Jump to content

Ashran

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks a lot for all this information and for helping me out with this! It's much appreciated. You guys are great!
  2. Everything runs smoothly! I can't believe how much crap my computer had. The Online scanner didn't come up clean, wich surprises me a bit. I have an antivirus and I don't visit any weird websites. C:\Users\Samain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2fc1f1cd-6a9399ff multiple threats deleted - quarantined C:\Users\Samain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\416192d3-3e3770e5-temp multiple threats deleted - quarantined C:\Users\Samain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5fc5a262-65087ad2 a variant of Java/Agent.BR trojan deleted - quarantined C:\Users\Samain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1ffc5a4-7aa043b8 probably a variant of Java/Agent.BR trojan deleted - quarantined C:\Users\Samain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7feeba40 multiple threats deleted - quarantined Thanks a lot!
  3. Thanks! This is the MBAM log Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09/07/2011 03:56:00 mbam-log-2011-07-09 (03-55-59).txt Scan type: Full scan (C:\|) Objects scanned: 404153 Time elapsed: 1 hour(s), 58 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. Yes, of course ComboFix 11-07-06.02 - Samain 08/07/2011 1:57.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1973.1004 [GMT 1:00] Running from: c:\users\Samain\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 ))))))))))))))))))))))))))))))) . . 2011-07-08 01:06 . 2011-07-08 01:06 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-07-08 01:06 . 2011-07-08 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-05 22:45 . 2011-07-05 22:45 -------- d-----w- c:\users\Mcx1-SAMAIN-PC 2011-07-05 14:35 . 2011-06-20 07:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F5F761E-FA64-4CA6-8F3C-5A31CECF5D45}\mpengine.dll 2011-07-04 23:06 . 2011-07-04 23:06 -------- d-----w- c:\users\Samain\AppData\Roaming\Malwarebytes 2011-07-04 23:06 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-04 23:06 . 2011-07-04 23:06 -------- d-----w- c:\programdata\Malwarebytes 2011-07-04 23:06 . 2011-07-05 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-07-04 20:28 . 2011-07-04 20:28 388096 ----a-r- c:\users\Samain\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-04 17:48 . 2011-07-05 19:19 -------- d-----w- C:\ark 2011-07-04 15:25 . 2011-07-04 16:02 -------- d-----w- c:\programdata\PC Tools 2011-07-03 22:11 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-07-03 22:11 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-06-29 13:55 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-06-29 13:55 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-06-29 13:55 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-06-22 12:15 . 2011-07-08 01:06 1409 ----a-w- c:\windows\QTFont.for 2011-06-14 19:07 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-14 19:07 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-14 19:07 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-14 19:07 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-14 19:07 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-14 19:07 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-14 19:07 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-14 19:07 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-14 19:07 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys 2011-06-14 19:05 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-14 19:05 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-14 19:05 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-14 19:05 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-14 19:05 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-06-14 19:05 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-14 19:05 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 18:14 . 2010-08-22 21:29 270720 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-07-06_19.30.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-07-08 01:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-07-06 19:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-07-06 19:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-07-08 01:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-07-06 19:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-07-08 01:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-18 21:58 . 2011-07-08 00:42 57252 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-07-06 19:30 32752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-07-08 00:43 32752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-26 19:12 . 2011-07-08 00:43 16800 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1876799212-4205885039-4017853658-1001_UserData.bin - 2010-03-26 11:29 . 2011-07-06 19:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-26 11:29 . 2011-07-08 01:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-26 11:29 . 2011-07-06 19:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-26 11:29 . 2011-07-08 01:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-07-08 01:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-07-06 19:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-26 19:11 . 2011-07-08 01:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-26 19:11 . 2011-07-06 19:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-03 21:27 . 2011-07-06 19:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2011-07-03 21:27 . 2011-07-07 14:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2011-07-03 21:27 . 2011-07-07 14:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat - 2011-07-03 21:27 . 2011-07-06 19:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat + 2011-07-03 21:27 . 2011-07-07 14:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat - 2011-07-03 21:27 . 2011-07-06 19:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat + 2010-03-26 19:11 . 2011-07-08 01:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-26 19:11 . 2011-07-06 19:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-26 19:11 . 2011-07-08 01:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-26 19:11 . 2011-07-06 19:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-26 12:05 . 2011-07-06 19:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-26 12:05 . 2011-07-08 01:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-26 12:05 . 2011-07-06 19:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-26 12:05 . 2011-07-08 01:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-08 01:08 . 