Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 ac-b

ac-b

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 19 December 2010 - 02:14 PM

I have tried Hitman Pro, ComboFix, have already doen the GMER, DDS and MBA-M sessons previously. I have run CCleaner after ComboFix and the problem just returned.

DDS Log

DDS (Ver_10-12-12.02) - NTFSx86
Run by Adrian at 18:11:07.71 on 18/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1661 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DriverHive\DriverHiveTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Adrian\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101127105800.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiade.exe /f "c:\windows\temp\E_SB4.tmp" /EF "HKLM"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EPSON Stylus DX4800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiade.exe /f "c:\windows\temp\E_S6C.tmp" /EF "HKLM"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
mRun: [DriverHiveTray] c:\program files\driverhive\DriverHiveTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\adrian\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adrian\applic~1\mozilla\firefox\profiles\umdc79jm.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2010-10-14 3026]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-27 84072]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-27 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-27 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-27 141792]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2007-3-22 15840]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-27 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-27 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-27 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-27 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-27 88544]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-27 84264]
S2 gupdate1c9b9d3a7644858;Google Update Service (gupdate1c9b9d3a7644858);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 bfastfao;bfastfao;\??\c:\docume~1\alex\locals~1\temp\bfastfao.sys --> c:\docume~1\alex\locals~1\temp\bfastfao.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\adrian\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\adrian\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-27 88544]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-11-25 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-11-25 51840]

=============== Created Last 30 ================

2010-12-17 20:37:14 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{8985c3ad-a2b5-46cf-8381-6c4070569962}\mpengine.dll
2010-12-17 20:37:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-17 20:29:07 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-17 19:18:23 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-12-17 18:55:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\BSD
2010-12-17 18:55:30 -------- d-----w- c:\docume~1\adrian\applic~1\BSD
2010-12-17 18:55:11 2226176 ----a-w- c:\windows\bsdsetup.dll
2010-12-17 18:55:11 -------- d-----w- c:\program files\DriverHive
2010-12-17 18:47:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-17 18:35:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-17 18:34:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-17 18:32:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-16 19:30:10 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 19:27:05 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 13:55:06 -------- d-----w- C:\DeusEx
2010-12-11 21:07:25 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-11 21:07:25 126976 ----a-w- c:\windows\War3Unin.exe
2010-12-11 20:48:32 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-11 20:48:14 -------- d-----w- c:\docume~1\adrian\applic~1\DAEMON Tools Lite
2010-12-11 18:48:51 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-11 18:48:49 -------- d-----w- c:\program files\World of Warcraft
2010-12-11 18:47:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-12-01 22:28:31 -------- d-----w- c:\docume~1\adrian\applic~1\Malwarebytes
2010-12-01 22:28:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 22:28:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-01 22:28:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 22:28:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 22:18:48 -------- d-----w- c:\program files\Karen's Power Tools
2010-11-29 22:18:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Karen's Power Tools
2010-11-28 19:52:08 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
2010-11-28 19:51:40 -------- d-----w- c:\docume~1\adrian\locals~1\applic~1\PackageAware
2010-11-28 15:43:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Percussion Kit
2010-11-28 15:43:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Organs
2010-11-28 15:43:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Multipressor
2010-11-27 18:33:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-11-27 18:19:15 -------- d-----w- c:\program files\Citrix
2010-11-27 18:19:05 -------- d-----w- c:\docume~1\adrian\locals~1\applic~1\Citrix
2010-11-27 18:12:25 -------- d-----w- c:\docume~1\adrian\applic~1\McAfee
2010-11-27 12:57:18 -------- d-----w- c:\program files\Support Tools
2010-11-27 10:58:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2010-11-27 10:57:58 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-27 10:57:45 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-11-27 10:57:45 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-27 10:57:45 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-11-27 10:57:45 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-27 10:57:45 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-27 10:57:45 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-27 10:57:45 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-27 10:57:36 -------- d-----w- c:\program files\common files\Mcafee
2010-11-27 10:57:34 -------- d-----w- c:\program files\McAfee.com
2010-11-27 10:57:23 -------- d-----w- c:\program files\McAfee
2010-11-27 10:36:40 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

==================== Find3M ====================

2010-12-13 18:02:38 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-13 18:02:38 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-13 18:02:38 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-28 15:39:12 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 11:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 11:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe

============= FINISH: 18:13:03.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:57 PM

Posted 29 December 2010 - 09:08 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:57 PM

Posted 03 January 2011 - 08:44 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users