Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus again


  • This topic is locked This topic is locked
43 replies to this topic

#1 salomea07

salomea07

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 28 September 2011 - 10:24 AM

Hi,
I have a google redirect virus as many others do. Any link I find through google search is redirected to some suspicious websites.
Other problems I experience now are: 1. Suddenly a window asking to save or open some HTML doc from ieframe.dll pops up;
2. Every minute I get a message that Windows Update has stopped working;
3. My AVG antivirus seems to have problem and then I decided to try to install other antiviruses(such as Kaspersky). It deleted my previous AVG, but it just doesn't allow me to install a new antivirus.

I tried to get help from your other posts, but I don't know what to do next. Could you help me please?
I ran DeFogger and then downloaded DSS and this was the log file from DSS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_25
Run by Salome at 11:01:33 on 2011-09-28
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1918.442 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\2023982255:1350261895.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\java.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Salome\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Salome\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Salome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Salome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Salome\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\vsjitdebugger.exe
C:\Windows\system32\vsjitdebugger.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.uzzf.com/baidu.html
mCustomizeSearch = hxxp://www.uzzf.com/baidu.html
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
mURLSearchHooks: TvaliTV Toolbar: {eb464721-c571-4123-ae62-d0576af38750} - c:\program files\tvalitv\tbTval.dll
mURLSearchHooks: H - No File
uWinlogon: Shell=c:\users\salome\appdata\roaming\ngjax.exe,explorer.exe,c:\users\salome\appdata\roaming\gnja.exe
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TvaliTV Toolbar: {eb464721-c571-4123-ae62-d0576af38750} - c:\program files\tvalitv\tbTval.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: TvaliTV Toolbar: {eb464721-c571-4123-ae62-d0576af38750} - c:\program files\tvalitv\tbTval.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Google Update] "c:\users\salome\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [<NO NAME>]
mRun: [ReimageFTP] c:\program files\reimage\reimage repair\ReiFTPWatchDog.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [avp6_post_install] msiexec.exe /i"c:\users\salome\appdata\local\temp\nsvab3f.tmp\kavkis.msi" SKIPALIENUNINSTALL=1 REINSTALL="ALL" REINSTALLMODE="voums" MSICLIENTUSESEXTERNALUI="1"
mRunOnce: [GrpConv] grpconv -o
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\users\salome\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\salome\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000343&p=ZKman000&si=&a=QvhMaslCtlow2LeTt9m5VQ&n=2010032714
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{094F8B87-4371-4D04-8661-18863E25901E} : NameServer = 128.91.254.1,128.91.254.4
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\salome\appdata\roaming\mozilla\firefox\profiles\bmz3d6d8.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: c:\users\salome\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\salome\appdata\roaming\mozilla\firefox\profiles\bmz3d6d8.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: My Web Search: m3ffxtbr@mywebsearch.com - c:\program files\mywebsearch\bar\1.bin
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
.
============= SERVICES / DRIVERS ===============
.
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2008-7-24 25896]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-3-19 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-7-24 290304]
.
=============== Created Last 30 ================
.
2011-09-28 14:53:56 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{16aedd86-1956-4f32-a2fd-98439be7546c}\offreg.dll
2011-09-28 11:53:37 0 ---ha-w- c:\users\salome\appdata\local\BITC4F5.tmp
2011-09-28 11:53:36 0 ---ha-w- c:\users\salome\appdata\local\BITC13C.tmp
2011-09-27 18:23:36 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{16aedd86-1956-4f32-a2fd-98439be7546c}\mpengine.dll
2011-09-21 02:00:01 -------- d-----w- c:\program files\Scientific Notebook
.
==================== Find3M ====================
.
2008-12-27 09:45:16 245760 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2008-03-27 22:02:36 3032064 ----a-w- c:\program files\setup-2.7.2960.exe
.
============= FINISH: 11:08:27.70 ===============

Thank you so much!

BC AdBot (Login to Remove)

 


#2 salomea07

salomea07
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 28 September 2011 - 10:40 AM

I also ran GMER as directed in your posts. I have a problem there. I extracted exe file to the desktop and when I first open it, it shows me the program window for few seconds and then closes. Next time when I try to open the file, it doesn't allow saying "Windows cannot access specified device, path or file. You may not have the appropriate permissions to access this file" (I run it as an administrator).

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 29 September 2011 - 03:45 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Please download DummyCreator.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    C:\Windows\2023982255
  • Press Create button and post the content of the Result.txt.

    Important: Restart the computer.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 salomea07

salomea07
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 September 2011 - 08:45 PM

Hi Gringo,
First of all, thanks a lot for your time and effort!

As of my problems, I followed your directions and a comforting message I got from combofix was: "You are infected with Rootkit. Zero Access! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection." Below is the log from combofix.
After that I don't get a google redirect so far. But there're still other issues:
- I can't open google chrome. It says "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". This problem started yesterday.
- Message from malware bytes pops up: "[open event] Failed to perform desired action. Error code 2."
- I had problems when connecting to the internet. Diagnose was that it couldn't communicate with primary DNS. (I'm not sure whether this issue is related to my current virus- I usually have problems connecting and after one or two restarts it resolves..)


