medoose
2011-05-19, 16:43
first of all, thx to TASHI (http://forums.spybot.info/member.php?u=7) for guidances... i wish i dont make mistakes now... LOL :oops:
------------------------------------------------------------
Hallo guys, please help me, this "google redirected virus" is very stubborn to remove...
At the first, I got "windows recovery virus" but it had been resolved by using spybot.
After that, I have "google redirected virus", so everytime I open firefox (my default browser), it ALWAYS asks me to set as default browser, and the proxy always changes to 127.0.0.1:59677. Every google search result is often redirected to other site. In Additions, I always find that iexplorer.exe is running in background (when opening task manager).
I did virus scanning repeatly both in normal mode and safe mode, by using spybot, avira, turn to vipre, malwarebites, RKILL, etc. But there's always no threads found..
I also had tried Combofix but it results nothing, I didn't read this before:
http://forums.spybot.info/showthread.php?t=16806, because I found combofix info from other site..
------------------------------------
Here is my DDS log:
------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Medoose at 20:12:03.09 on 01/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.62.1033.18.3038.2041 [GMT 7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Sun\SDK\lib\appservService.exe
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Sun\SDK\jdk\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Medoose\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [CPU temperature and system information utility] c:\program files\core temp\Core Temp.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\users\medoose\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\medoose\appdata\roaming\mozilla\firefox\profiles\tdm5tdp7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-19 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-19 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-19 656320]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-5-19 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-5-19 31184]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-6-2 38976]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2011-5-17 202928]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\sdk\lib\appservservice.exe "\"c:\sun\sdk\bin\asadmin.bat\" start-domain --user admin domain1" "\"c:\sun\sdk\bin\asadmin.bat\" stop-domain domain1\" --> c:\sun\sdk\lib\appservservice.exe \c:\sun\sdk\bin\asadmin.bat\ [?]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-4-22 86792]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-5-19 756680]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2008-10-28 886056]
R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [2010-6-2 241664]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-3-4 48600]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-2 176128]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-9-12 69168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-2 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-2 112128]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-3-2 103040]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-6-2 9728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pr3gmdm;PROLiNK 3.5G USB Adapter - MODEM;c:\windows\system32\drivers\pr3gmdm.sys [2010-2-25 106880]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-19 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-19 1150936]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1343400]
S3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [2010-10-4 102656]
.
=============== Created Last 30 ================
.
2011-05-19 11:10:14 -------- d-----w- c:\program files\ESET
2011-05-19 10:44:12 1407280 ----a-w- C:\TeDeEsESKiller.exe
2011-05-19 06:20:41 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-18 22:43:12 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-18 22:43:12 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-18 22:43:10 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-18 22:43:10 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-05-18 22:42:57 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-18 22:42:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-18 22:42:35 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-18 22:42:13 -------- d-----w- c:\program files\common files\PC Tools