2011-07-08 01:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-07-06 19:27 . 2011-07-06 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-07-08 01:08 . 2011-07-08 01:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-07-06 19:27 . 2011-07-06 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:12 . 2011-07-06 19:30 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2011-07-08 01:17 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2011-07-06 19:26 387888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-07-08 01:07 387888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-06-06 23:31 . 2011-07-06 07:36 3438912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1876799212-4205885039-4017853658-1001-12288.dat + 2010-06-06 23:31 . 2011-07-08 01:07 3438912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1876799212-4205885039-4017853658-1001-12288.dat - 2009-07-14 02:34 . 2011-07-06 15:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2011-07-08 01:58 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-05-01 77824] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-29 124240] "ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-12-09 560128] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\users\Samain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-19 113664] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService] @="Service" . R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Serxnelb;Serxnelb; [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2009-04-29 19720] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x] S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-24 1960744] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-14 487424] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://uk.mg41.mail.yahoo.com/dc/launch?.gx=1&.rand=dthpu2s7qcfqv mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Samain\AppData\Roaming\Mozilla\Firefox\Profiles\eakwbpfc.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1876799212-4205885039-4017853658-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a7,25,6c,8d,55,69,29,d9,d2,79,23,7d,9e,40,3b,38,b1,db,de,d7,e1,35,af, 6f,db,e2,ed,ce,29,6f,53,a7,4b,83,62,61,1d,ec,ba,5b,2d,ff,f5,86,ac,7b,0e,62,\ "??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05 . [HKEY_USERS\S-1-5-21-1876799212-4205885039-4017853658-1001\Software\SecuROM\License information*] "datasecu"=hex:ee,8e,1c,a9,a0,77,d8,bb,bc,de,1a,1a,90,14,f0,aa,98,bd,3b,d1,da, 15,9b,4b,75,ec,ec,f9,05,2e,20,61,60,6b,03,2a,cc,7d,44,b4,e9,06,4b,b2,85,e8,\ "rkeysecu"=hex:ce,cb,b9,b2,2d,7c,7d,22,e6,6f,86,9c,f7,fb,e3,c4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe c:\program files (x86)\Mozilla Firefox\firefox.exe c:\program files (x86)\Mozilla Firefox\plugin-container.exe . ************************************************************************** . Completion time: 2011-07-08 08:09:33 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-08 07:09 ComboFix2.txt 2011-07-06 22:18 ComboFix3.txt 2011-07-06 19:53 . Pre-Run: 19,703,980,032 bytes free Post-Run: 18,841,026,560 bytes free . - - End Of File - - 019B29ED72A4CF8FA1A541E05E34269B Thank you!
  5. YAYYYYYYYYY!!! You fixed it! Thank you so so so so much for your time and patience!! I paste the log you request here just in case you need it. I really appreciate what you've done 2011/07/07 15:56:22.0317 4516 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21 2011/07/07 15:56:22.0563 4516 ================================================================================ 2011/07/07 15:56:22.0563 4516 SystemInfo: 2011/07/07 15:56:22.0563 4516 2011/07/07 15:56:22.0563 4516 OS Version: 6.1.7600 ServicePack: 0.0 2011/07/07 15:56:22.0563 4516 Product type: Workstation 2011/07/07 15:56:22.0563 4516 ComputerName: SAMAIN-PC 2011/07/07 15:56:22.0564 4516 UserName: Samain 2011/07/07 15:56:22.0564 4516 Windows directory: C:\Windows 2011/07/07 15:56:22.0564 4516 System windows directory: C:\Windows 2011/07/07 15:56:22.0564 4516 Running under WOW64 2011/07/07 15:56:22.0564 4516 Processor architecture: Intel x64 2011/07/07 15:56:22.0564 4516 Number of processors: 4 2011/07/07 15:56:22.0564 4516 Page size: 0x1000 2011/07/07 15:56:22.0564 4516 Boot type: Normal boot 2011/07/07 15:56:22.0564 4516 ================================================================================ 2011/07/07 15:56:24.0038 4516 Initialize success 2011/07/07 15:56:30.0307 7012 ================================================================================ 2011/07/07 15:56:30.0307 7012 Scan started 2011/07/07 15:56:30.0307 7012 Mode: Manual; 2011/07/07 15:56:30.0307 7012 ================================================================================ 2011/07/07 15:56:32.0330 7012 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/07/07 15:56:32.0405 7012 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys 2011/07/07 15:56:32.0519 7012 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/07/07 15:56:32.0574 7012 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/07/07 15:56:32.0664 7012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/07/07 15:56:32.0711 7012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/07/07 15:56:32.0775 7012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/07/07 15:56:32.0889 7012 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 2011/07/07 15:56:32.0937 7012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/07/07 15:56:32.0997 7012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/07/07 15:56:33.0044 7012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/07/07 15:56:33.0092 7012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/07/07 15:56:33.0312 7012 amdkmdag (3d07f9c090c7a1d76d624972a5384471) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/07/07 15:56:33.0727 7012 amdkmdap (99ab7e4b24c80155dc4296f657faf3c7) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/07/07 15:56:33.0834 7012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/07/07 15:56:33.0903 7012 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2011/07/07 15:56:33.0944 7012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/07/07 15:56:33.0992 7012 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2011/07/07 15:56:34.0042 7012 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/07/07 15:56:34.0103 7012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/07/07 15:56:34.0152 7012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/07/07 15:56:34.0202 7012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/07 15:56:34.0248 7012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/07/07 15:56:34.0308 7012 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys 2011/07/07 15:56:34.0576 7012 atikmdag (3d07f9c090c7a1d76d624972a5384471) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/07/07 15:56:35.0035 7012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/07/07 15:56:35.0209 7012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/07/07 15:56:35.0285 7012 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys 2011/07/07 15:56:35.0469 7012 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys 2011/07/07 15:56:35.0730 7012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/07/07 15:56:35.0820 7012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/07/07 15:56:35.0931 7012 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/07 15:56:36.0058 7012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/07/07 15:56:36.0084 7012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/07/07 15:56:36.0137 7012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/07/07 15:56:36.0180 7012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/07/07 15:56:36.0214 7012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/07/07 15:56:36.0249 7012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/07/07 15:56:36.0315 7012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/07/07 15:56:36.0532 7012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/07 15:56:36.0625 7012 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/07 15:56:36.0734 7012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/07/07 15:56:36.0821 7012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/07/07 15:56:36.0883 7012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/07 15:56:36.0921 7012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/07/07 15:56:36.0983 7012 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/07/07 15:56:37.0040 7012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/07 15:56:37.0129 7012 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/07/07 15:56:37.0211 7012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/07/07 15:56:37.0281 7012 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 2011/07/07 15:56:37.0425 7012 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 2011/07/07 15:56:37.0554 7012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/07/07 15:56:37.0608 7012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/07/07 15:56:37.0745 7012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/07/07 15:56:37.0847 7012 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/07 15:56:38.0318 7012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/07/07 15:56:38.0757 7012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/07/07 15:56:38.0857 7012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/07/07 15:56:38.0916 7012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/07/07 15:56:38.0962 7012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/07/07 15:56:39.0040 7012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/07 15:56:39.0135 7012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/07/07 15:56:39.0197 7012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/07/07 15:56:39.0372 7012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/07 15:56:39.0433 7012 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/07/07 15:56:39.0557 7012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/07/07 15:56:39.0658 7012 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/07 15:56:39.0846 7012 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys 2011/07/07 15:56:39.0905 7012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/07/07 15:56:40.0349 7012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/07/07 15:56:40.0412 7012 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/07 15:56:40.0460 7012 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 2011/07/07 15:56:40.0561 7012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/07/07 15:56:40.0632 7012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/07/07 15:56:40.0715 7012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/07/07 15:56:40.0800 7012 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/07 15:56:40.0932 7012 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/07/07 15:56:41.0047 7012 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/07/07 15:56:41.0079 7012 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/07/07 15:56:41.0150 7012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/07 15:56:41.0190 7012 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/07/07 15:56:41.0229 7012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/07/07 15:56:41.0320 7012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/07/07 15:56:41.0372 7012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/07 15:56:41.0448 7012 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/07 15:56:41.0488 7012 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/07/07 15:56:41.0549 7012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/07/07 15:56:41.0664 7012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/07/07 15:56:41.0740 7012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/07/07 15:56:41.0842 7012 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/07 15:56:41.0920 7012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/07 15:56:42.0000 7012 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/07/07 15:56:42.0070 7012 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/07 15:56:42.0120 7012 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/07/07 15:56:42.0203 7012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/07/07 15:56:42.0267 7012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/07 15:56:42.0336 7012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/07/07 15:56:42.0365 7012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/07/07 15:56:42.0401 7012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/07/07 15:56:42.0436 7012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/07/07 15:56:42.0486 7012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/07/07 15:56:42.0718 7012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/07/07 15:56:42.0754 7012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/07/07 15:56:42.0848 7012 mfeapfk (be32ddafc21b7ac0abeb5b0433cb2b22) C:\Windows\system32\drivers\mfeapfk.sys 2011/07/07 15:56:42.0965 7012 mfeavfk (d1434fafe6e916f25d1669979c21cf5d) C:\Windows\system32\drivers\mfeavfk.sys 2011/07/07 15:56:43.0065 7012 mfehidk (d0067b5e7d1a9ae6fe659eb03d6c9e34) C:\Windows\system32\drivers\mfehidk.sys 2011/07/07 15:56:43.0205 7012 mferkdet (b013e947563b509750023a1e6820908e) C:\Windows\system32\drivers\mferkdet.sys 2011/07/07 