Laloube
2013-01-06, 11:28
Hello,
I accidentaly downloaded a file yesterday that was probably including SweetIM. I realized there was something wrong when I was on Google (using Firefox) and most of the links I was trying to open were "re-directing me" to advertising pages and some other ....
I have then downloaded Spybot and so realized that there was this SweetIM thing probably making shit on my PC. I uninstalled from my programs but it looks like it is still there as I am re-directed to different pages than the ones I want to go on Internet. Please could you help me totally remove this thing from my computer?
Thanks a lot for your time and assistance.
PS: When I scanned my pc with avast and malwarebites, it doesn't find anything suspicious. Please HELP!!!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by françois at 9:59:05 on 2013-01-06
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1948.776 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\françois\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\françois\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KGMPFP] rundll32 "C:\Users\françois\AppData\Roaming\mlangc.dll",Abfde
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\FRANOI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\françois\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\FRANOI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
TCP: NameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{2D0387D1-B3CC-460E-96A5-A26EF51BB78E} : DHCPNameServer = 212.27.40.241 212.27.40.240
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\françois\AppData\Roaming\Mozilla\Firefox\Profiles\f9op5ka9.default-1357310268400\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-12-5 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-12-5 15920]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-5 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-5 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-5 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-5 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-5 44808]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]
R3 IntcDAud;Son Intel(R) pour écrans;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-4 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-5 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-01-06 08:59:07 -------- d-----w- C:\Users\franþois\AppData\Local\Microsoft
2013-01-05 16:16:50 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35CE6A04-D87B-4969-A88D-D8E0379A6D36}\gapaengine.dll
2013-01-05 16:16:47 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{711DD55A-8AF1-48BD-9924-546C3AFA27BB}\mpengine.dll
2013-01-05 16:14:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-01-05 16:13:19 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-01-05 15:47:09 -------- d-----w- C:\Program Files\CCleaner
2013-01-05 15:30:26 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-01-05 15:30:22 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-01-05 15:30:18 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-01-05 15:29:03 41224 ----a-w- C:\Windows\avastSS.scr
2013-01-05 15:28:43 -------- d-----w- C:\ProgramData\AVAST Software
2013-01-05 15:28:43 -------- d-----w- C:\Program Files\AVAST Software
2013-01-04 17:43:33 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2013-01-04 17:43:30 -------- d-----w- C:\Windows\System32\wbem\en-US
2013-01-04 17:43:25 -------- d-----w- C:\Windows\SysWow64\Wat
2013-01-04 17:43:25 -------- d-----w- C:\Windows\System32\Wat
2013-01-04 15:48:29 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-01-04 15:26:21 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-01-04 15:26:21 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-04 15:26:21 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-04 15:26:21 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-04 15:26:21 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-01-04 15:26:20 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-04 15:23:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-04 15:23:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-04 15:23:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-04 15:23:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-04 15:23:31 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-04 14:06:45 -------- d-----w- C:\Users\françois\AppData\Roaming\Malwarebytes
2013-01-04 14:06:17 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-04 14:06:15 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-04 14:06:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-04 13:43:00 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-04 13:42:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6F89BDB-F082-46DD-82A6-17C63E4390A0}\mpengine.dll
2013-01-04 12:19:40 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-04 12:08:59 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-01-04 12:08:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-01-04 12:08:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-01-04 12:08:57 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-01-04 12:08:56 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-01-04 12:06:12 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-01-04 12:06:09 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 12:04:13 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-01-04 12:04:13 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-01-04 12:03:26 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-01-04 12:03:25 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2013-01-04 12:03:25 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-01-04 12:02:41 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-01-04 12:02:21 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-01-04 12:02:21 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-01-04 12:02:21 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-01-04 11:59:41 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-01-04 10:01:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-04 10:01:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-04 08:28:32 122880 --sha-r- C:\Users\françois\AppData\Roaming\mlangc.dll