2011-05-18 22:42:12 -------- d-----w- c:\users\medoose\appdata\roaming\PC Tools
2011-05-18 22:42:12 -------- d-----w- c:\program files\PC Tools Security
2011-05-18 22:42:12 -------- d-----w- c:\progra~2\PC Tools
2011-05-18 22:25:18 -------- d-----w- c:\users\medoose\appdata\local\Immunet
2011-05-18 22:25:18 -------- d-----w- c:\progra~2\Immunet
2011-05-18 22:25:07 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-05-18 22:25:03 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-05-18 22:24:57 -------- d-----w- c:\program files\Immunet Protect
2011-05-17 02:00:28 -------- d-----w- c:\users\medoose\appdata\roaming\Sunbelt
2011-05-17 01:56:06 -------- d-----w- c:\progra~2\Sunbelt
2011-05-17 01:53:24 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-05-17 01:52:55 -------- d-----w- c:\program files\Sunbelt Software
2011-05-16 16:44:02 -------- d-----w- c:\program files\FileASSASSIN
2011-05-16 13:59:34 388096 ----a-r- c:\users\medoose\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-16 13:59:33 -------- d-----w- c:\program files\Trend Micro
2011-05-16 12:57:42 -------- d-----w- c:\users\medoose\appdata\local\temp
2011-05-16 12:47:15 98816 ----a-w- c:\windows\sed.exe
2011-05-16 12:47:15 89088 ----a-w- c:\windows\MBR.exe
2011-05-16 12:47:15 256512 ----a-w- c:\windows\PEV.exe
2011-05-16 12:47:15 161792 ----a-w- c:\windows\SWREG.exe
2011-05-16 11:56:16 -------- d-----w- c:\users\medoose\appdata\roaming\Malwarebytes
2011-05-16 11:55:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 11:55:57 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-16 11:55:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 01:24:53 -------- d-----w- c:\program files\Blog Comment Poster EXTREME
2011-05-13 09:25:38 -------- d-----w- c:\users\medoose\appdata\roaming\ScrapeBox Link Checker Free Edition
2011-05-12 08:08:42 -------- d-----w- c:\users\medoose\appdata\local\Xenocode
2011-05-11 22:44:22 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f26152a8-88cd-4ff9-807e-83ad05674188}\mpengine.dll
2011-05-09 09:53:07 -------- d-----w- c:\users\medoose\appdata\roaming\Bryxen Software
2011-05-09 09:53:06 -------- d-----w- c:\program files\Article Submitter
2011-05-08 04:19:58 -------- d-----w- c:\program files\Intelore
2011-05-06 08:54:02 -------- d-----w- c:\program files\Intenet Download Manager
2011-05-06 08:44:01 -------- d-----w- c:\program files\Internet Download Manager
2011-05-06 08:38:48 -------- d-----w- c:\users\medoose\appdata\roaming\IDM
2011-05-06 08:06:57 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 08:06:57 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 08:06:57 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 08:06:56 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 08:06:56 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 08:06:55 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 08:06:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-06 08:06:54 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-05 06:40:43 -------- d-----w- c:\program files\AffiliateSupportDesk.com
2011-05-02 18:00:44 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-04-21 17:30:21 86792 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 15:40:05 -------- d-----w- c:\program files\Lame For Audacity
2011-04-09 12:57:22 -------- d-----w- c:\program files\Guitar FX BOX 2.6
2011-04-09 11:55:18 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-03-26 18:34:26 -------- d-----w- c:\program files\Guitar Pro 5
2011-03-15 18:13:13 -------- d-----w- c:\users\medoose\appdata\roaming\Topten Software
2011-03-15 18:13:08 -------- d-----w- c:\program files\Topten Software
2011-03-14 10:15:08 -------- d-----w- c:\program files\Core Temp
2011-03-02 11:29:50 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-03-02 11:29:50 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-03-02 11:29:50 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-03-02 11:29:50 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-03-02 11:29:50 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-03-02 11:27:58 -------- d-----w- c:\program files\3 Mobile Broadband
2011-02-20 05:04:57 -------- d-----w- c:\users\medoose\appdata\local\Unity
