TechSpot

My Internet Explorer is infected with CiD malware, help?

By economichitman
Nov 9, 2009
  1. Dear friends from the support team,

    I hope you don't mind me pasting the log files here on the thread as I do not know how to save them in log. files or txt. Not very literate on IT. Anyway, I keep on having the CiD popups which is well annoying me. Please help me to eradicate this malicious malware/spyware/virus/rootkits! Your help will be very much appreciated.

    Thank you.

    EconomicHitman.
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    Log files from SUPERAntiSpyware Scan Log

    The results obtained from SUPERAntiSpyware Scan Log:
    http://www.superantispyware.com

    Generated 11/09/2009 at 01:18 PM

    Application Version : 4.29.1004

    Core Rules Database Version : 4248
    Trace Rules Database Version: 2138

    Scan type : Complete Scan
    Total Scan Time : 00:38:11

    Memory items scanned : 765
    Memory threats detected : 0
    Registry items scanned : 7798
    Registry threats detected : 5
    File items scanned : 27501
    File threats detected : 2

    Rogue.Component/Trace
    HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187\Options
    HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187\Options#Aff
    HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187\Options#AdvancedScanType
    HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187\Options#FirstRunUrl
    HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187

    Adware.Tracking Cookie
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.yieldmanager[1].txt
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@collective-media[1].txt
     
  4. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    Thanks kimsland, will see to it. Cheers!
     
  5. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    Dear support team,

    Please look into my logs and tell me what is my problem and how do I eradicate my problem with the CiD popups!

    Thank you very much!

    Cheers!
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Your long Malwarebytes scan (4+hrs) only needed to be run as a quick scan in Normal mode
    Quick scan lasts for about ~ ... 10mins ! :( Oh well, at least you were thorough
    Note: The 8-Step guide also states "Quick Scan" (But what's done is done)

    You have Ad-Aware installed, if this is the free version (likely yes) please uninstall it
    You have some old entries referring to Symantec (Norton) Please run the >> Norton Removal Tool

    You have AVG8 installed. But, AVG is up to Ver9 now (actually for some time)
    Here's my take on that (Note you can just update to AVG9, but the following is what I'd do...)
    Uninstall AVG8 through Add/Remove Programs
    Run the >> AVG Remover (this is a must)
    Restart

    Download >> Free Avira Antivirus
    Install it, and then update it (Note: The first update is always slow, as per every application in the world. You just need to wait)
    Then once updated, run a full scan

    Provide the Avira log report as an >> [​IMG] Attachment to your next reply
    Also, (before replying) run CCleaner again
    Plus, run the Registry clean in CCleaner (I usually run it 3 times in a row, fixing all issues - without backup)
    Then Restart (restart is required)

    Then do a Scan Only with HJT, and also provide that log as an >> [​IMG] Attachment to your next reply
    Well, it will be one reply with two attachments ;) I would also like to know how its now performing
     
  7. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    Ah yes, I thought I ought to have it thoroughly scanned =) Paranoid. Anyway, what's done is done.

    Hmm.. you say to have my AVG removed. My AVG is the paid full version though. Do I really have to uninstall this and remove it from the system? Is Avira more adequate?
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Sorry

    Keep your paid version, forget free Avira :(
     
  9. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    Sorry I'm not questioning your ability to help me fix my problems. It was an honest question because if Avira is better I will do as instructed. Please share your thoughts.
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Oh, sorry I've got my mind on other things, and then I eventually check my emails and go, oh I better reply quickly :) Just seems to be taking 10mins though

    Anyway, look at it this way, I'd lose AVG even if I payed for it !
    BUT, I'm not really suppose to say that. Really you should keep your paid version of AVG, because:
    • You paid for it
    • The paid version actually does more than free Avira, regarding protection
    • Support should not tell you to remove your paid AVG Antivirus, which is world respected
    So please keep it
     
  11. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    So what do I do now? Proceed with the previous stated instructions by you and re-attach the log files over the thread?
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Had you run a full updated Antivirus scan as yet?