ComboFix 11-09-29.06 - Salome 29/09/2011 19:18:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1918.1162 [GMT -4:00]
Running from: C:\Users\Salome\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTactl.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCrctr.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSg.dll
C:\Program Files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
C:\Program Files\MyWebSearch\bar\1.bin\M3PATCH.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00090F8A
C:\Program Files\MyWebSearch\bar\Cache\000917D3
C:\Program Files\MyWebSearch\bar\Cache\0009229D.bin
C:\Program Files\MyWebSearch\bar\Cache\00092683.bin
C:\Program Files\MyWebSearch\bar\Cache\00092AD7.bin
C:\Program Files\MyWebSearch\bar\Cache\00092E5F.bin
C:\Program Files\MyWebSearch\bar\Cache\000936C8.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\setup-2.7.2960.exe
C:\ProgramData\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
C:\ProgramData\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
C:\ProgramData\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
C:\ProgramData\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
C:\ProgramData\Microsoft\corecon\1.0\SDKFilesVer.dll
C:\Windows\$NtUninstallKB62211$\2944705400\@
C:\Windows\$NtUninstallKB62211$\2944705400\click.tlb
C:\Windows\$NtUninstallKB62211$\2944705400\L\qnbwvoto
C:\Windows\$NtUninstallKB62211$\2944705400\loader.tlb
C:\Windows\$NtUninstallKB62211$\2944705400\U\@00000001
C:\Windows\$NtUninstallKB62211$\2944705400\U\@000000c0
C:\Windows\$NtUninstallKB62211$\2944705400\U\@000000cb
C:\Windows\$NtUninstallKB62211$\2944705400\U\@000000cf
C:\Windows\$NtUninstallKB62211$\2944705400\U\@80000000
C:\Windows\$NtUninstallKB62211$\2944705400\U\@800000c0
C:\Windows\$NtUninstallKB62211$\2944705400\U\@800000cb
C:\Windows\$NtUninstallKB62211$\2944705400\U\@800000cf
C:\Windows\$NtUninstallKB62211$\3789632859
C:\Windows\2023982255
C:\Windows\Fonts\GeoNT.EXE
C:\Windows\system32\
C:\Windows\system32\CddbCdda.dll
C:\Windows\system32\drivers\
C:\Windows\system32\html
C:\Windows\system32\html\calendar.html
C:\Windows\system32\html\calendarbottom.html
C:\Windows\system32\html\calendartop.html
C:\Windows\system32\html\crystalexportdialog.htm
C:\Windows\system32\html\crystalprinthost.html
C:\Windows\system32\images
C:\Windows\system32\images\toolbar\calendar.gif
C:\Windows\system32\images\toolbar\crlogo.gif
C:\Windows\system32\images\toolbar\export.gif
C:\Windows\system32\images\toolbar\export_over.gif
C:\Windows\system32\images\toolbar\exportd.gif
C:\Windows\system32\images\toolbar\First.gif
C:\Windows\system32\images\toolbar\first_over.gif
C:\Windows\system32\images\toolbar\Firstd.gif
C:\Windows\system32\images\toolbar\gotopage.gif
C:\Windows\system32\images\toolbar\gotopage_over.gif
C:\Windows\system32\images\toolbar\gotopaged.gif
C:\Windows\system32\images\toolbar\grouptree.gif
C:\Windows\system32\images\toolbar\grouptree_over.gif
C:\Windows\system32\images\toolbar\grouptreed.gif
C:\Windows\system32\images\toolbar\grouptreepressed.gif
C:\Windows\system32\images\toolbar\Last.gif
C:\Windows\system32\images\toolbar\last_over.gif
C:\Windows\system32\images\toolbar\Lastd.gif
C:\Windows\system32\images\toolbar\Next.gif
C:\Windows\system32\images\toolbar\next_over.gif
C:\Windows\system32\images\toolbar\Nextd.gif
C:\Windows\system32\images\toolbar\Prev.gif
C:\Windows\system32\images\toolbar\prev_over.gif
C:\Windows\system32\images\toolbar\Prevd.gif
C:\Windows\system32\images\toolbar\print.gif
C:\Windows\system32\images\toolbar\print_over.gif
C:\Windows\system32\images\toolbar\printd.gif
C:\Windows\system32\images\toolbar\Refresh.gif
C:\Windows\system32\images\toolbar\refresh_over.gif
C:\Windows\system32\images\toolbar\refreshd.gif
C:\Windows\system32\images\toolbar\Search.gif
C:\Windows\system32\images\toolbar\search_over.gif
C:\Windows\system32\images\toolbar\searchd.gif
C:\Windows\system32\images\toolbar\up.gif
C:\Windows\system32\images\toolbar\up_over.gif
C:\Windows\system32\images\toolbar\upd.gif
C:\Windows\system32\images\tree\begindots.gif
C:\Windows\system32\images\tree\beginminus.gif
C:\Windows\system32\images\tree\beginplus.gif
C:\Windows\system32\images\tree\blank.gif
C:\Windows\system32\images\tree\blankdots.gif
C:\Windows\system32\images\tree\dots.gif
C:\Windows\system32\images\tree\lastdots.gif
C:\Windows\system32\images\tree\lastminus.gif
C:\Windows\system32\images\tree\lastplus.gif
C:\Windows\system32\images\tree\Magnify.gif
C:\Windows\system32\images\tree\minus.gif
C:\Windows\system32\images\tree\minusbox.gif
C:\Windows\system32\images\tree\plus.gif
C:\Windows\system32\images\tree\plusbox.gif
C:\Windows\system32\images\tree\singleminus.gif
C:\Windows\system32\images\tree\singleplus.gif
C:\Windows\$NtUninstallKB62211$ . . . . Failed to delete

Infected copy of C:\Windows\System32\wuauclt.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe

Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected
Restored copy from - C:\Windows\System32\DriverStore\FileRepository\cl_59239.inf_369fbec6\B_52100\Ati2evxx.exe

C:\Program Files\Bonjour\mDNSResponder.exe . . . is infected!!
C:\Program Files\Bonjour\mDNSResponder.exe . . . was deleted!! You should re-install the program it pertains to

Infected copy of C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_1fd1ab49e8ca6ebb\mscorsvw.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe . . . is infected!!
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe . . . was deleted!! You should re-install the program it pertains to

Infected copy of C:\Program Files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Program Files!Google!Update!GoogleUpdate.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe . . . is infected!!
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe . . . was deleted!! You should re-install the program it pertains to

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe . . . is infected!!
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe . . . was deleted!! You should re-install the program it pertains to

Infected copy of C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Program Files!Nitro PDF!Reader!NitroPDFReaderDriverService.exe

Infected copy of C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Program Files!Common Files!Pure Networks Shared!Platform!nmsrvc.exe

C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe . . . is infected!!
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe . . . was deleted!! You should re-install the program it pertains to

Infected copy of C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Program Files!Comcast!Desktop Doctor!bin!sprtsvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe . . . is infected!!
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe . . . was deleted!! You should re-install the program it pertains to

Infected copy of C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Program Files!Toshiba!TOSHIBA DVD PLAYER!TNaviSrv.exe

Infected copy of C:\Windows\system32\TODDSrv.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Windows!System32!TODDSrv.exe

Infected copy of C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Program Files!TomTom HOME 2!TomTomHOMEService.exe

Infected copy of C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Program Files!Toshiba!Power Saver!TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe . . . is infected!!
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe . . . was deleted!! You should re-install the program it pertains to