15:56:43.0285 7012 mfetdik (6fa1daa1ea0a3a467688f2598a625318) C:\Windows\system32\drivers\mfetdik.sys 2011/07/07 15:56:43.0376 7012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/07/07 15:56:43.0412 7012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/07 15:56:43.0454 7012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/07 15:56:43.0527 7012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/07 15:56:43.0588 7012 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/07/07 15:56:43.0637 7012 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/07/07 15:56:43.0679 7012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/07 15:56:43.0723 7012 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/07/07 15:56:43.0794 7012 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/07 15:56:43.0912 7012 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/07 15:56:43.0996 7012 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/07 15:56:44.0082 7012 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/07/07 15:56:44.0120 7012 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/07/07 15:56:44.0165 7012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/07/07 15:56:44.0195 7012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/07/07 15:56:44.0240 7012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/07/07 15:56:44.0319 7012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/07 15:56:44.0353 7012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/07 15:56:44.0395 7012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/07/07 15:56:44.0428 7012 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/07/07 15:56:44.0470 7012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/07 15:56:44.0498 7012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/07/07 15:56:44.0528 7012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/07/07 15:56:44.0565 7012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/07/07 15:56:44.0647 7012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/07 15:56:44.0725 7012 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/07/07 15:56:44.0769 7012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/07/07 15:56:44.0818 7012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/07 15:56:44.0864 7012 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/07 15:56:44.0899 7012 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/07 15:56:44.0922 7012 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/07/07 15:56:44.0946 7012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/07 15:56:45.0004 7012 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/07 15:56:45.0086 7012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/07/07 15:56:45.0123 7012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/07/07 15:56:45.0150 7012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/07 15:56:45.0212 7012 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2011/07/07 15:56:45.0276 7012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/07/07 15:56:45.0439 7012 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/07/07 15:56:45.0494 7012 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2011/07/07 15:56:45.0534 7012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/07/07 15:56:45.0588 7012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/07 15:56:45.0666 7012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/07/07 15:56:45.0697 7012 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/07/07 15:56:45.0764 7012 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/07/07 15:56:45.0803 7012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/07/07 15:56:45.0857 7012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/07/07 15:56:45.0904 7012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/07/07 15:56:45.0945 7012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/07/07 15:56:46.0074 7012 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/07 15:56:46.0121 7012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/07/07 15:56:46.0180 7012 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/07 15:56:46.0244 7012 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 2011/07/07 15:56:46.0407 7012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/07/07 15:56:46.0472 7012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/07/07 15:56:46.0507 7012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/07 15:56:46.0537 7012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/07 15:56:46.0594 7012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/07/07 15:56:46.0665 7012 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/07 15:56:46.0725 7012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/07 15:56:46.0777 7012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/07 15:56:46.0825 7012 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/07 15:56:46.0862 7012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/07/07 15:56:46.0897 7012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/07 15:56:46.0926 7012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/07 15:56:46.0952 7012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/07/07 15:56:46.0980 7012 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/07/07 15:56:47.0041 7012 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/07/07 15:56:47.0146 7012 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys 2011/07/07 15:56:47.0234 7012 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys 2011/07/07 15:56:47.0314 7012 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys 2011/07/07 15:56:47.0402 7012 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys 2011/07/07 15:56:47.0498 7012 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys 2011/07/07 15:56:47.0606 7012 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys 2011/07/07 15:56:47.0744 7012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/07 15:56:47.0829 7012 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/07/07 15:56:47.0952 7012 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/07/07 15:56:47.0993 7012 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/07/07 15:56:48.0051 7012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/07/07 15:56:48.0130 7012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/07/07 15:56:48.0174 7012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/07/07 15:56:48.0197 7012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/07/07 15:56:48.0324 7012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/07/07 15:56:48.0372 7012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/07/07 15:56:48.0405 