2013-01-02 17:55:27 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-01-02 17:55:08 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-12-20 10:07:36 -------- d--h--w- C:\ProgramData\CanonIJScan
2012-12-20 10:07:34 -------- d-----w- C:\Users\françois\AppData\Roaming\Canon
2012-12-19 22:59:32 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
2012-12-19 22:59:32 -------- d--h--w- C:\ProgramData\CanonEPP
2012-12-19 22:53:43 -------- d-----w- C:\ProgramData\CanonIJMSetup
2012-12-19 22:45:56 -------- d-----w- C:\ProgramData\CanonIJWSpt
2012-12-19 22:07:06 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA9.DLL
2012-12-19 22:07:06 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA9.DLL
2012-12-19 22:04:46 348672 ----a-w- C:\Windows\System32\CNC495L.dll
2012-12-19 22:04:46 307200 ----a-w- C:\Windows\SysWow64\CNC495L.dll
2012-12-19 22:04:46 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2012-12-19 22:04:46 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2012-12-19 22:04:46 1354240 ----a-w- C:\Windows\System32\CNC495C.dll
2012-12-19 22:04:46 112128 ----a-w- C:\Windows\System32\CNC495I.dll
2012-12-19 22:04:46 106496 ----a-w- C:\Windows\SysWow64\CNC495U.dll
2012-12-19 22:04:27 361472 ----a-w- C:\Windows\System32\CNMLMA9.DLL
2012-12-19 22:03:55 103424 ----a-w- C:\Windows\System32\CNC495O.dll
2012-12-19 22:02:57 248320 ----a-w- C:\Windows\System32\CNMIUA9.DLL
2012-12-19 22:00:34 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2012-12-19 22:00:34 -------- d-----w- C:\Windows\System32\STRING
2012-12-19 22:00:32 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2012-12-19 21:57:13 -------- d-----w- C:\Program Files (x86)\Canon
2012-12-18 14:43:14 -------- d-----r- C:\Users\françois\Dropbox
2012-12-18 14:40:21 -------- d-----w- C:\Users\françois\AppData\Roaming\Dropbox
2012-12-18 12:03:02 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-12-18 12:02:49 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-18 12:02:49 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-14 09:14:17 -------- d-----w- C:\Users\françois\AppData\Roaming\Skype
2012-12-14 09:14:01 -------- d-----r- C:\Program Files (x86)\Skype
2012-12-08 21:36:33 -------- d-----w- C:\Program Files (x86)\PokerStars.FR
.
==================== Find3M ====================
.
2013-01-05 15:52:36 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-05 15:52:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-05 15:53:16 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-12-05 15:49:59 61952 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-12-05 15:47:17 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-12-05 15:47:17 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-12-05 15:47:17 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 10:00:35,26 ===============
As I want to run and provide the aswMBR logs, in the process it stops functioning.
Again, the main symptom of my computer so far is when going online (I use Firefox), requested pages are not opening and I am being re-directed to other pages (mainly advertising). Thank you!
I accidentaly downloaded a file yesterday that was probably including SweetIM. I realized there was something wrong when I was on Google (using Firefox) and most of the links I was trying to open were "re-directing me" to advertising pages and some other ....
I have then downloaded Spybot and so realized that there was this SweetIM thing probably making shit on my PC. I uninstalled from my programs but it looks like it is still there as I am re-directed to different pages than the ones I want to go on Internet. Please could you help me totally remove this thing from my computer?
Thanks a lot for your time and assistance.
PS: When I scanned my pc with avast and malwarebites, it doesn't find anything suspicious. Please HELP!!!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by françois at 9:59:05 on 2013-01-06
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1948.776 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\françois\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\françois\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KGMPFP] rundll32 "C:\Users\françois\AppData\Roaming\mlangc.dll",Abfde
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\FRANOI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\françois\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\FRANOI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
TCP: NameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{2D0387D1-B3CC-460E-96A5-A26EF51BB78E} : DHCPNameServer = 212.27.40.241 212.27.40.240
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\françois\AppData\Roaming\Mozilla\Firefox\Profiles\f9op5ka9.default-1357310268400\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-12-5 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-12-5 15920]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-5 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-5 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-5 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-5 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-5 44808]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]
R3 IntcDAud;Son Intel(R) pour écrans;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-4 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-5 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-01-06 08:59:07 -------- d-----w- C:\Users\franþois\AppData\Local\Microsoft
2013-01-05 16:16:50 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35CE6A04-D87B-4969-A88D-D8E0379A6D36}\gapaengine.dll
2013-01-05 16:16:47 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{711DD55A-8AF1-48BD-9924-546C3AFA27BB}\mpengine.dll
2013-01-05 16:14:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-01-05 16:13:19 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-01-05 15:47:09 -------- d-----w- C:\Program Files\CCleaner
2013-01-05 15:30:26 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-01-05 15:30:22 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-01-05 15:30:18 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-01-05 15:29:03 41224 ----a-w- C:\Windows\avastSS.scr
