iPod
2010-12-02 06:52:24 -------- d-----w- c:\program files\iTunes
2010-12-02 06:52:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-02 06:51:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-02 06:50:27 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\Apple
2010-12-02 06:50:19 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-02 06:50:18 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-02 06:50:06 -------- d-----w- c:\program files\Bonjour
2010-12-02 06:49:28 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\Apple Computer
2010-12-02 06:44:45 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-02 06:34:40 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-12-02 06:20:33 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-12-02 06:20:13 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-12-02 06:19:53 8704 ----a-w- c:\windows\system32\CNMVS7R.DLL
2010-12-02 06:19:53 59392 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP7R.DLL
2010-12-02 06:19:53 20992 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD7R.DLL
2010-12-02 06:19:53 140288 ----a-w- c:\windows\system32\CNMLM7R.DLL
2010-12-02 06:19:53 -------- d-----w- C:\CanonMP
2010-12-02 06:19:23 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-02 06:17:35 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-12-02 06:17:16 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-12-02 06:17:08 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-12-02 06:17:07 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-12-02 06:17:02 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-12-02 06:16:49 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-02 06:16:41 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-12-02 06:16:41 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-12-02 06:15:23 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-12-02 06:14:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-12-02 06:14:40 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-12-02 06:10:48 335872 ----a-w- c:\windows\system32\WDBtnMgr.exe
2010-12-02 06:10:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Retrospect
2010-12-02 06:10:34 -------- d-----w- c:\program files\Dantz
2010-12-02 06:10:20 53248 ------w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2010-12-02 06:10:19 126976 ------w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2010-12-02 06:10:19 114688 ------w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2010-12-02 06:07:49 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\LogiShrd
2010-12-02 06:07:10 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-12-02 06:07:10 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-12-02 06:07:10 4323040 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-12-02 06:07:10 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-12-02 06:06:58 38238 ----a-w- c:\windows\system32\Repository.reg
2010-12-02 06:06:58 283744 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-12-02 06:06:58 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2010-12-02 06:06:58 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2010-12-02 06:06:48 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-12-02 05:58:06 -------- d-----w- c:\program files\Canon
2010-12-02 05:57:36 304128 ----a-w- c:\windows\IsUninst.exe
2010-12-02 05:57:33 -------- d-----w- c:\documents and settings\mom & dad\WINDOWS
2010-12-02 05:55:37 6475096 ----a-w- c:\windows\system32\NEFcodec.dll
2010-12-02 05:55:37 200704 ----a-r- c:\windows\system32\Strato7.dll
2010-12-02 05:55:37 110592 ----a-r- c:\windows\system32\RCSigProc.dll
2010-12-02 05:54:22 49152 ----a-r- c:\docume~1\mom&da~1\applic~1\microsoft\installer\{d2fcc1ae-6311-47c5-8130-c6c66d77dd71}\ARPPRODUCTICON.exe
2010-12-02 05:54:01 57344 ----a-r- c:\docume~1\mom&da~1\applic~1\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
2010-12-02 05:47:22 -------- d-----w- c:\program files\common files\muvee Technologies
2010-12-02 05:47:20 -------- d-----w- c:\program files\common files\Nikon
2010-12-02 05:47:17 -------- d-----w- c:\program files\Nikon
2010-12-02 05:31:52 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-12-02 05:31:52 -------- d-----w- c:\windows\system32\PreInstall
2010-12-02 05:31:51 -------- d--h--w- c:\windows\$hf_mig$
2010-12-02 05:30:45 -------- d-----w- c:\docume~1\mom&da~1\applic~1\AVG10
2010-12-02 05:28:46 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-02 05:28:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-02 05:26:56 -------- d-----w- c:\program files\AVG
2010-12-02 05:23:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-02 05:20:27 -------- d-sh--w- c:\documents and settings\mom & dad\UserData
2010-12-02 05:15:15 -------- d-----w- c:\docume~1\mom&da~1\locals~1\applic~1\Mozilla
2010-12-02 05:07:59 7204864 ----a-w- c:\windows\system32\nvcpl.dll
2010-12-02 05:04:23 -------- d-----w- c:\windows\Downloaded Installations
2010-12-02 05:03:53 454656 ----a-w- c:\windows\system32\CapabilityTable.exe
2010-12-02 05:03:44 92800 ----a-r- c:\windows\system32\drivers\nvata.sys
2010-12-02 05:03:44 300032 ----a-r- c:\windows\system32\idecoi.dll
2010-12-02 05:03:09 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-12-02 05:03:09 -------- d-----w- c:\program files\AMD
2010-12-02 05:01:55 33536 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-12-02 05:00:57 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-12-02 05:00:54 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

==================== Find3M ====================

2010-12-02 05:42:49 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 02:47:28 195168 ----a-w- c:\windows\system32\lvci13101216.dll
2010-11-10 02:45:32 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-11-10 02:45:30 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
2010-11-10 02:45:20 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-07 19:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 19:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 19:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 19:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 15:55:37.17 ===============

#8 Mo2311

Mo2311
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 21 December 2010 - 07:02 PM

Heres the attach file.
I also ran avast
antimalware and superantispyware all in safemode.
No results came up
Browser is still redirecting (google-analytics.com)
Also deleted utorrent as recommended
Next?
Thanks

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 AM

Posted 21 December 2010 - 11:23 PM

Hi

Please do the following:

reset your router to it's factory default settings:

Reset your router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.



NEXT



  • Go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.


NEXT



Download Flush Flash Cookies by Bobbi Flekman.
Select the Windows version and save flushflash.exe to your Desktop.
Double-click flushflash.exe to run it.
Select Everything but Site settings.
Click Make it so!.
When the "Killed off all Flash cookies" window opens, click OK.
Close Flush Flash Cookies.



clear all other cookies

Delete all currently saved cookies from your computer.

In Internet Explorer,
click Tools > Internet Options and then click the Delete Cookies button on the General tab.

In Firefox,
click Tools > Clear Recent History > Set Time range to clear to Everything
Click on the arrow next to Details to expand the list of history items.
Select Cookies and make sure that other items you want to keep are not selected.
Click Clear Now to clear the cookies and close the Clear Recent History window

NEXT

Please download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should reboot your machine, if not, manually reboot to ensure a complete clean

NEXT


Reset your Hosts file back to default

Use the 'fix-It" button on this microsoft site;

http://support.microsoft.com/kb/972034



NEXT



Please let me know if you are still being redirected

Edited by CatByte, 21 December 2010 - 11:23 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 AM

Posted 27 December 2010 - 11:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send a Private Message to any Moderator or the Malware Helper who replied to you here and ask them to reopen this topic within the next 5 days.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users