7012 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/07/07 15:56:48.0453 7012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/07/07 15:56:48.0517 7012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/07/07 15:56:48.0552 7012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/07/07 15:56:48.0606 7012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/07/07 15:56:48.0687 7012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/07/07 15:56:48.0783 7012 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys 2011/07/07 15:56:48.0948 7012 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 2011/07/07 15:56:49.0067 7012 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/07 15:56:49.0147 7012 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/07 15:56:49.0291 7012 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys 2011/07/07 15:56:49.0418 7012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/07/07 15:56:49.0497 7012 STHDA (2d7c3ca0fdb0f438671c89fa1804674f) C:\Windows\system32\DRIVERS\stwrt64.sys 2011/07/07 15:56:49.0613 7012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/07 15:56:49.0687 7012 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys 2011/07/07 15:56:49.0862 7012 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys 2011/07/07 15:56:50.0001 7012 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/07 15:56:50.0073 7012 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/07 15:56:50.0111 7012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/07/07 15:56:50.0140 7012 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/07/07 15:56:50.0167 7012 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/07 15:56:50.0235 7012 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/07 15:56:50.0320 7012 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/07 15:56:50.0354 7012 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/07 15:56:50.0408 7012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/07/07 15:56:50.0463 7012 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/07 15:56:50.0518 7012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/07/07 15:56:50.0565 7012 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/07 15:56:50.0612 7012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/07/07 15:56:50.0651 7012 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/07 15:56:50.0697 7012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/07/07 15:56:50.0740 7012 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/07 15:56:50.0801 7012 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/07 15:56:50.0911 7012 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/07/07 15:56:50.0979 7012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/07 15:56:51.0044 7012 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/07 15:56:51.0089 7012 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/07 15:56:51.0125 7012 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/07 15:56:51.0197 7012 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys 2011/07/07 15:56:51.0258 7012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/07/07 15:56:51.0316 7012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/07 15:56:51.0350 7012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/07/07 15:56:51.0391 7012 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/07/07 15:56:51.0462 7012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/07/07 15:56:51.0571 7012 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/07/07 15:56:51.0770 7012 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/07/07 15:56:51.0882 7012 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/07/07 15:56:51.0936 7012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/07/07 15:56:51.0979 7012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/07/07 15:56:52.0025 7012 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/07/07 15:56:52.0085 7012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/07/07 15:56:52.0151 7012 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/07 15:56:52.0180 7012 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/07 15:56:52.0265 7012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/07/07 15:56:52.0331 7012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/07 15:56:52.0438 7012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/07/07 15:56:52.0523 7012 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 2011/07/07 15:56:52.0615 7012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/07/07 15:56:52.0692 7012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/07/07 15:56:52.0756 7012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/07 15:56:52.0807 7012 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/07/07 15:56:52.0876 7012 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/07 15:56:52.0963 7012 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0 2011/07/07 15:56:52.0970 7012 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0) 2011/07/07 15:56:52.0989 7012 Boot (0x1200) (f80ba36281b72ae08c1e05f0b21ba570) \Device\Harddisk0\DR0\Partition0 2011/07/07 15:56:53.0015 7012 Boot (0x1200) (08921adfef42c763f87aca04ee724fd5) \Device\Harddisk0\DR0\Partition1 2011/07/07 15:56:53.0021 7012 ================================================================================ 2011/07/07 15:56:53.0021 7012 Scan finished 2011/07/07 15:56:53.0021 7012 ================================================================================ 2011/07/07 15:56:53.0034 2440 Detected object count: 1 2011/07/07 15:56:53.0034 2440 Actual detected object count: 1 2011/07/07 15:57:08.0972 2440 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot 2011/07/07 15:57:08.0972 2440 \Device\Harddisk0\DR0 - ok 2011/07/07 15:57:08.0972 2440 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/07 15:57:17.0124 3684 Deinitialize success
  6. Unfortunately it's still there. Same redirections in Explorer but Firefox now is showing a crash reporter screen randomly. Sometimes it shows the "firefox has stopped working" too