    Also have a look at importing a better Hosts file: http://www.mvps.org/winhelp2002/hosts.htm
    Sorry to be brief, I cannot get my mind set on this. If others want to reply and help that will be ideal
     
  13. kritius

    kritius TS Guru Posts: 2,084

    Disable resident protections (Antivirus...); you'll re-enable them after the scan

    Download Lop S&D < here

    Double-click Lop S&D.exe
    Choose the language, then choose Option 2 (Fix + Hosts)
    Wait till the end of the scan
    Post the log which is created: (%SystemDrive%\lopR.txt)


    DDS by sUBs
    Please download DDS by sUBs from HERE or HERE and save it to your Desktop.

    Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    • Double click on dds to run it.
    • When done, DDS.txt will open.
    • You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
    • When done, Attach.txt will open.
    • Please copy and paste the contents of DDS.txt and attach Attach.txt in your next reply.
     
  14. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    To kimsland: Yes I did a full AVG AntiVirus scan yesterday. Shall post the log you reference. Have yet to do a full scan again today. Will post up a new log later when done.

    To krisius: Yes I shall see to that right now. FYI I did the 8 steps today but I will follow your instruction again just so I want my system thoroughly cleaned!

    Thank you guys!
     
  15. kritius

    kritius TS Guru Posts: 2,084

    Don't bother with the 8 steps, just do Lop S&D and DDS
     
  16. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    This is the contents of DDS.txt & attached is the Attach.txt.

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by User at 23:01:50.26 on Mon 09/11/2009
    Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1534.310 [GMT 8:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Program Files\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Windows\System32\ACEngSvr.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\ifxspmgt.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\ATK Hotkey\KBFiltr.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\ifxtcs.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\IfxPsdSv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\ifxuagui.exe
    C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
    C:\Program Files\Infineon\Security Platform Software\SpTna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\User\Downloads\dds.pif

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=8j53eld3657vp
    uDefault_Page_URL = hxxp://www.asus.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.asus.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
    mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
     
  17. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    continued log file from earlier post.

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\qpb6hqk0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?nm=1
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-4 12552]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-7 64288]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-4 335240]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-4 108552]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-4 908056]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-4 297752]
    R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-23 309008]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-12 21504]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]

    =============== Created Last 30 ================

    2009-11-09 14:53:17 0 d-----w- C:\Lop SD
    2009-11-09 10:25:11 0 d-----w- c:\program files\Trend Micro
    2009-11-09 05:59:13 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-09 04:31:43 0 d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-11-09 04:28:28 0 d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
    2009-11-09 04:28:28 0 d-----w- c:\program files\SUPERAntiSpyware
    2009-11-09 04:27:31 0 d-----w- c:\program files\common files\Wise Installation Wizard
    2009-11-07 15:09:55 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
    2009-11-07 15:09:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-07 15:09:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-07 15:09:49 0 d-----w- c:\programdata\Malwarebytes
    2009-11-07 15:09:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-07 06:10:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-11-07 06:10:38 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2009-11-07 05:46:02 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    2009-11-07 05:45:30 0 d-----w- c:\programdata\Lavasoft
    2009-11-07 05:45:30 0 d-----w- c:\program files\Lavasoft
    2009-11-07 05:30:40 38 ----a-w- c:\windows\avisplitter.ini
    2009-11-07 05:30:40 178176 ----a-w- c:\windows\system32\unrar.dll
    2009-11-07 05:30:39 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2009-11-07 05:30:39 414 ----a-w- c:\windows\system32\lame_acm.xml
    2009-11-07 05:30:39 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2009-11-07 05:30:39 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2009-11-07 05:30:37 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-11-07 05:30:37 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2009-11-07 05:30:35 0 d-----w- c:\program files\K-Lite Codec Pack
    2009-11-05 17:53:36 0 d-----w- c:\programdata\Name 2 second
    2009-11-05 17:52:53 0 d-----w- c:\program files\Cicle Developement
    2009-11-04 13:38:42 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2009-11-04 13:38:05 87552 ----a-w- c:\windows\system32\wudriver.dll
    2009-11-04 13:37:45 33792 ----a-w- c:\windows\system32\wuapp.exe
    2009-11-04 13:37:45 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2009-11-03 16:12:18 0 d-----w- c:\program files\iPod
    2009-11-03 16:12:14 0 d-----w- c:\program files\iTunes
    2009-11-03 08:15:50 0 d-----w- c:\program files\Windows Portable Devices
    2009-11-03 08:15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-03 08:15:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-03 08:11:03 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-11-03 08:11:03 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-11-03 08:11:03 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-11-03 08:09:35 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-11-03 08:09:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-11-03 08:09:35 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-11-03 08:07:33 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2009-11-03 08:07:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-11-03 07:40:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2009-10-15 01:56:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-10-15 01:56:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-10-14 06:20:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-10-14 06:20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-10-14 06:20:00 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-10-11 18:21:24 0 d-----w- c:\users\user\Office Genuine Advantage
     