2011-02-14 22:07:51 -------- d-----w- c:\program files\oscpmwin
2011-02-06 13:48:24 -------- d-----w- c:\users\medoose\appdata\local\K-Meleon
2011-02-06 13:48:21 -------- d-----w- c:\users\medoose\appdata\roaming\K-Meleon
2011-02-06 13:48:06 -------- d-----w- c:\program files\K-Meleon
2011-02-03 08:47:25 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
2011-02-02 15:20:38 286720 ----a-w- c:\windows\iun506.exe
2011-02-02 15:20:37 -------- d-----w- c:\program files\Mp3 File Editor
2011-02-02 09:47:44 94208 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-02-02 09:47:44 144984 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-02-02 09:47:39 -------- d-----w- c:\users\medoose\appdata\local\Real
2011-02-02 09:47:37 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-02 09:47:36 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-02-02 09:32:18 -------- d-----w- c:\program files\Sonne Screen Video Capture
2011-02-02 03:05:38 1233920 ----a-w- c:\windows\system32\msxml4.dll
2011-02-02 03:05:36 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-02-02 03:05:36 -------- d-----w- c:\program files\common files\SourceTec
2011-02-02 02:17:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-02 02:17:01 413760 ----a-w- c:\windows\system32\MPG4c32.dll
2011-02-02 02:17:01 262144 ----a-w- c:\windows\system32\mpg4ds32.ax
2011-02-02 02:17:01 135168 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-02 02:16:59 -------- d-----w- c:\program files\SourceTec
2011-02-02 01:12:26 -------- d-----w- c:\program files\E.M. Magic Swf2Avi
2011-02-02 01:04:40 5692838 ----a-w- c:\users\medoose\appdata\roaming\swf2video.bin
2011-02-02 00:54:31 606208 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-01 21:15:40 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2011-02-01 20:51:01 -------- d-----w- c:\users\medoose\appdata\roaming\Moyea
2011-02-01 20:49:03 -------- d-----w- c:\program files\Moyea
2011-01-30 12:45:08 -------- d-----w- c:\program files\FDRLab
2011-01-21 06:52:51 -------- d-----w- c:\windows\system32\SDA
2011-01-21 06:52:51 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2011-01-18 06:30:21 -------- d-----w- c:\users\medoose\appdata\local\WMTools Downloaded Files
2011-01-13 19:42:50 -------- d-----w- c:\users\medoose\appdata\local\Yahoo
2011-01-13 19:34:11 -------- d-----w- c:\program files\Yahoo!
2011-01-09 05:24:36 -------- d-----w- c:\users\medoose\appdata\local\Microsoft Games
2011-01-01 12:26:39 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-01 12:26:39 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-01 12:26:39 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-01 12:26:39 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-01 12:26:38 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-01 12:26:37 -------- d-----w- c:\users\medoose\appdata\roaming\Simply Super Software
2011-01-01 12:26:37 -------- d-----w- c:\program files\Trojan Remover
2011-01-01 12:26:37 -------- d-----w- c:\progra~2\Simply Super Software
2011-01-01 11:39:59 -------- d-----w- c:\users\medoose\appdata\roaming\AnvSoft
2011-01-01 11:39:55 -------- d-----w- c:\program files\AnvSoft
2010-12-31 22:58:34 73728 ----a-w- c:\windows\system\vdremote.dll
2010-12-31 22:58:34 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-12-31 22:48:34 -------- d-----w- c:\users\medoose\appdata\roaming\avidemux
2010-12-31 22:28:21 -------- d-----w- c:\program files\DebugMode
2010-12-28 19:52:44 60 ----a-w- c:\windows\system32\SYSWQDRV.SYS
2010-12-28 19:52:00 306688 ----a-w- c:\windows\IsUninst.exe
2010-12-28 19:32:39 -------- d-----w- c:\users\medoose\appdata\roaming\foobar2000
2010-12-28 19:03:55 -------- d-----w- c:\program files\RTEQ
2010-12-28 18:59:25 -------- d-----w- c:\program files\Sheep Friends
2010-12-21 02:19:18 3608448 ----a-w- c:\windows\system32\GameMon.des
2010-12-21 01:16:28 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-12-21 01:16:27 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2010-12-21 01:08:49 -------- d-----w- c:\program files\common files\INCA Shared
2010-12-20 22:20:59 -------- d-----w- C:\YNK
2010-12-17 03:43:29 -------- d-----w- c:\users\medoose\appdata\roaming\GetRightToGo
2010-12-04 16:08:32 -------- d-----w- c:\program files\MP3Gain
.
==================== Find3M ====================
.