  7. Thank you very much again! Here it goes: ComboFix 11-07-06.02 - Samain 06/07/2011 22:21:53.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1973.1105 [GMT 1:00] Running from: c:\users\Samain\Desktop\ComboFix.exe Command switches used :: c:\users\Samain\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 ))))))))))))))))))))))))))))))) . . 2011-07-06 21:52 . 2011-07-06 21:52 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-07-06 21:52 . 2011-07-06 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-05 22:45 . 2011-07-05 22:45 -------- d-----w- c:\users\Mcx1-SAMAIN-PC 2011-07-05 14:35 . 2011-06-20 07:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F5F761E-FA64-4CA6-8F3C-5A31CECF5D45}\mpengine.dll 2011-07-04 23:06 . 2011-07-04 23:06 -------- d-----w- c:\users\Samain\AppData\Roaming\Malwarebytes 2011-07-04 23:06 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-04 23:06 . 2011-07-04 23:06 -------- d-----w- c:\programdata\Malwarebytes 2011-07-04 23:06 . 2011-07-05 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-07-04 20:28 . 2011-07-04 20:28 388096 ----a-r- c:\users\Samain\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-04 17:48 . 2011-07-05 19:19 -------- d-----w- C:\ark 2011-07-04 15:25 . 2011-07-04 16:02 -------- d-----w- c:\programdata\PC Tools 2011-07-03 22:11 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-07-03 22:11 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-06-29 13:55 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-06-29 13:55 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-06-29 13:55 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-06-22 12:15 . 2011-07-06 21:53 1409 ----a-w- c:\windows\QTFont.for 2011-06-14 19:07 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-14 19:07 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-14 19:07 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-14 19:07 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-14 19:07 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-14 19:07 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-14 19:07 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-14 19:07 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-14 19:07 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys 2011-06-14 19:05 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-14 19:05 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-14 19:05 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-14 19:05 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-14 19:05 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-06-14 19:05 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-14 19:05 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 18:14 . 2010-08-22 21:29 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-04-09 06:58 . 2011-05-24 06:18 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-04-09 06:45 . 2011-05-11 12:09 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:13 . 2011-05-11 12:09 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 12:09 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-24 06:18 123904 ----a-w- c:\windows\SysWow64\poqexec.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-07-06_19.30.27 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-18 21:58 . 2011-07-06 21:57 57156 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-07-06 21:57 32752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-07-06 19:30 32752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-03-26 19:12 . 2011-07-06 15:08 16776 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1876799212-4205885039-4017853658-1001_UserData.bin + 2010-03-26 19:12 . 2011-07-06 21:57 16776 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1876799212-4205885039-4017853658-1001_UserData.bin + 2010-03-26 11:29 . 2011-07-06 21:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-26 11:29 . 2011-07-06 19:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-26 11:29 . 2011-07-06 21:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-26 11:29 . 2011-07-06 19:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-07-06 21:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-07-06 19:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-26 19:11 . 2011-07-06 21:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-26 19:11 . 2011-07-06 19:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-03 21:27 . 2011-07-06 19:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2011-07-03 21:27 . 2011-07-06 21:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat - 2011-07-03 21:27 . 2011-07-06 19:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat + 2011-07-03 21:27 . 2011-07-06 21:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat - 2011-07-03 21:27 . 2011-07-06 19:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat + 2011-07-03 21:27 . 2011-07-06 21:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat + 2010-03-26 19:11 . 2011-07-06 21:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-26 19:11 . 2011-07-06 19:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-26 19:11 . 2011-07-06 21:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-26 19:11 . 2011-07-06 19:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-26 12:05 . 2011-07-06 19:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-26 12:05 . 2011-07-06 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-26 12:05 . 2011-07-06 19:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-26 12:05 . 2011-07-06 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-06 21:54 . 2011-07-06 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-07-06 19:27 . 2011-07-06 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-07-06 21:54 . 2011-07-06 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-07-06 19:27 . 2011-07-06 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:12 . 2011-07-06 19:30 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2011-07-06 21:56 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2011-07-06 19:26 387888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-07-06 21:54 387888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-06-06 23:31 . 2011-07-06 07:36 3438912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1876799212-4205885039-4017853658-1001-12288.dat + 2010-06-06 23:31 . 2011-07-06 21:54 3438912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1876799212-4205885039-4017853658-1001-12288.dat + 2009-07-14 02:34 . 2011-07-06 19:44 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2011-07-06 15:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-05-01 77824] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-29 124240] "ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-12-09 560128] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\users\Samain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-19 113664] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService] @="Service" . R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Serxnelb;Serxnelb; [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2009-04-29 19720] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x] S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-24 1960744] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-14 487424] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://uk.mg41.mail.yahoo.com/dc/launch?.gx=1&.rand=dthpu2s7qcfqv mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Samain\AppData\Roaming\Mozilla\Firefox\Profiles\eakwbpfc.