  18. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    the last part of the log.

    ==================== Find3M ====================

    2009-11-09 05:24:37 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2009-11-03 08:15:33 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-03 08:15:33 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-11-03 08:15:32 86016 ----a-w- c:\windows\inf\infstor.dat
    2009-11-03 08:15:31 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-11-02 12:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
    2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
    2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
    2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
    2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
    2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
    2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
    2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
    2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
    2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
    2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
    2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
    2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
    2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
    2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
    2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
    2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
    2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2009-09-17 16:43:27 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
    2009-09-14 09:29:50 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-09-14 08:58:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
    2009-09-04 08:34:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-09-03 01:55:19 25070 ----a-w- c:\users\user\appdata\roaming\nvModes.dat
    2009-08-28 11:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-08-20 16:13:06 56 ---ha-w- c:\programdata\ezsidmv.dat
    2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
    2009-08-16 17:55:06 174 --sha-w- c:\program files\desktop.ini
    2009-08-16 14:48:39 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2009-08-16 14:48:28 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
    2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
    2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
    2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 23:03:49.21 ===============
     
  19. kritius

    kritius TS Guru Posts: 2,084

    Uninstall this,

    Messenger Plus! Live & Sponsor (CiD)

    Lop S&D go ok?
     
  20. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    Lop S&D went ok.

    So I uninstall MSN Messenger Plus eh? I figured something is wrong because when I log on to my hotmail recently, my MSN app will automatically be activated and be running.
     
  21. kritius

    kritius TS Guru Posts: 2,084

    Yes uninstall it.

    Have you had more pop ups?
     
  22. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    Oh right! Why didn't I see that!? How could I missed that? =)

    Messenger Plus! Live & Sponsor (CiD) ---> DELETED! Done Deal!

    Thanks man! Will plug offline soon and let the programs run and scan while I sleep! Will update on my laptop's performances. Thank you for the help guys!
     
  23. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    Kritius, I have uninstalled it and deleted the program. Will download a new one. Now please enlighten me, is the tracking worm/malware from Messenger Plus or was it from an outsider application that was hiding there? What I want to know is that how did it get there? Through MSN contact's malwares when they sent through in message windows or was it from my accidental clicks on pop-ups when surfing the net? Or did I get it from downloading something from the web?

    Just so I know how to avoid it in the future. So is it safe for me to download a new MSN messenger? I usually get it from www.filehippo.com

    Btw, do you happen to know why Mozilla Firefox is not running or operationg as efficient as before? I used to surf on Mozilla but since it worked up on me, I have been using IE8. I haven't had problem as such when I used Mozilla.
     
  24. kritius

    kritius TS Guru Posts: 2,084

  25. economichitman

    economichitman TS Rookie Topic Starter Posts: 20

    AVG log file, please scrutinize.

    Hi guys, after deleting --> Messenger Plus! Live & Sponsor (CiD) as instructed by kristius. Before I sleep last night, I did another AVG AntiVirus scan just to make sure. The attached file is the log file, could some one scrutinize it for me. So far, there is no pop-ups. But is it because I caught it from MSN or what?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...