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe . . . is infected!!
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe . . . was deleted!! You should re-install the program it pertains to

Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected
Restored copy from - C:\Windows\System32\DriverStore\FileRepository\te1herzm.inf_04a45d02\XAudio.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_af84a378
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))


2011-09-30 00:18:31 . 2011-09-30 00:18:31 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16AEDD86-1956-4F32-A2FD-98439BE7546C}\offreg.dll
2011-09-30 00:15:26 . 2011-09-30 00:20:57 -------- d-----w- C:\Users\Salome\AppData\Local\temp
2011-09-30 00:15:26 . 2011-09-30 00:15:26 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-09-30 00:12:17 . 2007-11-21 17:23:32 129632 ----a-w- C:\Windows\system32\TODDSrv.exe
2011-09-29 17:38:21 . 2011-09-29 17:38:23 -------- d-----w- C:\Program Files\CCleaner
2011-09-29 15:19:27 . 2011-09-29 15:19:27 41272 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-09-29 15:19:19 . 2011-09-29 15:19:19 -------- d-----w- C:\Users\Salome\AppData\Roaming\Malwarebytes
2011-09-29 15:19:05 . 2011-09-29 15:19:05 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-29 15:19:01 . 2011-09-30 00:06:48 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-09-29 15:19:01 . 2011-08-31 21:00:50 22216 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-09-28 11:53:37 . 2011-09-28 11:53:37 0 ---ha-w- C:\Users\Salome\AppData\Local\BITC4F5.tmp
2011-09-28 11:53:36 . 2011-09-28 11:53:36 0 ---ha-w- C:\Users\Salome\AppData\Local\BITC13C.tmp
2011-09-27 18:23:36 . 2011-09-21 13:00:24 7269712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16AEDD86-1956-4F32-A2FD-98439BE7546C}\mpengine.dll
2011-09-21 02:00:01 . 2011-09-24 22:31:11 -------- d-----w- C:\Program Files\Scientific Notebook
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-12-27 09:45:16 . 2010-09-24 22:47:27 245760 ----a-w- C:\Program Files\Uninstall Ask Toolbar.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eb464721-c571-4123-ae62-d0576af38750}]
2009-12-31 16:53:56 2349080 ----a-w- C:\Program Files\TvaliTV\tbTval.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 14:18:02 2215960 ----a-w- C:\Program Files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_P.dll" [2009-07-02 14:18:02 2215960]
"{eb464721-c571-4123-ae62-d0576af38750}"= "C:\Program Files\TvaliTV\tbTval.dll" [2009-12-31 16:53:56 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{eb464721-c571-4123-ae62-d0576af38750}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "C:\Program Files\BS_Player\tbBS_P.dll" [2009-07-02 14:18:02 2215960]
"{EB464721-C571-4123-AE62-D0576AF38750}"= "C:\Program Files\TvaliTV\tbTval.dll" [2009-12-31 16:53:56 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{eb464721-c571-4123-ae62-d0576af38750}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36:00 94208 ----a-w- C:\Users\Salome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36:00 94208 ----a-w- C:\Users\Salome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36:00 94208 ----a-w- C:\Users\Salome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 23:24:13 39408]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 09:38:16 247144]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-09-12 16:35:24 17351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ReimageFTP"="C:\Program Files\Reimage\Reimage Repair\ReiFTPWatchDog.exe" [2010-02-07 11:41:00 447776]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-04-27 19:15:38 273544]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 17:12:22 253672]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 21:00:48 449608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 11:58:06 1744896]

C:\Users\Salome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Salome\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=C:\Windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 13:25:26 712704 ----a-w- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16:38 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-02-22 11:30:46 217544 ----a-w- C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-25 16:41:18 413696 ----a-w- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25:22 202560 ----a-w- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 10:51:10 1507328 ----a-w- C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57:42 1025320 ----a-w- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39:18 1164584 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25:11 125952 ----a-w- C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-19 09:11:00 1836544 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-29 20:42:11 133104 ----atw- C:\Users\Salome\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 20:50:04 54576 ----a-w- C:\Program Files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-10-31 22:01:12 54608 ----a-w- C:\Program Files\Toshiba\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40:44 155648 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-12-12 23:06:40 642856 ----a-w- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 09:20:52 227328 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18:30 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureW2 Tray]
2010-07-21 20:25:00 188808 ----a-w- C:\Program Files\SecureW2\sw2_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23:29 1233920 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-01-25 12:33:50 509816 ----a-w- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35:24 90112 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-04 23:24:13 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-11-29 16:58:52 1029416 ----a-w- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-08-15 21:01:28 185896 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 09:24:10 581632 ----a-w- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-05-04 10:05:08 571024 ----a-w- C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 15:27:52 431456 ----a-w- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23:32 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-03-30 04:42:14 66368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2008-01-21 02:23:43 21504]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDART.sys [2008-02-01 10:46:08 187904]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2011-09-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3711723488-318563988-2476611525-1000Core.job
- C:\Users\Salome\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 20:42:20 . 2009-09-29 20:42:11]

2011-09-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3711723488-318563988-2476611525-1000UA.job
- C:\Users\Salome\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 20:42:20 . 2009-09-29 20:42:11]

2011-09-29 C:\Windows\Tasks\User_Feed_Synchronization-{966AFAD0-E32A-4E48-8004-8FE94C871697}.job
- C:\Windows\system32\msfeedssync.exe [2011-02-10 00:17:51 . 2010-12-18 04:47:42]


------- Supplementary Scan -------

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: Interfaces\{094F8B87-4371-4D04-8661-18863E25901E}: NameServer = 128.91.254.1,128.91.254.4
FF - ProfilePath - C:\Users\Salome\AppData\Roaming\Mozilla\Firefox\Profiles\bmz3d6d8.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ITSecMng - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
AddRemove-blinkx beat - C:\Program Files\Blinkx\templates\uninstall.exe

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 29 September 2011 - 09:14 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 salomea07

salomea07
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 September 2011 - 10:15 PM

Hi,

-I don't know if it's important, but when running Combofix "Windows explorer is not responding" box popped up.
-Google Chrome doesn't open again.
So far, I haven't noticed anything more..