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1876799212-4205885039-4017853658-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a7,25,6c,8d,55,69,29,d9,d2,79,23,7d,9e,40,3b,38,b1,db,de,d7,e1,35,af, 6f,db,e2,ed,ce,29,6f,53,a7,4b,83,62,61,1d,ec,ba,5b,2d,ff,f5,86,ac,7b,0e,62,\ "??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05 . [HKEY_USERS\S-1-5-21-1876799212-4205885039-4017853658-1001\Software\SecuROM\License information*] "datasecu"=hex:ee,8e,1c,a9,a0,77,d8,bb,bc,de,1a,1a,90,14,f0,aa,98,bd,3b,d1,da, 15,9b,4b,75,ec,ec,f9,05,2e,20,61,60,6b,03,2a,cc,7d,44,b4,e9,06,4b,b2,85,e8,\ "rkeysecu"=hex:ce,cb,b9,b2,2d,7c,7d,22,e6,6f,86,9c,f7,fb,e3,c4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe c:\program files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2011-07-06 23:18:11 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-06 22:18 ComboFix2.txt 2011-07-06 19:53 . Pre-Run: 16,735,576,064 bytes free Post-Run: 16,466,493,440 bytes free . - - End Of File - - 1CA206D6AB6DC558AA86F73813B5FE04
  8. Hi Elise! Thank you very much for your help and your time This is combofix.txt, I hope it helps. ComboFix 11-07-06.02 - Samain 06/07/2011 19:51:26.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1973.1081 [GMT 1:00] Running from: c:\users\Samain\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Samain\GoToAssistDownloadHelper.exe c:\users\Samain\lame_enc_en.dll c:\users\Samain\lametritonus_en.dll c:\windows\system32\jusched.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 ))))))))))))))))))))))))))))))) . . 2011-07-06 19:23 . 2011-07-06 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-06 19:23 . 2011-07-06 19:23 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-07-06 18:35 . 2011-07-06 18:40 -------- d-----w- C:\32788R22FWJFW 2011-07-05 22:45 . 2011-07-05 22:45 -------- d-----w- c:\users\Mcx1-SAMAIN-PC 2011-07-05 14:35 . 2011-06-20 07:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F5F761E-FA64-4CA6-8F3C-5A31CECF5D45}\mpengine.dll 2011-07-04 23:06 . 2011-07-04 23:06 -------- d-----w- c:\users\Samain\AppData\Roaming\Malwarebytes 2011-07-04 23:06 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-04 23:06 . 2011-07-04 23:06 -------- d-----w- c:\programdata\Malwarebytes 2011-07-04 23:06 . 2011-07-05 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-07-04 20:28 . 2011-07-04 20:28 388096 ----a-r- c:\users\Samain\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-04 17:48 . 2011-07-05 19:19 -------- d-----w- C:\ark 2011-07-04 15:25 . 2011-07-04 16:02 -------- d-----w- c:\programdata\PC Tools 2011-07-03 22:11 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-07-03 22:11 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-06-29 13:55 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-06-29 13:55 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-06-29 13:55 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-06-22 12:15 . 2011-07-06 19:25 1409 ----a-w- c:\windows\QTFont.for 2011-06-14 19:07 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-14 19:07 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-14 19:07 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-14 19:07 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-14 19:07 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-14 19:07 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-14 19:07 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-14 19:07 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-14 19:07 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys 2011-06-14 19:05 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-14 19:05 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-14 19:05 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-14 19:05 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-14 19:05 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-06-14 19:05 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-14 19:05 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 18:14 . 2010-08-22 21:29 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-04-09 06:58 . 2011-05-24 06:18 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-04-09 06:45 . 2011-05-11 12:09 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:13 . 2011-05-11 12:09 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 12:09 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-24 06:18 123904 ----a-w- c:\windows\SysWow64\poqexec.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-05-01 77824] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-29 124240] "ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-12-09 560128] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\users\Samain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-19 113664] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService] @="Service" . R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Serxnelb;Serxnelb; [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2009-04-29 19720] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x] S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-24 1960744] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-14 487424] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://uk.mg41.mail.yahoo.com/dc/launch?.gx=1&.rand=dthpu2s7qcfqv mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 213.0.88.87:8080 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Samain\AppData\Roaming\Mozilla\Firefox\Profiles\eakwbpfc.default\ FF - prefs.js: network.proxy.ftp - 193.147.162.166 FF - prefs.js: network.proxy.ftp_port - 3124 FF - prefs.js: network.proxy.gopher - 193.147.162.166 FF - prefs.js: network.proxy.gopher_port - 3124 FF - prefs.js: network.proxy.http - 193.147.162.166 FF - prefs.js: network.proxy.http_port - 3124 FF - prefs.js: network.proxy.socks - 193.147.162.166 FF - prefs.js: network.proxy.socks_port - 3124 FF - prefs.js: network.proxy.ssl - 193.147.162.166 FF - prefs.js: network.proxy.ssl_port - 3124 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Scratches Director's Cut - c:\program files (x86)\Uninstall.exe AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1876799212-4205885039-4017853658-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a7,25,6c,8d,55,69,29,d9,d2,79,23,7d,9e,40,3b,38,b1,db,de,d7,e1,35,af, 6f,db,e2,ed,ce,29,6f,53,a7,4b,83,62,61,1d,ec,ba,5b,2d,ff,f5,86,ac,7b,0e,62,\ "??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05 . [HKEY_USERS\S-1-5-21-1876799212-4205885039-4017853658-1001\Software\SecuROM\License information*] "datasecu"=hex:ee,8e,1c,a9,a0,77,d8,bb,bc,de,1a,1a,90,14,f0,aa,98,bd,3b,d1,da, 15,9b,4b,75,ec,ec,f9,05,2e,20,61,60,6b,03,2a,cc,7d,44,b4,e9,06,4b,b2,85,e8,\ "rkeysecu"=hex:ce,cb,b9,b2,2d,7c,7d,22,e6,6f,86,9c,f7,fb,e3,c4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2011-07-06 20:53:30 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-06 19:53 . Pre-Run: 16,351,797,248 bytes free Post-Run: 18,100,260,864 bytes free . - - End Of File - - 4FCECF2592C4632F05B619A3C202F520
  9. Hi, This is my first post here, I've been through this post http://forums.malwarebytes.org//index.php?showtopic=9573 I hope I'm doing it right. A couple of days ago my computer was infected by malware. I managed to restore everything, but now Firefox won't work (it says Firefox has stopped working, and it would say the same thing when trying to run it in safe mode, even after uninstall it and reinstall again) and Google redirects me to random pages in Explorer. My antivirus can't find any virus. I've been running Malwarebytes for a couple of days and after deleting the first malwares it's not finding anything else (Tra2_trn.exe is just a trainer for a game, I've been using it for a while) I paste and attach the logs here as instructed. I would appreciate any help that you could give me, I'm very pissed off for getting into this trouble, grrr! Thank you in advance, I'm learning lots of things in this forum Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7026 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 05/07/2011 21:22:04 mbam-log-2011-07-05 (21-22-00).txt Scan type: Quick scan Objects scanned: 192040 Time elapsed: 8 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Samain\downloads\tra2_trn.exe (Trojan.Agent) -> No action taken. . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Run by Samain at 20:07:45 on 2011-07-05 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1973.582 [GMT 1:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\vds.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://uk.mg41.mail.yahoo.com/dc/launch?.gx=1&.rand=dthpu2s7qcfqv uInternet Settings,ProxyServer = 213.0.88.87:8080 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun: [serviceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background StartupFolder: C:\Users\Samain\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3A7C5585-39E2-4C67-98E6-428A10FE2A23} : DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{83A3A22D-7A0F-4633-B667-3319E3DE7111} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{83A3A22D-7A0F-4633-B667-3319E3DE7111}\2416C6269627E696560205C6163656 : DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{83A3A22D-7A0F-4633-B667-3319E3DE7111}\2425F414442414E444 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{83A3A22D-7A0F-4633-B667-3319E3DE7111}\2445F40756E6A7F6E656D235471627265736B637 : DhcpNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{83A3A22D-7A0F-4633-B667-3319E3DE7111}\259616E68756962716 : DhcpNameServer = 80.58.61.250 80.58.61.254 TCP: Interfaces\{83A3A22D-7A0F-4633-B667-3319E3DE7111}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun-x64: [serviceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Samain\AppData\Roaming\Mozilla\Firefox\Profiles\eakwbpfc.default\ FF - prefs.js: network.proxy.ftp - 193.147.162.166 FF - prefs.js: network.proxy.ftp_port - 3124 FF - prefs.js: network.proxy.gopher - 193.147.162.166 FF - prefs.js: network.proxy.gopher_port - 3124 FF - prefs.js: network.proxy.http - 193.147.162.166 FF - prefs.js: network.proxy.http_port - 3124 FF - prefs.js: network.proxy.socks - 193.147.162.166 FF - prefs.js: network.proxy.socks_port - 3124 FF - prefs.js: network.proxy.ssl - 193.147.162.166 FF - prefs.js: network.proxy.ssl_port - 3124 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Samain\AppData\Roaming\Mozilla\plugins\npoctoshape.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?] R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?] R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] . =============== Created Last 30 ================ . 2011-07-05 14:35:17 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3F5F761E-FA64-4CA6-8F3C-5A31CECF5D45}\mpengine.dll 2011-07-04 23:06:43 -------- d-----w- C:\Users\Samain\AppData\Roaming\Malwarebytes 2011-07-04 23:06:17 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-04 23:06:16 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-04 23:06:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-04 20:28:18 388096 ----a-r- C:\Users\Samain\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-04 17:48:43 -------- d-----w- C:\ark 2011-07-04 15:25:00 -------- d-----w- C:\ProgramData\PC Tools 2011-07-04 15:04:28 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-07-03 22:11:53 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-07-03 22:11:53 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-06-29 13:55:08 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-06-29 13:55:07 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-06-29 13:55:07 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-06-22 12:15:05 1409 ----a-w- C:\Windows\QTFont.for 2011-06-14 19:07:51 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2011-06-14 19:07:12 499712 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-06-14 19:07:12 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-14 19:07:08 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-14 19:07:07 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-14 19:07:06 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-06-14 19:07:05 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-06-14 19:07:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-06-14 19:07:03 3133952 ----a-w- C:\Windows\System32\win32k.sys 2011-06-14 19:05:32 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-06-14 19:05:31 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-06-14 19:05:31 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-06-14 19:05:25 861184 ----a-w- C:\Windows\System32\oleaut32.dll 2011-06-14 19:05:25 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-06-14 19:05:00 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-06-14 19:05:00 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll . ==================== Find3M ==================== . 2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec 2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe . ============= FINISH: 20:17:16.52 =============== Thanks again! ark.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.