2011-05-04 03:26:58 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-02-02 11:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:13:32.74 ===============
:snorkle: Sorry for my bad english :snorkle:
------------------------------------------------------------
Hallo guys, please help me, this "google redirected virus" is very stubborn to remove...
At the first, I got "windows recovery virus" but it had been resolved by using spybot.
After that, I have "google redirected virus", so everytime I open firefox (my default browser), it ALWAYS asks me to set as default browser, and the proxy always changes to 127.0.0.1:59677. Every google search result is often redirected to other site. In Additions, I always find that iexplorer.exe is running in background (when opening task manager).
I did virus scanning repeatly both in normal mode and safe mode, by using spybot, avira, turn to vipre, malwarebites, RKILL, etc. But there's always no threads found..
I also had tried Combofix but it results nothing, I didn't read this before:
http://forums.spybot.info/showthread.php?t=16806, because I found combofix info from other site..
------------------------------------
Here is my DDS log:
------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Medoose at 20:12:03.09 on 01/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.62.1033.18.3038.2041 [GMT 7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Sun\SDK\lib\appservService.exe
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Sun\SDK\jdk\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Medoose\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [CPU temperature and system information utility] c:\program files\core temp\Core Temp.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\users\medoose\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\medoose\appdata\roaming\mozilla\firefox\profiles\tdm5tdp7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59677
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-19 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-19 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-19 656320]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-5-19 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-5-19 31184]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-6-2 38976]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2011-5-17 202928]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\sdk\lib\appservservice.exe "\"c:\sun\sdk\bin\asadmin.bat\" start-domain --user admin domain1" "\"c:\sun\sdk\bin\asadmin.bat\" stop-domain domain1\" --> c:\sun\sdk\lib\appservservice.exe \c:\sun\sdk\bin\asadmin.bat\ [?]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-4-22 86792]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-5-19 756680]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2008-10-28 886056]
R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [2010-6-2 241664]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-3-4 48600]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-2 176128]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-9-12 69168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-2 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-2 112128]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-3-2 103040]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-6-2 9728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pr3gmdm;PROLiNK 3.5G USB Adapter - MODEM;c:\windows\system32\drivers\pr3gmdm.sys [2010-2-25 106880]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-19 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-19 1150936]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1343400]
S3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [2010-10-4 102656]
.
=============== Created Last 30 ================
.
2011-05-19 11:10:14 -------- d-----w- c:\program files\ESET
2011-05-19 10:44:12 1407280 ----a-w- C:\TeDeEsESKiller.exe
2011-05-19 06:20:41 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-18 22:43:12 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-18 22:43:12 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-18 22:43:10 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-18 22:43:10 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-05-18 22:42:57 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-18 22:42:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-18 22:42:35 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-18 22:42:13 -------- d-----w- c:\program files\common files\PC Tools