Here is a log:

ComboFix 11-09-29.06 - Salome 29/09/2011 22:37:05.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1918.1047 [GMT -4:00]
Running from: c:\users\Salome\Downloads\ComboFix.exe
Command switches used :: c:\users\Salome\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 03:01 . 2011-09-30 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-30 01:02 . 2011-09-30 01:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16AEDD86-1956-4F32-A2FD-98439BE7546C}\offreg.dll
2011-09-30 00:31 . 2011-09-30 03:01 -------- d-----w- c:\users\Salome\AppData\Local\temp
2011-09-30 00:12 . 2007-11-21 17:23 129632 ----a-w- c:\windows\system32\TODDSrv.exe
2011-09-29 17:38 . 2011-09-29 17:38 -------- d-----w- c:\program files\CCleaner
2011-09-29 15:19 . 2011-09-29 15:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 15:19 . 2011-09-29 15:19 -------- d-----w- c:\users\Salome\AppData\Roaming\Malwarebytes
2011-09-29 15:19 . 2011-09-29 15:19 -------- d-----w- c:\programdata\Malwarebytes
2011-09-29 15:19 . 2011-09-30 00:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-29 15:19 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 11:53 . 2011-09-28 11:53 0 ---ha-w- c:\users\Salome\AppData\Local\BITC4F5.tmp
2011-09-28 11:53 . 2011-09-28 11:53 0 ---ha-w- c:\users\Salome\AppData\Local\BITC13C.tmp
2011-09-27 18:23 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16AEDD86-1956-4F32-A2FD-98439BE7546C}\mpengine.dll
2011-09-21 02:00 . 2011-09-24 22:31 -------- d-----w- c:\program files\Scientific Notebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 09:45 . 2010-09-24 22:47 245760 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eb464721-c571-4123-ae62-d0576af38750}]
2009-12-31 16:53 2349080 ----a-w- c:\program files\TvaliTV\tbTval.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 14:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
"{eb464721-c571-4123-ae62-d0576af38750}"= "c:\program files\TvaliTV\tbTval.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{eb464721-c571-4123-ae62-d0576af38750}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
"{EB464721-C571-4123-AE62-D0576AF38750}"= "c:\program files\TvaliTV\tbTval.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{eb464721-c571-4123-ae62-d0576af38750}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Salome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Salome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Salome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ReimageFTP"="c:\program files\Reimage\Reimage Repair\ReiFTPWatchDog.exe" [2010-02-07 447776]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-04-27 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\users\Salome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Salome\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 13:25 712704 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-02-22 11:30 217544 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-25 16:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 10:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-19 09:11 1836544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-29 20:42 133104 ----atw- c:\users\Salome\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 20:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-10-31 22:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-12-12 23:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 09:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureW2 Tray]
2010-07-21 20:25 188808 ----a-w- c:\program files\SecureW2\sw2_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-01-25 12:33 509816 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-04 23:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-11-29 16:58 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-08-15 21:01 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 09:24 581632 ----a-w- c:\program files\Toshiba\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-05-04 10:05 571024 ----a-w- c:\program files\Toshiba\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 15:27 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-03-30 66368]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3711723488-318563988-2476611525-1000Core.job
- c:\users\Salome\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 20:42]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3711723488-318563988-2476611525-1000UA.job
- c:\users\Salome\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 20:42]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{966AFAD0-E32A-4E48-8004-8FE94C871697}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.117.100.1
FF - ProfilePath - c:\users\Salome\AppData\Roaming\Mozilla\Firefox\Profiles\bmz3d6d8.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 23:01
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3972)
c:\users\Salome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-09-29 23:07:30
ComboFix-quarantined-files.txt 2011-09-30 03:07
ComboFix2.txt 2011-09-30 00:31
.
Pre-Run: 26,525,409,280 bytes free
Post-Run: 26,388,500,480 bytes free
.
- - End Of File - - 75B1CE3221CEAE8A3A9EFB1CEFC1A1C8

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 29 September 2011 - 10:18 PM

Hello

Please do the following:

Step One
Please download Junction.zip and save it to your desktop.
Unzip it and extract junction.exe to your C:\ drive.

Step Two
Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 salomea07

salomea07
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 September 2011 - 10:27 PM

hm... I'm stuck on the first step: I can't unzip it to C: drive
! C:\Users\Salome\Desktop\Junction.zip: Cannot create junction.exe
! Access is denied.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 30 September 2011 - 12:17 AM

Hello


try moving the zip file to the c drive and unzip it from there


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 salomea07

salomea07
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 30 September 2011 - 09:54 AM

Hi Gringo,

So, I unzipped this file on C:\ and followed other steps, but when running junc.bat it says access denied in black window and "Windows can not find log.txt. Make sure you typed name correctly and then try again". I don't understand what's wrong..

#11 salomea07

salomea07
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 02 October 2011 - 03:16 PM

Hi Gringo,

I'm sorry, but I still have some problems and if you could help me to resolve them, I would really appreciate..
-I can't install any antivirus. I tried different ones and either they don't perform installation or get installed and uninstalled right away.
-I get also some error reports from malwarebytes.
-Windows can't install updates.
-Also, my chrome doesn't open- it says windows cannot access it, problems with permission..
-and as before, I can't give you logs from junc.bat

Thank you again!

Salome

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 03 October 2011 - 12:29 PM

Hello

Sorry for the delay

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 salomea07

salomea07
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 03 October 2011 - 12:49 PM

Hi Gringo,

Thanks! I did the scan and this is the log:





13:46:12.0771 0260 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
13:46:13.0020 0260 ============================================================
13:46:13.0021 0260 Current date / time: 2011/10/03 13:46:13.0020
13:46:13.0021 0260 SystemInfo:
13:46:13.0021 0260
13:46:13.0021 0260 OS Version: 6.0.6001 ServicePack: 1.0
13:46:13.0021 0260 Product type: Workstation
13:46:13.0021 0260 ComputerName: SALOME-PC
13:46:13.0022 0260 UserName: Salome
13:46:13.0022 0260 Windows directory: C:\Windows
13:46:13.0022 0260 System windows directory: C:\Windows
13:46:13.0022 0260 Processor architecture: Intel x86
13:46:13.0022 0260 Number of processors: 2
13:46:13.0022 0260 Page size: 0x1000
13:46:13.0022 0260 Boot type: Normal boot
13:46:13.0022 0260 ============================================================
13:46:14.0598 0260 Initialize success
13:46:18.0398 1444 ============================================================
13:46:18.0398 1444 Scan started
13:46:18.0398 1444 Mode: Manual;
13:46:18.0398 1444 ============================================================
13:46:20.0188 1444 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
13:46:20.0197 1444 ACPI - ok
13:46:20.0267 1444 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:46:20.0281 1444 adp94xx - ok
13:46:20.0440 1444 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:46:20.0451 1444 adpahci - ok
13:46:20.0614 1444 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:46:20.0619 1444 adpu160m - ok
13:46:20.0655 1444 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:46:20.0661 1444 adpu320 - ok
13:46:20.0882 1444 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
13:46:20.0893 1444 AFD - ok
13:46:21.0082 1444 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:46:21.0087 1444 agp440 - ok
13:46:21.0137 1444 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:46:21.0142 1444 aic78xx - ok
13:46:21.0332 1444 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:46:21.0334 1444 aliide - ok
13:46:21.0389 1444 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:46:21.0393 1444 amdagp - ok
13:46:21.0426 1444 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:46:21.0429 1444 amdide - ok
13:46:21.0466 1444 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:46:21.0469 1444 AmdK7 - ok
13:46:21.0641 1444 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
13:46:21.0643 1444 AmdK8 - ok
13:46:21.0914 1444 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:46:21.0956 1444 arc - ok
13:46:22.0084 1444 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:46:22.0088 1444 arcsas - ok
13:46:22.0257 1444 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:46:22.0259 1444 AsyncMac - ok
13:46:22.0298 1444 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
13:46:22.0299 1444 atapi - ok
13:46:22.0614 1444 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
13:46:22.0722 1444 atikmdag - ok
13:46:22.0907 1444 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:46:22.0909 1444 AtiPcie - ok
13:46:22.0983 1444 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:46:22.0985 1444 Beep - ok
13:46:23.0181 1444 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:46:23.0183 1444 blbdrive - ok
13:46:23.0239 1444 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
13:46:23.0243 1444 bowser - ok
13:46:23.0407 1444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:46:23.0411 1444 BrFiltLo - ok
13:46:23.0439 1444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:46:23.0442 1444 BrFiltUp - ok
13:46:23.0488 1444 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:46:23.0492 1444 Brserid - ok
13:46:23.0526 1444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:46:23.0530 1444 BrSerWdm - ok
13:46:23.0686 1444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:46:23.0688 1444 BrUsbMdm - ok
13:46:23.0719 1444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:46:23.0722 1444 BrUsbSer - ok
13:46:23.0764 1444 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:46:23.0768 1444 BTHMODEM - ok
13:46:23.0895 1444 catchme - ok
13:46:24.0051 1444 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:46:24.0055 1444 cdfs - ok
13:46:24.0109 1444 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
13:46:24.0113 1444 cdrom - ok
13:46:24.0157 1444 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:46:24.0161 1444 circlass - ok
13:46:24.0311 1444 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
13:46:24.0320 1444 CLFS - ok
13:46:24.0440 1444 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:46:24.0443 1444 CmBatt - ok
13:46:24.0581 1444 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:46:24.0584 1444 cmdide - ok
13:46:24.0645 1444 CnxtHdAudAddService (76ffd950394c45196d09239edc9b006b) C:\Windows\system32\drivers\CHDART.sys
13:46:24.0652 1444 CnxtHdAudAddService - ok
13:46:24.0693 1444 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:46:24.0696 1444 Compbatt - ok
13:46:24.0806 1444 cpuz132 - ok
13:46:24.0974 1444 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:46:24.0977 1444 crcdisk - ok
13:46:25.0008 1444 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:46:25.0012 1444 Crusoe - ok
13:46:25.0078 1444 DfsC (b4999ecbd61b4f83e8acb57fc58f64b1) C:\Windows\system32\Drivers\dfsc.sys
13:46:25.0084 1444 DfsC ( Rootkit.Win32.ZAccess.h ) - infected
13:46:25.0084 1444 DfsC - detected Rootkit.Win32.ZAccess.h (0)
13:46:25.0269 1444 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
13:46:25.0272 1444 disk - ok
13:46:25.0378 1444 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:46:25.0385 1444 Dot4 - ok
13:46:25.0551 1444 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:46:25.0553 1444 Dot4Print - ok
13:46:25.0611 1444 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:46:25.0614 1444 dot4usb - ok
13:46:25.0805 1444 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:46:25.0807 1444 drmkaud - ok
13:46:25.0890 1444 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
13:46:25.0913 1444 DXGKrnl - ok
13:46:26.0078 1444 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:46:26.0084 1444 E1G60 - ok
13:46:26.0141 1444 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
13:46:26.0148 1444 Ecache - ok
13:46:26.0443 1444 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:46:26.0459 1444 elxstor - ok
13:46:26.0733 1444 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:46:26.0736 1444 ErrDev - ok
13:46:26.0966 1444 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
13:46:26.0972 1444 exfat - ok
13:46:27.0005 1444 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
13:46:27.0011 1444 fastfat - ok
13:46:27.0064 1444 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:46:27.0067 1444 fdc - ok
13:46:27.0252 1444 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:46:27.0256 1444 FileInfo - ok
13:46:27.0293 1444 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:46:27.0295 1444 Filetrace - ok
13:46:27.0343 1444 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:46:27.0345 1444 flpydisk - ok
13:46:27.0539 1444 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
13:46:27.0545 1444 FltMgr - ok
13:46:27.0587 1444 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:46:27.0589 1444 Fs_Rec - ok
13:46:27.0621 1444 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:46:27.0625 1444 gagp30kx - ok
13:46:27.0869 1444 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:46:27.0878 1444 HdAudAddService - ok
13:46:27.0905 1444 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:46:27.0908 1444 HDAudBus - ok
13:46:28.0068 1444 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:46:28.0071 1444 HidBth - ok
13:46:28.0101 1444 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:46:28.0103 1444 HidIr - ok
13:46:28.0169 1444 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
13:46:28.0172 1444 HidUsb - ok
13:46:28.0358 1444 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:46:28.0361 1444 HpCISSs - ok
13:46:28.0472 1444 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:46:28.0501 1444 HSF_DPV - ok
13:46:28.0673 1444 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:46:28.0681 1444 HSXHWAZL - ok
13:46:28.0750 1444 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
13:46:28.0764 1444 HTTP - ok
13:46:28.0924 1444 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:46:28.0927 1444 i2omp - ok
13:46:28.0993 1444 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:46:28.0997 1444 i8042prt - ok
13:46:29.0171 1444 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:46:29.0182 1444 iaStorV - ok
13:46:29.0247 1444 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:46:29.0250 1444 iirsp - ok
13:46:29.0295 1444 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:46:29.0298 1444 intelide - ok
13:46:29.0489 1444 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:46:29.0492 1444 intelppm - ok
13:46:29.0558 1444 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:46:29.0561 1444 IpFilterDriver - ok
13:46:29.0587 1444 IpInIp - ok
13:46:29.0624 1444 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:46:29.0629 1444 IPMIDRV - ok
13:46:29.0800 1444 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:46:29.0805 1444 IPNAT - ok
13:46:29.0835 1444 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:46:29.0839 1444 IRENUM - ok
13:46:29.0870 1444 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:46:29.0874 1444 isapnp - ok
13:46:29.0913 1444 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
13:46:29.0919 1444 iScsiPrt - ok
13:46:30.0083 1444 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:46:30.0086 1444 iteatapi - ok
13:46:30.0134 1444 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:46:30.0137 1444 iteraid - ok
13:46:30.0165 1444 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:46:30.0169 1444 kbdclass - ok
13:46:30.0328 1444 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
13:46:30.0330 1444 kbdhid - ok
13:46:30.0399 1444 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
13:46:30.0415 1444 KSecDD - ok
13:46:30.0620 1444 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:46:30.0624 1444 lltdio - ok
13:46:30.0693 1444 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:46:30.0698 1444 LSI_FC - ok
13:46:30.0731 1444 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:46:30.0736 1444 LSI_SAS - ok
13:46:30.0932 1444 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:46:30.0937 1444 LSI_SCSI - ok
13:46:30.0977 1444 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:46:30.0981 1444 luafv - ok
13:46:31.0024 1444 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:46:31.0028 1444 mdmxsdk - ok
13:46:31.0207 1444 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:46:31.0210 1444 megasas - ok
13:46:31.0269 1444 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:46:31.0283 1444 MegaSR - ok
13:46:31.0326 1444 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:46:31.0328 1444 Modem - ok
13:46:31.0499 1444 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:46:31.0501 1444 monitor - ok
13:46:31.0533 1444 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:46:31.0536 1444 mouclass - ok
13:46:31.0575 1444 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:46:31.0578 1444 mouhid - ok
13:46:31.0612 1444 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:46:31.0615 1444 MountMgr - ok
13:46:31.0795 1444 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:46:31.0801 1444 mpio - ok
13:46:31.0835 1444 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:46:31.0838 1444 mpsdrv - ok
13:46:31.0890 1444 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:46:31.0894 1444 Mraid35x - ok
13:46:32.0059 1444 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
13:46:32.0065 1444 MRxDAV - ok
13:46:32.0117 1444 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:46:32.0122 1444 mrxsmb - ok
13:46:32.0151 1444 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:46:32.0159 1444 mrxsmb10 - ok
13:46:32.0306 1444 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:46:32.0311 1444 mrxsmb20 - ok
13:46:32.0361 1444 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:46:32.0365 1444 msahci - ok
13:46:32.0399 1444 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:46:32.0405 1444 msdsm - ok
13:46:32.0473 1444 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:46:32.0476 1444 Msfs - ok
13:46:32.0659 1444 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:46:32.0662 1444 msisadrv - ok
13:46:32.0738 1444 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:46:32.0740 1444 MSKSSRV - ok
13:46:32.0779 1444 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:46:32.0783 1444 MSPCLOCK - ok
13:46:32.0952 1444 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:46:32.0954 1444 MSPQM - ok
13:46:32.0997 1444 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
13:46:33.0005 1444 MsRPC - ok
13:46:33.0051 1444 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:46:33.0053 1444 mssmbios - ok
13:46:33.0264 1444 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:46:33.0267 1444 MSTEE - ok
13:46:33.0334 1444 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
13:46:33.0337 1444 Mup - ok
13:46:33.0422 1444 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
13:46:33.0428 1444 NativeWifiP - ok
13:46:33.0639 1444 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
13:46:33.0655 1444 NDIS - ok
13:46:33.0834 1444 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:46:33.0837 1444 NdisTapi - ok
13:46:33.0920 1444 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:46:33.0923 1444 Ndisuio - ok
13:46:34.0119 1444 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
13:46:34.0133 1444 NdisWan - ok
13:46:34.0172 1444 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:46:34.0175 1444 NDProxy - ok
13:46:34.0366 1444 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:46:34.0369 1444 NetBIOS - ok
13:46:34.0417 1444 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
13:46:34.0424 1444 netbt - ok
13:46:34.0503 1444 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:46:34.0506 1444 nfrd960 - ok
13:46:34.0723 1444 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys
13:46:34.0729 1444 nmwcd - ok
13:46:34.0776 1444 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\Windows\system32\drivers\nmwcdc.sys
13:46:34.0778 1444 nmwcdc - ok
13:46:34.0828 1444 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcj.sys
13:46:34.0830 1444 nmwcdcj - ok
13:46:35.0032 1444 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys
13:46:35.0035 1444 nmwcdcm - ok
13:46:35.0080 1444 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
13:46:35.0083 1444 Npfs - ok
13:46:35.0127 1444 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:46:35.0129 1444 nsiproxy - ok
13:46:35.0220 1444 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
13:46:35.0254 1444 Ntfs - ok
13:46:35.0378 1444 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:46:35.0381 1444 ntrigdigi - ok
13:46:35.0414 1444 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:46:35.0417 1444 Null - ok
13:46:35.0457 1444 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:46:35.0462 1444 nvraid - ok
13:46:35.0494 1444 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:46:35.0497 1444 nvstor - ok
13:46:35.0529 1444 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:46:35.0535 1444 nv_agp - ok
13:46:35.0604 1444 NwlnkFlt - ok
13:46:35.0707 1444 NwlnkFwd - ok
13:46:35.0790 1444 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
13:46:35.0793 1444 O2MDRDR - ok
13:46:35.0899 1444 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
13:46:35.0902 1444 ohci1394 - ok
13:46:36.0064 1444 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:46:36.0068 1444 Parport - ok
13:46:36.0255 1444 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
13:46:36.0258 1444 partmgr - ok
13:46:36.0405 1444 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:46:36.0408 1444 Parvdm - ok
13:46:36.0458 1444 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
13:46:36.0464 1444 pci - ok
13:46:36.0511 1444 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:46:36.0514 1444 pciide - ok
13:46:36.0694 1444 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:46:36.0701 1444 pcmcia - ok
13:46:36.0784 1444 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:46:36.0812 1444 PEAUTH - ok
13:46:37.0092 1444 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
13:46:37.0096 1444 pnarp - ok
13:46:37.0224 1444 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:46:37.0230 1444 PptpMiniport - ok
13:46:37.0276 1444 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:46:37.0282 1444 Processor - ok
13:46:37.0509 1444 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
13:46:37.0514 1444 PSched - ok
13:46:37.0574 1444 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
13:46:37.0577 1444 purendis - ok
13:46:37.0747 1444 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
13:46:37.0750 1444 QIOMem - ok
13:46:37.0852 1444 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:46:37.0887 1444 ql2300 - ok
13:46:38.0068 1444 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:46:38.0074 1444 ql40xx - ok
13:46:38.0122 1444 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:46:38.0125 1444 QWAVEdrv - ok
13:46:38.0154 1444 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:46:38.0158 1444 RasAcd - ok
13:46:38.0327 1444 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:46:38.0336 1444 Rasl2tp - ok
13:46:38.0384 1444 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
13:46:38.0387 1444 RasPppoe - ok
13:46:38.0408 1444 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
13:46:38.0415 1444 RasSstp - ok
13:46:38.0455 1444 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
13:46:38.0465 1444 rdbss - ok
13:46:38.0495 1444 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:46:38.0498 1444 RDPCDD - ok
13:46:38.0705 1444 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:46:38.0723 1444 rdpdr - ok
13:46:38.0932 1444 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:46:38.0935 1444 RDPENCDD - ok
13:46:39.0010 1444 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
13:46:39.0019 1444 RDPWD - ok
13:46:39.0096 1444 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:46:39.0100 1444 rspndr - ok
13:46:39.0282 1444 RTL8187B (b71d269b9ab5417963e986126c12b9fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
13:46:39.0292 1444 RTL8187B - ok
13:46:39.0466 1444 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
13:46:39.0469 1444 RtlProt - ok
13:46:39.0562 1444 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
13:46:39.0566 1444 s116bus - ok
13:46:39.0611 1444 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\Windows\system32\DRIVERS\s116mdfl.sys
13:46:39.0613 1444 s116mdfl - ok
13:46:39.0738 1444 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\Windows\system32\DRIVERS\s116mdm.sys
13:46:39.0744 1444 s116mdm - ok
13:46:39.0841 1444 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\Windows\system32\DRIVERS\s116mgmt.sys
13:46:39.0847 1444 s116mgmt - ok
13:46:39.0981 1444 s116nd5 (306f85733671fe507470f0273025e768) C:\Windows\system32\DRIVERS\s116nd5.sys
13:46:39.0983 1444 s116nd5 - ok
13:46:40.0106 1444 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\Windows\system32\DRIVERS\s116obex.sys
13:46:40.0111 1444 s116obex - ok
13:46:40.0224 1444 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
13:46:40.0229 1444 s116unic - ok
13:46:40.0344 1444 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:46:40.0349 1444 sbp2port - ok
13:46:40.0415 1444 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:46:40.0420 1444 sdbus - ok
13:46:40.0537 1444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:46:40.0540 1444 secdrv - ok
13:46:40.0644 1444 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:46:40.0647 1444 Serenum - ok
13:46:40.0678 1444 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:46:40.0684 1444 Serial - ok
13:46:40.0815 1444 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:46:40.0818 1444 sermouse - ok
13:46:40.0942 1444 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
13:46:40.0945 1444 sffdisk - ok
13:46:40.0981 1444 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:46:40.0984 1444 sffp_mmc - ok
13:46:41.0114 1444 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:46:41.0117 1444 sffp_sd - ok
13:46:41.0214 1444 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:46:41.0217 1444 sfloppy - ok
13:46:41.0260 1444 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:46:41.0264 1444 sisagp - ok
13:46:41.0386 1444 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:46:41.0389 1444 SiSRaid2 - ok
13:46:41.0488 1444 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:46:41.0493 1444 SiSRaid4 - ok
13:46:41.0547 1444 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
13:46:41.0552 1444 Smb - ok
13:46:41.0693 1444 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:46:41.0696 1444 spldr - ok
13:46:41.0855 1444 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\System32\Drivers\sptd.sys
13:46:41.0878 1444 sptd - ok
13:46:42.0077 1444 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
13:46:42.0088 1444 srv - ok
13:46:42.0408 1444 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
13:46:42.0446 1444 srv2 - ok
13:46:42.0484 1444 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
13:46:42.0489 1444 srvnet - ok
13:46:42.0719 1444 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:46:42.0722 1444 swenum - ok
13:46:42.0758 1444 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:46:42.0762 1444 Symc8xx - ok
13:46:42.0796 1444 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:46:42.0799 1444 Sym_hi - ok
13:46:42.0977 1444 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:46:42.0980 1444 Sym_u3 - ok
13:46:43.0032 1444 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
13:46:43.0040 1444 SynTP - ok
13:46:43.0154 1444 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
13:46:43.0183 1444 Tcpip - ok
13:46:43.0376 1444 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
13:46:43.0393 1444 Tcpip6 - ok
13:46:43.0547 1444 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
13:46:43.0550 1444 tcpipreg - ok
13:46:43.0586 1444 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:46:43.0589 1444 tdcmdpst - ok
13:46:43.0621 1444 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:46:43.0624 1444 TDPIPE - ok
13:46:43.0660 1444 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:46:43.0663 1444 TDTCP - ok
13:46:43.0853 1444 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
13:46:43.0858 1444 tdx - ok
13:46:43.0890 1444 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
13:46:43.0894 1444 TermDD - ok
13:46:44.0191 1444 tosrfbd (ae43138b0dea239b3621b0faf1bb1fe7) C:\Windows\system32\DRIVERS\tosrfbd.sys
13:46:44.0197 1444 tosrfbd - ok
13:46:44.0229 1444 Tosrfcom - ok
13:46:44.0291 1444 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
13:46:44.0294 1444 tosrfec - ok
13:46:44.0469 1444 Tosrfhid (87700714f25131ed21901d617b8b321f) C:\Windows\system32\DRIVERS\Tosrfhid.sys
13:46:44.0474 1444 Tosrfhid - ok
13:46:44.0539 1444 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\Windows\system32\DRIVERS\tosrfusb.sys
13:46:44.0543 1444 Tosrfusb - ok
13:46:44.0739 1444 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
13:46:44.0749 1444 tos_sps32 - ok
13:46:44.0914 1444 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:46:44.0918 1444 tssecsrv - ok
13:46:44.0980 1444 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:46:44.0983 1444 tunmp - ok
13:46:45.0090 1444 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
13:46:45.0093 1444 tunnel - ok
13:46:45.0226 1444 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:46:45.0229 1444 TVALZ - ok
13:46:45.0367 1444 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:46:45.0371 1444 uagp35 - ok
13:46:45.0431 1444 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
13:46:45.0440 1444 udfs - ok
13:46:45.0626 1444 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:46:45.0631 1444 uliagpkx - ok
13:46:45.0700 1444 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:46:45.0710 1444 uliahci - ok
13:46:45.0855 1444 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:46:45.0860 1444 UlSata - ok
13:46:45.0912 1444 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:46:45.0918 1444 ulsata2 - ok
13:46:45.0937 1444 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:46:45.0941 1444 umbus - ok
13:46:46.0126 1444 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:46:46.0131 1444 usbccgp - ok
13:46:46.0234 1444 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:46:46.0238 1444 usbcir - ok
13:46:46.0370 1444 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
13:46:46.0374 1444 usbehci - ok
13:46:46.0428 1444 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
13:46:46.0437 1444 usbhub - ok
13:46:46.0474 1444 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
13:46:46.0477 1444 usbohci - ok
13:46:46.0521 1444 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:46:46.0524 1444 usbprint - ok
13:46:46.0653 1444 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:46:46.0656 1444 usbscan - ok
13:46:46.0727 1444 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:46:46.0731 1444 USBSTOR - ok
13:46:46.0775 1444 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:46:46.0778 1444 usbuhci - ok
13:46:46.0912 1444 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:46:46.0919 1444 usbvideo - ok
13:46:46.0962 1444 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
13:46:46.0965 1444 UVCFTR - ok
13:46:47.0038 1444 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:46:47.0042 1444 vga - ok
13:46:47.0164 1444 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:46:47.0167 1444 VgaSave - ok
13:46:47.0263 1444 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:46:47.0267 1444 viaagp - ok
13:46:47.0304 1444 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:46:47.0321 1444 ViaC7 - ok
13:46:47.0345 1444 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:46:47.0348 1444 viaide - ok
13:46:47.0423 1444 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:46:47.0427 1444 volmgr - ok
13:46:47.0537 1444 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
13:46:47.0547 1444 volmgrx - ok
13:46:47.0644 1444 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
13:46:47.0653 1444 volsnap - ok
13:46:47.0826 1444 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:46:47.0833 1444 vsmraid - ok
13:46:47.0908 1444 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:46:47.0911 1444 WacomPen - ok
13:46:47.0951 1444 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:46:47.0955 1444 Wanarp - ok
13:46:47.0981 1444 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:46:47.0983 1444 Wanarpv6 - ok
13:46:48.0176 1444 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:46:48.0178 1444 Wd - ok
13:46:48.0242 1444 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:46:48.0261 1444 Wdf01000 - ok
13:46:48.0498 1444 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:46:48.0519 1444 winachsf - ok
13:46:48.0757 1444 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:46:48.0759 1444 WmiAcpi - ok
13:46:48.0860 1444 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
13:46:48.0864 1444 WpdUsb - ok
13:46:49.0045 1444 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:46:49.0048 1444 ws2ifsl - ok
13:46:49.0136 1444 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:46:49.0141 1444 WUDFRd - ok
13:46:49.0181 1444 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
13:46:49.0183 1444 XAudio - ok
13:46:49.0386 1444 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
13:46:49.0396 1444 yukonwlh - ok
13:46:49.0488 1444 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:46:49.0509 1444 \Device\Harddisk0\DR0 - ok
13:46:49.0519 1444 Boot (0x1200) (b097579aeaa689076bafda8dfb271b94) \Device\Harddisk0\DR0\Partition0
13:46:49.0521 1444 \Device\Harddisk0\DR0\Partition0 - ok
13:46:49.0553 1444 Boot (0x1200) (bd19834652fb8de601fbffd3856b0839) \Device\Harddisk0\DR0\Partition1
13:46:49.0555 1444 \Device\Harddisk0\DR0\Partition1 - ok
13:46:49.0556 1444 ============================================================
13:46:49.0556 1444 Scan finished
13:46:49.0556 1444 ============================================================
13:46:49.0599 2068 Detected object count: 1
13:46:49.0599 2068 Actual detected object count: 1
13:47:07.0776 2068 Backup copy not found, trying to cure infected file..
13:47:07.0777 2068 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
13:47:07.0777 2068 C:\Windows\system32\Drivers\dfsc.sys - processing error
13:47:07.0777 2068 DfsC ( Rootkit.Win32.ZAccess.h ) - User select action: Cure

Salome

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 03 October 2011 - 01:01 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
dfsc.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 salomea07

salomea07
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 03 October 2011 - 01:32 PM

Here is the log, but it's so short compared to previous ones..

SystemLook 30.07.11 by jpshortstuff
Log created at 14:24 on 03/10/2011 by Salome
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys --a---- 75264 bytes [19:14 18/09/2009] [04:14 11/04/2009] 218D8AE46C88E82014F5D73D0236D9B2
C:\Windows\System32\drivers\dfsc.sys --a---- 75264 bytes [02:24 21/01/2008] [02:24 21/01/2008] B4999ECBD61B4F83E8ACB57FC58F64B1
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys --a---- 75264 bytes [02:24 21/01/2008] [02:24 21/01/2008] B4999ECBD61B4F83E8ACB57FC58F64B1

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users