2013-01-05 15:28:43 -------- d-----w- C:\ProgramData\AVAST Software
2013-01-05 15:28:43 -------- d-----w- C:\Program Files\AVAST Software
2013-01-04 17:43:33 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2013-01-04 17:43:30 -------- d-----w- C:\Windows\System32\wbem\en-US
2013-01-04 17:43:25 -------- d-----w- C:\Windows\SysWow64\Wat
2013-01-04 17:43:25 -------- d-----w- C:\Windows\System32\Wat
2013-01-04 15:48:29 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-01-04 15:26:21 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-01-04 15:26:21 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-04 15:26:21 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-04 15:26:21 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-04 15:26:21 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-01-04 15:26:20 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-04 15:23:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-04 15:23:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-04 15:23:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-04 15:23:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-04 15:23:31 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-04 14:06:45 -------- d-----w- C:\Users\françois\AppData\Roaming\Malwarebytes
2013-01-04 14:06:17 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-04 14:06:15 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-04 14:06:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-04 13:43:00 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-04 13:42:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6F89BDB-F082-46DD-82A6-17C63E4390A0}\mpengine.dll
2013-01-04 12:19:40 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-04 12:08:59 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-01-04 12:08:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-01-04 12:08:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-01-04 12:08:57 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-01-04 12:08:56 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-01-04 12:06:12 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-01-04 12:06:09 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 12:04:13 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-01-04 12:04:13 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-01-04 12:03:26 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-01-04 12:03:25 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2013-01-04 12:03:25 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-01-04 12:02:41 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-01-04 12:02:21 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-01-04 12:02:21 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-01-04 12:02:21 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-01-04 11:59:41 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-01-04 10:01:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-04 10:01:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-04 08:28:32 122880 --sha-r- C:\Users\françois\AppData\Roaming\mlangc.dll
2013-01-02 17:55:27 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-01-02 17:55:08 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-12-20 10:07:36 -------- d--h--w- C:\ProgramData\CanonIJScan
2012-12-20 10:07:34 -------- d-----w- C:\Users\françois\AppData\Roaming\Canon
2012-12-19 22:59:32 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
2012-12-19 22:59:32 -------- d--h--w- C:\ProgramData\CanonEPP
2012-12-19 22:53:43 -------- d-----w- C:\ProgramData\CanonIJMSetup
2012-12-19 22:45:56 -------- d-----w- C:\ProgramData\CanonIJWSpt
2012-12-19 22:07:06 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA9.DLL
2012-12-19 22:07:06 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA9.DLL
2012-12-19 22:04:46 348672 ----a-w- C:\Windows\System32\CNC495L.dll
2012-12-19 22:04:46 307200 ----a-w- C:\Windows\SysWow64\CNC495L.dll
2012-12-19 22:04:46 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2012-12-19 22:04:46 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2012-12-19 22:04:46 1354240 ----a-w- C:\Windows\System32\CNC495C.dll
2012-12-19 22:04:46 112128 ----a-w- C:\Windows\System32\CNC495I.dll
2012-12-19 22:04:46 106496 ----a-w- C:\Windows\SysWow64\CNC495U.dll
2012-12-19 22:04:27 361472 ----a-w- C:\Windows\System32\CNMLMA9.DLL
2012-12-19 22:03:55 103424 ----a-w- C:\Windows\System32\CNC495O.dll
2012-12-19 22:02:57 248320 ----a-w- C:\Windows\System32\CNMIUA9.DLL
2012-12-19 22:00:34 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2012-12-19 22:00:34 -------- d-----w- C:\Windows\System32\STRING
2012-12-19 22:00:32 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2012-12-19 21:57:13 -------- d-----w- C:\Program Files (x86)\Canon
2012-12-18 14:43:14 -------- d-----r- C:\Users\françois\Dropbox
2012-12-18 14:40:21 -------- d-----w- C:\Users\françois\AppData\Roaming\Dropbox
2012-12-18 12:03:02 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-12-18 12:02:49 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-18 12:02:49 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-14 09:14:17 -------- d-----w- C:\Users\françois\AppData\Roaming\Skype
2012-12-14 09:14:01 -------- d-----r- C:\Program Files (x86)\Skype
2012-12-08 21:36:33 -------- d-----w- C:\Program Files (x86)\PokerStars.FR
.
==================== Find3M ====================
.
2013-01-05 15:52:36 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-05 15:52:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-05 15:53:16 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-12-05 15:49:59 61952 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-12-05 15:47:17 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-12-05 15:47:17 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-12-05 15:47:17 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 10:00:35,26 ===============
As I want to run and provide the aswMBR logs, in the process it stops functioning.
Again, the main symptom of my computer so far is when going online (I use Firefox), requested pages are not opening and I am being re-directed to other pages (mainly advertising). Thank you!