2011-05-18 22:42:12 -------- d-----w- c:\users\medoose\appdata\roaming\PC Tools
2011-05-18 22:42:12 -------- d-----w- c:\program files\PC Tools Security
2011-05-18 22:42:12 -------- d-----w- c:\progra~2\PC Tools
2011-05-18 22:25:18 -------- d-----w- c:\users\medoose\appdata\local\Immunet
2011-05-18 22:25:18 -------- d-----w- c:\progra~2\Immunet
2011-05-18 22:25:07 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-05-18 22:25:03 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-05-18 22:24:57 -------- d-----w- c:\program files\Immunet Protect
2011-05-17 02:00:28 -------- d-----w- c:\users\medoose\appdata\roaming\Sunbelt
2011-05-17 01:56:06 -------- d-----w- c:\progra~2\Sunbelt
2011-05-17 01:53:24 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-05-17 01:52:55 -------- d-----w- c:\program files\Sunbelt Software
2011-05-16 16:44:02 -------- d-----w- c:\program files\FileASSASSIN
2011-05-16 13:59:34 388096 ----a-r- c:\users\medoose\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-16 13:59:33 -------- d-----w- c:\program files\Trend Micro
2011-05-16 12:57:42 -------- d-----w- c:\users\medoose\appdata\local\temp
2011-05-16 12:47:15 98816 ----a-w- c:\windows\sed.exe
2011-05-16 12:47:15 89088 ----a-w- c:\windows\MBR.exe
2011-05-16 12:47:15 256512 ----a-w- c:\windows\PEV.exe
2011-05-16 12:47:15 161792 ----a-w- c:\windows\SWREG.exe
2011-05-16 11:56:16 -------- d-----w- c:\users\medoose\appdata\roaming\Malwarebytes
2011-05-16 11:55:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 11:55:57 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-16 11:55:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 01:24:53 -------- d-----w- c:\program files\Blog Comment Poster EXTREME
2011-05-13 09:25:38 -------- d-----w- c:\users\medoose\appdata\roaming\ScrapeBox Link Checker Free Edition
2011-05-12 08:08:42 -------- d-----w- c:\users\medoose\appdata\local\Xenocode
2011-05-11 22:44:22 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f26152a8-88cd-4ff9-807e-83ad05674188}\mpengine.dll
2011-05-09 09:53:07 -------- d-----w- c:\users\medoose\appdata\roaming\Bryxen Software
2011-05-09 09:53:06 -------- d-----w- c:\program files\Article Submitter
2011-05-08 04:19:58 -------- d-----w- c:\program files\Intelore
2011-05-06 08:54:02 -------- d-----w- c:\program files\Intenet Download Manager
2011-05-06 08:44:01 -------- d-----w- c:\program files\Internet Download Manager
2011-05-06 08:38:48 -------- d-----w- c:\users\medoose\appdata\roaming\IDM
2011-05-06 08:06:57 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 08:06:57 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 08:06:57 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 08:06:56 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 08:06:56 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 08:06:55 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 08:06:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-06 08:06:54 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-05 06:40:43 -------- d-----w- c:\program files\AffiliateSupportDesk.com
2011-05-02 18:00:44 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-04-21 17:30:21 86792 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 15:40:05 -------- d-----w- c:\program files\Lame For Audacity
2011-04-09 12:57:22 -------- d-----w- c:\program files\Guitar FX BOX 2.6
2011-04-09 11:55:18 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-03-26 18:34:26 -------- d-----w- c:\program files\Guitar Pro 5
2011-03-15 18:13:13 -------- d-----w- c:\users\medoose\appdata\roaming\Topten Software
2011-03-15 18:13:08 -------- d-----w- c:\program files\Topten Software
2011-03-14 10:15:08 -------- d-----w- c:\program files\Core Temp
2011-03-02 11:29:50 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-03-02 11:29:50 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-03-02 11:29:50 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-03-02 11:29:50 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-03-02 11:29:50 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-03-02 11:27:58 -------- d-----w- c:\program files\3 Mobile Broadband
2011-02-20 05:04:57 -------- d-----w- c:\users\medoose\appdata\local\Unity
2011-02-14 22:07:51 -------- d-----w- c:\program files\oscpmwin
2011-02-06 13:48:24 -------- d-----w- c:\users\medoose\appdata\local\K-Meleon
2011-02-06 13:48:21 -------- d-----w- c:\users\medoose\appdata\roaming\K-Meleon
2011-02-06 13:48:06 -------- d-----w- c:\program files\K-Meleon
2011-02-03 08:47:25 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
2011-02-02 15:20:38 286720 ----a-w- c:\windows\iun506.exe
2011-02-02 15:20:37 -------- d-----w- c:\program files\Mp3 File Editor
2011-02-02 09:47:44 94208 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-02-02 09:47:44 144984 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-02-02 09:47:39 -------- d-----w- c:\users\medoose\appdata\local\Real
2011-02-02 09:47:37 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-02 09:47:36 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-02-02 09:32:18 -------- d-----w- c:\program files\Sonne Screen Video Capture
2011-02-02 03:05:38 1233920 ----a-w- c:\windows\system32\msxml4.dll
2011-02-02 03:05:36 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-02-02 03:05:36 -------- d-----w- c:\program files\common files\SourceTec
2011-02-02 02:17:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-02 02:17:01 413760 ----a-w- c:\windows\system32\MPG4c32.dll
2011-02-02 02:17:01 262144 ----a-w- c:\windows\system32\mpg4ds32.ax
2011-02-02 02:17:01 135168 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-02 02:16:59 -------- d-----w- c:\program files\SourceTec
2011-02-02 01:12:26 -------- d-----w- c:\program files\E.M. Magic Swf2Avi
2011-02-02 01:04:40 5692838 ----a-w- c:\users\medoose\appdata\roaming\swf2video.bin
2011-02-02 00:54:31 606208 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-01 21:15:40 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2011-02-01 20:51:01 -------- d-----w- c:\users\medoose\appdata\roaming\Moyea
2011-02-01 20:49:03 -------- d-----w- c:\program files\Moyea
2011-01-30 12:45:08 -------- d-----w- c:\program files\FDRLab
2011-01-21 06:52:51 -------- d-----w- c:\windows\system32\SDA
2011-01-21 06:52:51 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2011-01-18 06:30:21 -------- d-----w- c:\users\medoose\appdata\local\WMTools Downloaded Files
2011-01-13 19:42:50 -------- d-----w- c:\users\medoose\appdata\local\Yahoo
2011-01-13 19:34:11 -------- d-----w- c:\program files\Yahoo!
2011-01-09 05:24:36 -------- d-----w- c:\users\medoose\appdata\local\Microsoft Games
2011-01-01 12:26:39 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-01 12:26:39 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-01 12:26:39 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-01 12:26:39 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-01 12:26:38 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-01 12:26:37 -------- d-----w- c:\users\medoose\appdata\roaming\Simply Super Software
2011-01-01 12:26:37 -------- d-----w- c:\program files\Trojan Remover
2011-01-01 12:26:37 -------- d-----w- c:\progra~2\Simply Super Software
2011-01-01 11:39:59 -------- d-----w- c:\users\medoose\appdata\roaming\AnvSoft
2011-01-01 11:39:55 -------- d-----w- c:\program files\AnvSoft
2010-12-31 22:58:34 73728 ----a-w- c:\windows\system\vdremote.dll
2010-12-31 22:58:34 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-12-31 22:48:34 -------- d-----w- c:\users\medoose\appdata\roaming\avidemux
2010-12-31 22:28:21 -------- d-----w- c:\program files\DebugMode
2010-12-28 19:52:44 60 ----a-w- c:\windows\system32\SYSWQDRV.SYS
2010-12-28 19:52:00 306688 ----a-w- c:\windows\IsUninst.exe
2010-12-28 19:32:39 -------- d-----w- c:\users\medoose\appdata\roaming\foobar2000
2010-12-28 19:03:55 -------- d-----w- c:\program files\RTEQ
2010-12-28 18:59:25 -------- d-----w- c:\program files\Sheep Friends
2010-12-21 02:19:18 3608448 ----a-w- c:\windows\system32\GameMon.des
2010-12-21 01:16:28 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-12-21 01:16:27 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2010-12-21 01:08:49 -------- d-----w- c:\program files\common files\INCA Shared
2010-12-20 22:20:59 -------- d-----w- C:\YNK
2010-12-17 03:43:29 -------- d-----w- c:\users\medoose\appdata\roaming\GetRightToGo
2010-12-04 16:08:32 -------- d-----w- c:\program files\MP3Gain
.
==================== Find3M ====================
.
2011-05-04 03:26:58 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-02-02 11:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:13:32.74 ===============
:snorkle: Sorry for my bad english :snorkle: