Jump to content

Can't detect search-engines.com trojan


Recommended Posts

For whatever reason I don't know, my computer is infected with something called "search-engines.com." This supposed search engine appeared without my knowledge and took place of Google Search, my main engine. I tried to uninstall it in vain: each time I try to do it, even through the Windows control panel, an error message appears: "Error 2738. Could not acess VBScript run time for custom action".

I ran Malwarebytesseveral times , but I always get the indication that there are no infected files. But the truth is that this "search-engines.com" is still there, the computer remains slow, and even when I try to eliminate it from the list of search engines, he reappears as the default search engine.

What can I do to get rid of this pest? Help me, please.

(In attach, I send you the firstand the last reports. They are in Portuguese, but I think that will be irrelevant for you.)

Thank you.

mbam-log-2011-06-23 (13-35-02).txt

mbam-log-2011-06-24 (22-14-53).txt

Link to post
Share on other sites

:welcome:

Please don't attach the scan results, use Copy/Paste

Logs will be closed if you haven't replied within 3 days

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt in your next reply

Link to post
Share on other sites

Hello.

Thank you for your attention.

Here are the results of the DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25

Run by viriato at 14:16:56 on 2011-06-26

Microsoft Windows 7 Starter 6.1.7600.0.1252.351.2070.18.1014.77 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\AsusService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\AsScrPro.exe

C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\syncables\syncables desktop\syncables.exe

C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Users\viriato\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Program Files\syncables\syncables desktop\syncablesMAPI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\ASUS\ASUS WebStorage\EeeStorageUploader.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.eusou.com/jornalista/

uDefault_Page_URL = hxxp://asus.msn.com

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Search-Results Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Search-Results Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [syncables] c:\program files\syncables\syncables desktop\Syncables.exe

uRun: [Packard Bell Data Secure] c:\program files\packard bell data secure\PBDataSecure.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ASUS WebStorage] c:\program files\asus\asus webstorage\service\AsusWSService.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [PDF3 Registry Controller] "c:\program files\scansoft\omnipage15.0\pdfconverter3\\RegistryController.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\viriato\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\viriato\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\viriato\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\viriato\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\viriato\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: Open with Scansoft PDF Converter 3.0 - c:\program files\scansoft\omnipage15.0\pdfconverter3\IEShellExt.dll /100

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36B394A9-D18B-4440-98E3-D17083835B3F} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36B394A9-D18B-4440-98E3-D17083835B3F}\254505D275C47457563747 : DhcpNameServer = 195.245.176.19 194.38.131.18

TCP: Interfaces\{4232AFA5-98AD-44C2-99DC-AC2C3D9F94EE} : DhcpNameServer = 172.30.2.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\viriato\appdata\roaming\mozilla\firefox\profiles\ylban1ob.default\

FF - prefs.js: browser.search.selectedEngine - Search-Results

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=pt_ZZ&apn_uid=69D8736C-6BFB-4DDE-8423-B7E97C7F507F&apn_ptnrs=2R&apn_sauid=E0602497-DE8D-4026-B0E1-2C4A0DD117BC&apn_dtid=get001YYPT&q=

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-4-30 11448]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-5 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-9 307928]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-4-30 219136]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-9 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-9 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-6-5 42184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-23 366640]

R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-4-26 109960]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-4-19 51712]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-23 22712]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Serviço Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-30 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-10 29472]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-10 54632]

S3 fsssvc;Serviço Segurança Familiar do Windows Live;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 136176]

S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-4-30 785184]

.

=============== Created Last 30 ================

.

2011-06-24 19:59:48 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4a7421c6-afb7-4818-8c1f-59edb410a589}\mpengine.dll

2011-06-24 01:27:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-24 01:27:58 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-23 10:18:41 -------- d-----w- c:\users\viriato\appdata\roaming\Malwarebytes

2011-06-23 10:12:57 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-23 10:12:56 -------- d-----w- c:\programdata\Malwarebytes

2011-06-23 10:12:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-23 10:12:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-22 22:11:46 -------- d-----w- c:\programdata\STOPzilla!

2011-06-21 23:02:25 -------- d-----w- c:\program files\common files\PCSuite

2011-06-21 23:02:18 -------- d-----w- c:\program files\common files\Nokia

2011-06-21 23:01:58 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-06-21 23:01:26 -------- d-----w- c:\program files\PC Connectivity Solution

2011-06-21 22:59:54 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-06-21 22:59:52 -------- d-----w- c:\program files\Nokia

2011-06-16 02:38:32 -------- d-----r- c:\users\viriato\Dropbox

2011-06-16 02:33:10 -------- d-----w- c:\users\viriato\appdata\roaming\Dropbox

2011-06-15 22:43:47 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-15 22:43:47 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-15 22:43:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-15 22:43:36 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-15 22:43:34 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-15 22:43:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-15 22:43:14 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-15 22:43:01 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-15 22:42:42 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-15 22:42:14 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2011-06-07 18:48:43 -------- d-----w- c:\users\viriato\appdata\roaming\RegGenie

2011-06-07 18:26:56 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe

2011-06-07 18:26:50 -------- d-----w- c:\program files\RegGenie

2011-06-05 09:53:03 -------- d-----w- c:\program files\Pspad

2011-06-05 04:28:40 -------- d-----w- c:\program files\Ask.com

2011-06-04 23:54:37 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

.

==================== Find3M ====================

.

2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-07 18:06:09 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll

2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec

2011-04-14 04:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe

.

============= FINISH: 14:24:26,90 ===============

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is the Combofix report. The search-results bar still appears...

ComboFix 11-06-28.05 - viriato 29-06-2011 9:36.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.351.2070.18.1014.33 [GMT 1:00]

Executando de: c:\users\viriato\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\RegGenie

c:\program files\RegGenie\Backups\40701.8187804514

c:\program files\RegGenie\RegGenie.ini

c:\program files\RegGenie\RegGenieScheduler.exe

c:\programdata\FullRemove.exe

c:\windows\RegGenieOnUninstall.exe

c:\windows\system32\service

c:\windows\system32\service\04012011_TIS17_PccScan.log

c:\windows\system32\service\21012011_TIS17_SfFniAU.log

c:\windows\system32\service\25012011_TIS17_SfFniAU.log

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-05-28 to 2011-06-29 ))))))))))))))))))))))))))))

.

.

2011-06-29 08:56 . 2011-06-29 08:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-28 22:55 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C81E3B41-CA3A-4DA6-8C25-0F1474291C17}\mpengine.dll

2011-06-28 22:55 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-28 22:55 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-06-28 22:55 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-06-28 22:55 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-28 22:55 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-28 22:55 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-28 22:55 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-28 22:55 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-28 22:55 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-28 22:55 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-26 13:33 . 2011-06-26 13:34 -------- d-----w- c:\users\viriato\AppData\Local\Adobe

2011-06-24 01:27 . 2011-06-24 01:27 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 01:27 . 2011-06-24 01:27 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-23 10:18 . 2011-06-23 10:18 -------- d-----w- c:\users\viriato\AppData\Roaming\Malwarebytes

2011-06-23 10:12 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-23 10:12 . 2011-06-23 10:12 -------- d-----w- c:\programdata\Malwarebytes

2011-06-23 10:12 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-23 10:12 . 2011-06-23 10:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-22 22:11 . 2011-06-23 17:54 -------- d-----w- c:\programdata\STOPzilla!

2011-06-21 23:04 . 2011-06-21 23:17 -------- d-----w- c:\users\viriato\AppData\Roaming\PC Suite

2011-06-21 23:04 . 2011-06-21 23:14 -------- d-----w- c:\users\viriato\AppData\Roaming\Nokia

2011-06-21 23:04 . 2011-06-21 23:06 -------- d-----w- c:\programdata\PC Suite

2011-06-21 23:02 . 2011-06-21 23:02 -------- d-----w- c:\program files\Common Files\PCSuite

2011-06-21 23:02 . 2011-06-21 23:02 -------- d-----w- c:\program files\Common Files\Nokia

2011-06-21 23:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-06-21 23:01 . 2011-06-21 23:01 -------- d-----w- c:\program files\PC Connectivity Solution

2011-06-21 22:59 . 2010-07-30 13:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-06-21 22:59 . 2011-06-21 23:02 -------- d-----w- c:\program files\Nokia

2011-06-21 22:57 . 2011-06-21 22:57 -------- d-----w- c:\programdata\Installations

2011-06-16 02:38 . 2011-06-29 07:50 -------- d-----r- c:\users\viriato\Dropbox

2011-06-16 02:33 . 2011-06-29 07:50 -------- d-----w- c:\users\viriato\AppData\Roaming\Dropbox

2011-06-15 22:43 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-15 22:43 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-15 22:43 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-15 22:43 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-15 22:43 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-15 22:43 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-15 22:43 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-15 22:43 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-15 22:42 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-15 22:42 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-07 18:48 . 2011-06-07 18:48 -------- d-----w- c:\users\viriato\AppData\Roaming\RegGenie

2011-06-05 09:53 . 2011-06-05 09:53 -------- d-----w- c:\program files\Pspad

2011-06-05 04:28 . 2011-06-05 04:28 -------- d-----w- c:\program files\Ask.com

2011-06-04 23:54 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-31 00:37 . 2011-05-31 00:37 -------- d-----w- c:\program files\Common Files\Java

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 18:14 . 2011-02-09 02:19 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 12:10 . 2011-02-09 04:40 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-02-09 04:40 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-02-09 04:41 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-02-09 04:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-02-09 04:41 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-02-09 04:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-02-09 04:41 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-07 18:06 . 2011-05-07 18:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-04-22 19:36 . 2011-05-25 00:41 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-14 04:07 . 2011-05-11 20:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-09 06:13 . 2011-05-11 19:43 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 19:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-25 00:36 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-06-24 01:27 . 2011-05-04 23:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1435112]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-28 22:12 1435112 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1435112]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1435112]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"

[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"

[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]

"Packard Bell Data Secure"="c:\program files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-04-30 3058304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"ASUS WebStorage"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-19 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-19 150552]

"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-04-30 2018032]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"PDF3 Registry Controller"="c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-26 106496]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\users\viriato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\viriato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]

R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]

R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-19 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-19 29472]

R3 gupdatem;Serviço Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]

R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-02-06 785184]

S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-04-19 11448]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-19 51712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 02:31]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 02:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.eusou.com/jornalista/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\viriato\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\viriato\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\viriato\AppData\Roaming\Mozilla\Firefox\Profiles\ylban1ob.default\

FF - prefs.js: browser.search.selectedEngine - Search-Results

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=pt_ZZ&apn_uid=69D8736C-6BFB-4DDE-8423-B7E97C7F507F&apn_ptnrs=2R&apn_sauid=E0602497-DE8D-4026-B0E1-2C4A0DD117BC&apn_dtid=get001YYPT&q=

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-06-29 10:03:28

ComboFix-quarantined-files.txt 2011-06-29 09:03

.

Pré-execução: 74.598.006.784 bytes livres

Pós execução: 74.052.083.712 bytes livres

.

- - End Of File - - 51B3E0DEE92B15F2BB2BADB52CD7AD85

Link to post
Share on other sites

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove if listed:

Ask.com

Next:

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\users\viriato\AppData\Roaming\Mozilla\Firefox\Profiles\ylban1ob.default\
FF - prefs.js: browser.search.selectedEngine - Search-Results
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=pt_ZZ&apn_uid=69D8736C-6BFB-4DDE-8423-B7E97C7F507F&apn_ptnrs=2R&apn_sauid=E0602497-DE8D-4026-B0E1-2C4A0DD117BC&apn_dtid=get001YYPT&q=

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thank you very much for your patience!

The Ask.com file wasn't visible in the Programs file at the control panel of my computer.

I've run the Combo Fix, and here are the results.

The Search-results.com toolbar is still here, and still I can't unistal it...

Sorry :(

ComboFix 11-06-29.06 - viriato 30-06-2011 1:07.2.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.351.2070.18.1014.328 [GMT 1:00]

Executando de: c:\users\viriato\Downloads\ComboFix.exe

Comandos utilizados :: c:\users\viriato\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-05-28 to 2011-06-30 ))))))))))))))))))))))))))))

.

.

2011-06-28 22:55 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C81E3B41-CA3A-4DA6-8C25-0F1474291C17}\mpengine.dll

2011-06-28 22:55 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-28 22:55 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-06-28 22:55 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-06-28 22:55 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-28 22:55 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-28 22:55 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-28 22:55 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-28 22:55 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-28 22:55 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-28 22:55 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-26 13:33 . 2011-06-26 13:34 -------- d-----w- c:\users\viriato\AppData\Local\Adobe

2011-06-24 01:27 . 2011-06-24 01:27 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 01:27 . 2011-06-24 01:27 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-23 10:18 . 2011-06-23 10:18 -------- d-----w- c:\users\viriato\AppData\Roaming\Malwarebytes

2011-06-23 10:12 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-23 10:12 . 2011-06-23 10:12 -------- d-----w- c:\programdata\Malwarebytes

2011-06-23 10:12 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-23 10:12 . 2011-06-23 10:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-22 22:11 . 2011-06-23 17:54 -------- d-----w- c:\programdata\STOPzilla!

2011-06-21 23:04 . 2011-06-21 23:17 -------- d-----w- c:\users\viriato\AppData\Roaming\PC Suite

2011-06-21 23:04 . 2011-06-21 23:14 -------- d-----w- c:\users\viriato\AppData\Roaming\Nokia

2011-06-21 23:04 . 2011-06-21 23:06 -------- d-----w- c:\programdata\PC Suite

2011-06-21 23:02 . 2011-06-21 23:02 -------- d-----w- c:\program files\Common Files\PCSuite

2011-06-21 23:02 . 2011-06-21 23:02 -------- d-----w- c:\program files\Common Files\Nokia

2011-06-21 23:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-06-21 23:01 . 2011-06-21 23:01 -------- d-----w- c:\program files\PC Connectivity Solution

2011-06-21 22:59 . 2010-07-30 13:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-06-21 22:59 . 2011-06-21 23:02 -------- d-----w- c:\program files\Nokia

2011-06-21 22:57 . 2011-06-21 22:57 -------- d-----w- c:\programdata\Installations

2011-06-16 02:38 . 2011-06-29 18:17 -------- d-----r- c:\users\viriato\Dropbox

2011-06-16 02:33 . 2011-06-29 18:18 -------- d-----w- c:\users\viriato\AppData\Roaming\Dropbox

2011-06-15 22:43 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-15 22:43 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-15 22:43 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-15 22:43 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-15 22:43 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-15 22:43 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-15 22:43 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-15 22:43 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-15 22:42 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-15 22:42 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-07 18:48 . 2011-06-07 18:48 -------- d-----w- c:\users\viriato\AppData\Roaming\RegGenie

2011-06-05 09:53 . 2011-06-05 09:53 -------- d-----w- c:\program files\Pspad

2011-06-05 04:28 . 2011-06-05 04:28 -------- d-----w- c:\program files\Ask.com

2011-06-04 23:54 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-31 00:37 . 2011-05-31 00:37 -------- d-----w- c:\program files\Common Files\Java

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 18:14 . 2011-02-09 02:19 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 12:10 . 2011-02-09 04:40 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-02-09 04:40 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-02-09 04:41 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-02-09 04:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-02-09 04:41 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-02-09 04:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-02-09 04:41 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-07 18:06 . 2011-05-07 18:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-04-22 19:36 . 2011-05-25 00:41 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-14 04:07 . 2011-05-11 20:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-09 06:13 . 2011-05-11 19:43 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 19:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-25 00:36 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-06-24 01:27 . 2011-05-04 23:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1435112]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-28 22:12 1435112 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1435112]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1435112]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"

[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"

[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]

"Packard Bell Data Secure"="c:\program files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-04-30 3058304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"ASUS WebStorage"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-19 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-19 150552]

"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-04-30 2018032]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"PDF3 Registry Controller"="c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-26 106496]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\users\viriato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\viriato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]

R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-19 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-19 29472]

R3 gupdatem;Serviço Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]

R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-02-06 785184]

S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-04-19 11448]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-19 51712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 02:31]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 02:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.eusou.com/jornalista/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\viriato\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\viriato\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\viriato\AppData\Roaming\Mozilla\Firefox\Profiles\ylban1ob.default\

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(2880)

c:\progra~1\ASUS\ASUSWE~1\service\ASUSWS~1.DLL

c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\PEV.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-06-30 01:51:40 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-06-30 00:51

ComboFix2.txt 2011-06-29 09:03

.

Pré-execução: 73.804.333.056 bytes livres

Pós execução: 73.814.491.136 bytes livres

.

- - End Of File - - DF101C96A6732C3B0409EBFC3631D913

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=--
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thank you again.

Here is the results log.

The Search-results.com is still there, and still uninstalabe!

ComboFix 11-07-03.01 - viriato 04-07-2011 1:28.3.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.351.2070.18.1014.365 [GMT 1:00]

Executando de: c:\users\viriato\Downloads\ComboFix.exe

Comandos utilizados :: c:\users\viriato\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Ask.com

c:\program files\Ask.com\cobrand.ico

c:\program files\Ask.com\config.xml

c:\program files\Ask.com\favicon.ico

c:\program files\Ask.com\fv_5b8a.ico

c:\program files\Ask.com\GenericAskToolbar.dll

c:\program files\Ask.com\mupcfg.xml

c:\program files\Ask.com\SaUpdate.exe

c:\program files\Ask.com\UpdateTask.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-06-04 to 2011-07-04 ))))))))))))))))))))))))))))

.

.

2011-07-04 00:48 . 2011-07-04 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-01 18:48 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B12689BD-35F4-4D86-971D-2D56E950D4A7}\mpengine.dll

2011-06-28 22:55 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-28 22:55 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-06-28 22:55 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-06-28 22:55 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-28 22:55 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-28 22:55 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-28 22:55 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-28 22:55 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-28 22:55 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-28 22:55 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-26 13:33 . 2011-06-26 13:34 -------- d-----w- c:\users\viriato\AppData\Local\Adobe

2011-06-24 01:27 . 2011-06-24 01:27 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 01:27 . 2011-06-24 01:27 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-23 10:18 . 2011-06-23 10:18 -------- d-----w- c:\users\viriato\AppData\Roaming\Malwarebytes

2011-06-23 10:12 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-23 10:12 . 2011-06-23 10:12 -------- d-----w- c:\programdata\Malwarebytes

2011-06-23 10:12 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-23 10:12 . 2011-06-23 10:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-22 22:11 . 2011-06-23 17:54 -------- d-----w- c:\programdata\STOPzilla!

2011-06-21 23:04 . 2011-06-21 23:17 -------- d-----w- c:\users\viriato\AppData\Roaming\PC Suite

2011-06-21 23:04 . 2011-06-21 23:14 -------- d-----w- c:\users\viriato\AppData\Roaming\Nokia

2011-06-21 23:04 . 2011-06-21 23:06 -------- d-----w- c:\programdata\PC Suite

2011-06-21 23:02 . 2011-06-21 23:02 -------- d-----w- c:\program files\Common Files\PCSuite

2011-06-21 23:02 . 2011-06-21 23:02 -------- d-----w- c:\program files\Common Files\Nokia

2011-06-21 23:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-06-21 23:01 . 2011-06-21 23:01 -------- d-----w- c:\program files\PC Connectivity Solution

2011-06-21 22:59 . 2010-07-30 13:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-06-21 22:59 . 2011-06-21 23:02 -------- d-----w- c:\program files\Nokia

2011-06-21 22:57 . 2011-06-21 22:57 -------- d-----w- c:\programdata\Installations

2011-06-16 02:38 . 2011-07-03 11:26 -------- d-----r- c:\users\viriato\Dropbox

2011-06-16 02:33 . 2011-07-03 22:42 -------- d-----w- c:\users\viriato\AppData\Roaming\Dropbox

2011-06-15 22:43 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-15 22:43 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-15 22:43 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-15 22:43 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-15 22:43 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-15 22:43 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-15 22:43 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-15 22:43 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-15 22:42 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-15 22:42 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-07 18:48 . 2011-06-07 18:48 -------- d-----w- c:\users\viriato\AppData\Roaming\RegGenie

2011-06-05 09:53 . 2011-06-05 09:53 -------- d-----w- c:\program files\Pspad

2011-06-04 23:54 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 18:14 . 2011-02-09 02:19 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 12:10 . 2011-02-09 04:40 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-02-09 04:40 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-02-09 04:41 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-02-09 04:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-02-09 04:41 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-02-09 04:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-02-09 04:41 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-07 18:06 . 2011-05-07 18:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-04-22 19:36 . 2011-05-25 00:41 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-14 04:07 . 2011-05-11 20:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-09 06:13 . 2011-05-11 19:43 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 19:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-25 00:36 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-06-24 01:27 . 2011-05-04 23:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-30_00.32.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-25 07:40 . 2011-07-01 18:43 38592 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-07-03 11:27 49750 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-10 21:43 . 2011-07-03 11:27 10450 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3764939504-1527797438-2386192600-1000_UserData.bin

- 2010-04-30 20:06 . 2011-06-30 00:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-30 20:06 . 2011-07-04 05:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-04-30 20:06 . 2011-06-30 00:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-30 20:06 . 2011-07-04 05:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:41 . 2011-06-30 00:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:41 . 2011-07-04 05:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-10 23:42 . 2011-06-30 00:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-10 23:42 . 2011-07-04 05:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-10 23:42 . 2011-06-30 00:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-10 23:42 . 2011-07-04 05:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-20 01:50 . 2011-06-24 22:27 4662 c:\windows\System32\wdi\ERCQueuedResolutions.dat

+ 2010-12-20 01:50 . 2011-07-02 02:22 4662 c:\windows\System32\wdi\ERCQueuedResolutions.dat

- 2010-12-20 00:03 . 2011-06-26 14:03 1684 c:\windows\System32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin

+ 2010-12-20 00:03 . 2011-07-01 23:05 1684 c:\windows\System32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin

- 2011-06-29 18:15 . 2011-06-30 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-03 11:21 . 2011-07-04 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-06-29 18:15 . 2011-06-30 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-03 11:21 . 2011-07-04 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-12-12 17:11 . 2011-07-02 17:58 196338 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2010-12-10 22:07 . 2011-07-04 05:29 320118 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 04:47 . 2011-06-29 09:16 458016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2011-07-03 01:01 458016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 02:03 . 2011-06-30 00:40 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:03 . 2011-07-04 01:00 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2011-05-04 23:10 . 2011-06-29 09:16 2585008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3764939504-1527797438-2386192600-1000-8192.dat

+ 2011-05-04 23:10 . 2011-07-03 01:01 2585008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3764939504-1527797438-2386192600-1000-8192.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"

[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"

[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]

"Packard Bell Data Secure"="c:\program files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-04-30 3058304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"ASUS WebStorage"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-19 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-19 150552]

"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-04-30 2018032]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"PDF3 Registry Controller"="c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-26 106496]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\users\viriato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\viriato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]

R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-19 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-19 29472]

R3 gupdatem;Serviço Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]

R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-02-06 785184]

S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-04-19 11448]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-19 51712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 02:31]

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 02:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.eusou.com/jornalista/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\viriato\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\viriato\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\viriato\AppData\Roaming\Mozilla\Firefox\Profiles\ylban1ob.default\

FF - prefs.js: browser.search.selectedEngine - Search-Results

FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=pt_ZZ&apn_uid=69D8736C-6BFB-4DDE-8423-B7E97C7F507F&apn_ptnrs=2R&apn_sauid=E0602497-DE8D-4026-B0E1-2C4A0DD117BC&apn_dtid=get001YYPT&q=

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(3924)

c:\progra~1\ASUS\ASUSWE~1\service\ASUSWS~1.DLL

c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\PEV.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-07-04 06:53:43 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-07-04 05:53

ComboFix2.txt 2011-06-30 00:51

ComboFix3.txt 2011-06-29 09:03

.

Pré-execução: 74.048.274.432 bytes livres

Pós execução: 73.923.874.816 bytes livres

.

- - End Of File - - 058AAE2DFEF1D81D87345B5CF6DAE366

Link to post
Share on other sites

I still don't see it

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\users\viriato\AppData\Roaming\Mozilla\Firefox\Profiles\ylban1ob.default\
FF - prefs.js: browser.search.selectedEngine - Search-Results
FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=pt_ZZ&apn_uid=69D8736C-6BFB-4DDE-8423-B7E97C7F507F&apn_ptnrs=2R&apn_sauid=E0602497-DE8D-4026-B0E1-2C4A0DD117BC&apn_dtid=get001YYPT&q=

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hello agian.

I still can’t get ride of the damned Search-engines.com! It still remeains in my Control Pannel... In attacth I send you the printscreen.

Here is the results log of the last operation:

ComboFix 11-07-05.03 - viriato 05-07-2011 22:21:19.4.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.351.2070.18.1014.375 [GMT 1:00]

Executando de: c:\users\viriato\Downloads\ComboFix.exe

Comandos utilizados :: c:\users\viriato\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-06-05 to 2011-07-05 ))))))))))))))))))))))))))))

.

.

2011-07-05 21:42 . 2011-07-05 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-01 18:48 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B12689BD-35F4-4D86-971D-2D56E950D4A7}\mpengine.dll

2011-06-28 22:55 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-28 22:55 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-06-28 22:55 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-06-28 22:55 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-28 22:55 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-28 22:55 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-28 22:55 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-28 22:55 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-28 22:55 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-28 22:55 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-26 13:33 . 2011-07-05 00:51 -------- d-----w- c:\users\viriato\AppData\Local\Adobe

2011-06-24 01:27 . 2011-06-24 01:27 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 01:27 . 2011-06-24 01:27 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-23 10:18 . 2011-06-23 10:18 -------- d-----w- c:\users\viriato\AppData\Roaming\Malwarebytes

2011-06-23 10:12 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-23 10:12 . 2011-06-23 10:12 -------- d-----w- c:\programdata\Malwarebytes

2011-06-23 10:12 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-23 10:12 . 2011-06-23 10:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-22 22:11 . 2011-06-23 17:54 -------- d-----w- c:\programdata\STOPzilla!

2011-06-21 23:04 . 2011-06-21 23:17 -------- d-----w- c:\users\viriato\AppData\Roaming\PC Suite

2011-06-21 23:04 . 2011-06-21 23:14 -------- d-----w- c:\users\viriato\AppData\Roaming\Nokia

2011-06-21 23:04 . 2011-06-21 23:06 -------- d-----w- c:\programdata\PC Suite

2011-06-21 23:02 . 2011-06-21 23:02 -------- d-----w- c:\program files\Common Files\PCSuite

2011-06-21 23:02 . 2011-06-21 23:02 -------- d-----w- c:\program files\Common Files\Nokia

2011-06-21 23:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-06-21 23:01 . 2011-06-21 23:01 -------- d-----w- c:\program files\PC Connectivity Solution

2011-06-21 22:59 . 2010-07-30 13:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-06-21 22:59 . 2011-06-21 23:02 -------- d-----w- c:\program files\Nokia

2011-06-21 22:57 . 2011-06-21 22:57 -------- d-----w- c:\programdata\Installations

2011-06-16 02:38 . 2011-07-05 19:27 -------- d-----r- c:\users\viriato\Dropbox

2011-06-16 02:33 . 2011-07-05 19:29 -------- d-----w- c:\users\viriato\AppData\Roaming\Dropbox

2011-06-15 22:43 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-15 22:43 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-15 22:43 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-15 22:43 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-15 22:43 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-15 22:43 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-15 22:43 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-15 22:43 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-15 22:42 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-15 22:42 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-07 18:48 . 2011-06-07 18:48 -------- d-----w- c:\users\viriato\AppData\Roaming\RegGenie

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 18:14 . 2011-02-09 02:19 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 12:10 . 2011-02-09 04:40 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-02-09 04:40 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-06-04 23:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:03 . 2011-02-09 04:41 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-02-09 04:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-02-09 04:41 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-02-09 04:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-02-09 04:41 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-07 18:06 . 2011-05-07 18:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-04-22 19:36 . 2011-05-25 00:41 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-14 04:07 . 2011-05-11 20:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-09 06:13 . 2011-05-11 19:43 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 19:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-25 00:36 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-06-24 01:27 . 2011-05-04 23:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-30_00.32.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-25 07:40 . 2011-07-01 18:43 38592 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-07-05 21:45 49750 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-10 21:43 . 2011-07-05 21:45 10486 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3764939504-1527797438-2386192600-1000_UserData.bin

- 2010-04-30 20:06 . 2011-06-30 00:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-30 20:06 . 2011-07-05 21:44 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-04-30 20:06 . 2011-06-30 00:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-30 20:06 . 2011-07-05 21:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:41 . 2011-06-30 00:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:41 . 2011-07-05 21:44 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-10 23:42 . 2011-06-30 00:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-10 23:42 . 2011-07-05 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-10 23:42 . 2011-06-30 00:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-10 23:42 . 2011-07-05 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-20 01:50 . 2011-06-24 22:27 4662 c:\windows\System32\wdi\ERCQueuedResolutions.dat

+ 2010-12-20 01:50 . 2011-07-02 02:22 4662 c:\windows\System32\wdi\ERCQueuedResolutions.dat

- 2010-12-20 00:03 . 2011-06-26 14:03 1684 c:\windows\System32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin

+ 2010-12-20 00:03 . 2011-07-01 23:05 1684 c:\windows\System32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin

- 2011-06-29 18:15 . 2011-06-30 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-05 09:04 . 2011-07-05 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-05 09:04 . 2011-07-05 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-06-29 18:15 . 2011-06-30 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-12-12 17:11 . 2011-07-02 17:58 196338 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2010-12-10 22:07 . 2011-07-05 20:10 320166 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 04:47 . 2011-06-29 09:16 458016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2011-07-05 02:02 458016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 02:03 . 2011-06-30 00:40 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:03 . 2011-07-05 21:53 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2011-05-04 23:10 . 2011-06-29 09:16 2585008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3764939504-1527797438-2386192600-1000-8192.dat

+ 2011-05-04 23:10 . 2011-07-05 02:02 2585008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3764939504-1527797438-2386192600-1000-8192.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"

[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"

[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]

"Packard Bell Data Secure"="c:\program files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-04-30 3058304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"ASUS WebStorage"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-19 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-19 150552]

"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-04-30 2018032]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"PDF3 Registry Controller"="c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-26 106496]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\users\viriato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\viriato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]

R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-19 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-19 29472]

R3 gupdatem;Serviço Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]

R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-02-06 785184]

S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-04-19 11448]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-19 51712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 02:31]

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 02:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.eusou.com/jornalista/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\viriato\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\viriato\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\viriato\AppData\Roaming\Mozilla\Firefox\Profiles\ylban1ob.default\

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(1164)

c:\progra~1\ASUS\ASUSWE~1\service\ASUSWS~1.DLL

c:\users\viriato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\PEV.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\PEV.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-07-05 23:04:21 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-07-05 22:04

ComboFix2.txt 2011-07-04 05:53

ComboFix3.txt 2011-06-30 00:51

ComboFix4.txt 2011-06-29 09:03

.

Pré-execução: 73.706.803.200 bytes livres

Pós execução: 73.297.104.896 bytes livres

.

- - End Of File - - 7E17A3D39880B0F4BB7D6149514739F4

CPanel050611.bmp

Link to post
Share on other sites

Try this

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thank you once more.

I did the operations you said, and at the end it says the are no infected files. But the Search-results.com toolbar is still there, and when I try to uninstall it I still get the following error message:

"Error 2738. Could not access VBScript run time for custom action."

Here is the logs I've got after the operations:

- The Gorefix Log:

Log created at 17:58 on 09/07/2011 (viriato)

Firefox version 5.0 (pt-PT)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:02 04/05/2011]

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [20:42 11/05/2011]

{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [00:14 31/05/2011]

C:\Users\viriato\Application Data\Mozilla\Firefox\Profiles\ylban1ob.default\extensions\

toolbar@ask.com [04:28 05/06/2011]

{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [01:12 24/04/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [23:54 04/06/2011]

-=E.O.F=-

And the other one:

2011/07/09 18:02:42.0867 5184 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/09 18:02:43.0302 5184 ================================================================================

2011/07/09 18:02:43.0302 5184 SystemInfo:

2011/07/09 18:02:43.0302 5184

2011/07/09 18:02:43.0303 5184 OS Version: 6.1.7600 ServicePack: 0.0

2011/07/09 18:02:43.0303 5184 Product type: Workstation

2011/07/09 18:02:43.0303 5184 ComputerName: VIRIATO-NETBOOK

2011/07/09 18:02:43.0304 5184 UserName: viriato

2011/07/09 18:02:43.0304 5184 Windows directory: C:\windows

2011/07/09 18:02:43.0304 5184 System windows directory: C:\windows

2011/07/09 18:02:43.0304 5184 Processor architecture: Intel x86

2011/07/09 18:02:43.0304 5184 Number of processors: 2

2011/07/09 18:02:43.0304 5184 Page size: 0x1000

2011/07/09 18:02:43.0304 5184 Boot type: Normal boot

2011/07/09 18:02:43.0304 5184 ================================================================================

2011/07/09 18:02:44.0921 5184 Initialize success

2011/07/09 18:02:57.0078 5248 ================================================================================

2011/07/09 18:02:57.0079 5248 Scan started

2011/07/09 18:02:57.0079 5248 Mode: Manual;

2011/07/09 18:02:57.0079 5248 ================================================================================

2011/07/09 18:02:57.0452 5248 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys

2011/07/09 18:02:57.0523 5248 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys

2011/07/09 18:02:57.0642 5248 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys

2011/07/09 18:02:57.0718 5248 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

2011/07/09 18:02:57.0848 5248 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

2011/07/09 18:02:57.0991 5248 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

2011/07/09 18:02:58.0106 5248 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys

2011/07/09 18:02:58.0158 5248 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys

2011/07/09 18:02:58.0228 5248 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

2011/07/09 18:02:58.0365 5248 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys

2011/07/09 18:02:58.0421 5248 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys

2011/07/09 18:02:58.0474 5248 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys

2011/07/09 18:02:58.0521 5248 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

2011/07/09 18:02:58.0567 5248 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

2011/07/09 18:02:58.0631 5248 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys

2011/07/09 18:02:58.0702 5248 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

2011/07/09 18:02:58.0755 5248 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys

2011/07/09 18:02:58.0816 5248 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys

2011/07/09 18:02:58.0981 5248 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

2011/07/09 18:02:59.0059 5248 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

2011/07/09 18:02:59.0198 5248 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys

2011/07/09 18:02:59.0294 5248 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\windows\system32\drivers\aswFsBlk.sys

2011/07/09 18:02:59.0364 5248 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\windows\system32\drivers\aswMonFlt.sys

2011/07/09 18:02:59.0420 5248 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\windows\system32\drivers\aswRdr.sys

2011/07/09 18:02:59.0523 5248 aswSnx (17230708a2028cd995656df455f2e303) C:\windows\system32\drivers\aswSnx.sys

2011/07/09 18:02:59.0588 5248 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\windows\system32\drivers\aswSP.sys

2011/07/09 18:02:59.0657 5248 aswTdi (984cfce2168286c2511695c2f9621475) C:\windows\system32\drivers\aswTdi.sys

2011/07/09 18:02:59.0720 5248 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

2011/07/09 18:02:59.0819 5248 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys

2011/07/09 18:02:59.0930 5248 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys

2011/07/09 18:03:00.0163 5248 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

2011/07/09 18:03:00.0238 5248 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

2011/07/09 18:03:00.0372 5248 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

2011/07/09 18:03:00.0459 5248 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

2011/07/09 18:03:00.0515 5248 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys

2011/07/09 18:03:00.0581 5248 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

2011/07/09 18:03:00.0622 5248 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

2011/07/09 18:03:00.0705 5248 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

2011/07/09 18:03:00.0750 5248 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

2011/07/09 18:03:00.0800 5248 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

2011/07/09 18:03:00.0849 5248 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

2011/07/09 18:03:00.0909 5248 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys

2011/07/09 18:03:00.0961 5248 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

2011/07/09 18:03:01.0016 5248 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

2011/07/09 18:03:01.0070 5248 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys

2011/07/09 18:03:01.0167 5248 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys

2011/07/09 18:03:01.0299 5248 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys

2011/07/09 18:03:01.0361 5248 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys

2011/07/09 18:03:01.0414 5248 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys

2011/07/09 18:03:01.0558 5248 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

2011/07/09 18:03:01.0611 5248 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys

2011/07/09 18:03:01.0848 5248 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

2011/07/09 18:03:01.0925 5248 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys

2011/07/09 18:03:02.0026 5248 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

2011/07/09 18:03:02.0089 5248 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

2011/07/09 18:03:02.0291 5248 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

2011/07/09 18:03:02.0346 5248 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys

2011/07/09 18:03:02.0411 5248 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

2011/07/09 18:03:02.0478 5248 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

2011/07/09 18:03:02.0563 5248 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys

2011/07/09 18:03:02.0646 5248 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

2011/07/09 18:03:02.0809 5248 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys

2011/07/09 18:03:02.0886 5248 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

2011/07/09 18:03:02.0950 5248 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

2011/07/09 18:03:03.0084 5248 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

2011/07/09 18:03:03.0176 5248 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys

2011/07/09 18:03:03.0370 5248 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

2011/07/09 18:03:03.0610 5248 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

2011/07/09 18:03:03.0675 5248 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys

2011/07/09 18:03:03.0821 5248 ETD (7c87df14552a5e0270dbd906baff85fb) C:\windows\system32\DRIVERS\ETD.sys

2011/07/09 18:03:03.0906 5248 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

2011/07/09 18:03:03.0964 5248 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

2011/07/09 18:03:04.0030 5248 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

2011/07/09 18:03:04.0118 5248 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

2011/07/09 18:03:04.0183 5248 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

2011/07/09 18:03:04.0242 5248 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

2011/07/09 18:03:04.0302 5248 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

2011/07/09 18:03:04.0391 5248 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

2011/07/09 18:03:04.0455 5248 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

2011/07/09 18:03:04.0531 5248 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

2011/07/09 18:03:04.0598 5248 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys

2011/07/09 18:03:04.0667 5248 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

2011/07/09 18:03:04.0855 5248 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

2011/07/09 18:03:04.0923 5248 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys

2011/07/09 18:03:05.0036 5248 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys

2011/07/09 18:03:05.0094 5248 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

2011/07/09 18:03:05.0164 5248 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

2011/07/09 18:03:05.0247 5248 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

2011/07/09 18:03:05.0338 5248 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys

2011/07/09 18:03:05.0483 5248 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys

2011/07/09 18:03:05.0575 5248 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys

2011/07/09 18:03:05.0694 5248 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\windows\system32\DRIVERS\ewusbmdm.sys

2011/07/09 18:03:05.0765 5248 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys

2011/07/09 18:03:05.0825 5248 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

2011/07/09 18:03:05.0926 5248 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

2011/07/09 18:03:05.0998 5248 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys

2011/07/09 18:03:06.0303 5248 igfx (81f7c715528ab621c6af58869d4b07b9) C:\windows\system32\DRIVERS\igdkmd32.sys

2011/07/09 18:03:06.0484 5248 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

2011/07/09 18:03:06.0702 5248 IntcAzAudAddService (947318c01c648a054a05dbd1c7f73e3b) C:\windows\system32\drivers\RTKVHDA.sys

2011/07/09 18:03:06.0827 5248 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys

2011/07/09 18:03:06.0882 5248 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

2011/07/09 18:03:06.0952 5248 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

2011/07/09 18:03:07.0030 5248 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys

2011/07/09 18:03:07.0076 5248 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

2011/07/09 18:03:07.0138 5248 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

2011/07/09 18:03:07.0242 5248 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys

2011/07/09 18:03:07.0299 5248 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys

2011/07/09 18:03:07.0367 5248 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

2011/07/09 18:03:07.0422 5248 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys

2011/07/09 18:03:07.0489 5248 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys

2011/07/09 18:03:07.0552 5248 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys

2011/07/09 18:03:07.0616 5248 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys

2011/07/09 18:03:07.0688 5248 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys

2011/07/09 18:03:07.0800 5248 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

2011/07/09 18:03:07.0907 5248 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

2011/07/09 18:03:07.0952 5248 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

2011/07/09 18:03:08.0014 5248 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

2011/07/09 18:03:08.0071 5248 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

2011/07/09 18:03:08.0147 5248 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

2011/07/09 18:03:08.0261 5248 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\windows\system32\drivers\mbam.sys

2011/07/09 18:03:08.0344 5248 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

2011/07/09 18:03:08.0420 5248 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

2011/07/09 18:03:08.0511 5248 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

2011/07/09 18:03:08.0580 5248 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

2011/07/09 18:03:08.0635 5248 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

2011/07/09 18:03:08.0681 5248 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

2011/07/09 18:03:08.0743 5248 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys

2011/07/09 18:03:08.0796 5248 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys

2011/07/09 18:03:08.0857 5248 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

2011/07/09 18:03:08.0931 5248 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys

2011/07/09 18:03:08.0999 5248 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys

2011/07/09 18:03:09.0054 5248 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\windows\system32\DRIVERS\mrxsmb10.sys

2011/07/09 18:03:09.0114 5248 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys

2011/07/09 18:03:09.0178 5248 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys

2011/07/09 18:03:09.0248 5248 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys

2011/07/09 18:03:09.0349 5248 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

2011/07/09 18:03:09.0402 5248 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

2011/07/09 18:03:09.0455 5248 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys

2011/07/09 18:03:09.0553 5248 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

2011/07/09 18:03:09.0603 5248 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

2011/07/09 18:03:09.0654 5248 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

2011/07/09 18:03:09.0722 5248 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

2011/07/09 18:03:09.0783 5248 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys

2011/07/09 18:03:09.0856 5248 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

2011/07/09 18:03:09.0901 5248 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

2011/07/09 18:03:09.0962 5248 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

2011/07/09 18:03:10.0050 5248 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

2011/07/09 18:03:10.0119 5248 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys

2011/07/09 18:03:10.0197 5248 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

2011/07/09 18:03:10.0266 5248 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

2011/07/09 18:03:10.0321 5248 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys

2011/07/09 18:03:10.0369 5248 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys

2011/07/09 18:03:10.0420 5248 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys

2011/07/09 18:03:10.0512 5248 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

2011/07/09 18:03:10.0581 5248 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys

2011/07/09 18:03:10.0716 5248 netr28 (56c44bdcc9f594bfd61e50274f5dae3f) C:\windows\system32\DRIVERS\netr28.sys

2011/07/09 18:03:10.0861 5248 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

2011/07/09 18:03:10.0947 5248 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\windows\system32\drivers\ccdcmb.sys

2011/07/09 18:03:11.0014 5248 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\windows\system32\drivers\ccdcmbo.sys

2011/07/09 18:03:11.0070 5248 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

2011/07/09 18:03:11.0140 5248 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

2011/07/09 18:03:11.0258 5248 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys

2011/07/09 18:03:11.0354 5248 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

2011/07/09 18:03:11.0429 5248 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys

2011/07/09 18:03:11.0489 5248 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys

2011/07/09 18:03:11.0547 5248 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys

2011/07/09 18:03:11.0617 5248 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys

2011/07/09 18:03:11.0758 5248 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

2011/07/09 18:03:11.0807 5248 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys

2011/07/09 18:03:11.0866 5248 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

2011/07/09 18:03:11.0977 5248 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys

2011/07/09 18:03:12.0039 5248 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys

2011/07/09 18:03:12.0091 5248 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys

2011/07/09 18:03:12.0153 5248 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

2011/07/09 18:03:12.0203 5248 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

2011/07/09 18:03:12.0275 5248 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

2011/07/09 18:03:12.0616 5248 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

2011/07/09 18:03:12.0672 5248 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

2011/07/09 18:03:12.0779 5248 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

2011/07/09 18:03:12.0866 5248 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

2011/07/09 18:03:12.0948 5248 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

2011/07/09 18:03:13.0007 5248 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

2011/07/09 18:03:13.0073 5248 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

2011/07/09 18:03:13.0148 5248 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

2011/07/09 18:03:13.0219 5248 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

2011/07/09 18:03:13.0291 5248 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

2011/07/09 18:03:13.0364 5248 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

2011/07/09 18:03:13.0419 5248 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys

2011/07/09 18:03:13.0471 5248 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

2011/07/09 18:03:13.0532 5248 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys

2011/07/09 18:03:13.0610 5248 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

2011/07/09 18:03:13.0680 5248 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

2011/07/09 18:03:13.0740 5248 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys

2011/07/09 18:03:13.0814 5248 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys

2011/07/09 18:03:13.0938 5248 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

2011/07/09 18:03:14.0124 5248 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

2011/07/09 18:03:14.0212 5248 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys

2011/07/09 18:03:14.0274 5248 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys

2011/07/09 18:03:14.0407 5248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

2011/07/09 18:03:14.0504 5248 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

2011/07/09 18:03:14.0576 5248 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

2011/07/09 18:03:14.0636 5248 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

2011/07/09 18:03:14.0777 5248 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys

2011/07/09 18:03:14.0837 5248 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys

2011/07/09 18:03:14.0889 5248 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys

2011/07/09 18:03:14.0947 5248 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

2011/07/09 18:03:15.0034 5248 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys

2011/07/09 18:03:15.0106 5248 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

2011/07/09 18:03:15.0162 5248 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

2011/07/09 18:03:15.0236 5248 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

2011/07/09 18:03:15.0429 5248 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

2011/07/09 18:03:15.0559 5248 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys

2011/07/09 18:03:15.0626 5248 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys

2011/07/09 18:03:15.0697 5248 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys

2011/07/09 18:03:15.0819 5248 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

2011/07/09 18:03:15.0898 5248 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys

2011/07/09 18:03:16.0169 5248 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\drivers\tcpip.sys

2011/07/09 18:03:16.0301 5248 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\DRIVERS\tcpip.sys

2011/07/09 18:03:16.0399 5248 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys

2011/07/09 18:03:16.0468 5248 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys

2011/07/09 18:03:16.0511 5248 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys

2011/07/09 18:03:16.0575 5248 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys

2011/07/09 18:03:16.0636 5248 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys

2011/07/09 18:03:16.0810 5248 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys

2011/07/09 18:03:16.0941 5248 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys

2011/07/09 18:03:16.0987 5248 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

2011/07/09 18:03:17.0052 5248 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys

2011/07/09 18:03:17.0158 5248 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys

2011/07/09 18:03:17.0226 5248 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys

2011/07/09 18:03:17.0286 5248 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

2011/07/09 18:03:17.0377 5248 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\windows\system32\DRIVERS\usbser_lowerflt.sys

2011/07/09 18:03:17.0448 5248 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys

2011/07/09 18:03:17.0502 5248 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys

2011/07/09 18:03:17.0545 5248 usbehci (97c8c2750090ca722c73b8c8ddc7c82b) C:\windows\system32\DRIVERS\usbehci.sys

2011/07/09 18:03:17.0630 5248 usbhub (8b8601b4933275edab38d9994e0c0dda) C:\windows\system32\DRIVERS\usbhub.sys

2011/07/09 18:03:17.0699 5248 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys

2011/07/09 18:03:17.0749 5248 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

2011/07/09 18:03:17.0816 5248 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

2011/07/09 18:03:17.0923 5248 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\windows\system32\drivers\usbser.sys

2011/07/09 18:03:17.0988 5248 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys

2011/07/09 18:03:18.0058 5248 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS

2011/07/09 18:03:18.0133 5248 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys

2011/07/09 18:03:18.0264 5248 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys

2011/07/09 18:03:18.0422 5248 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys

2011/07/09 18:03:18.0507 5248 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

2011/07/09 18:03:18.0554 5248 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

2011/07/09 18:03:18.0613 5248 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys

2011/07/09 18:03:18.0686 5248 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys

2011/07/09 18:03:18.0747 5248 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

2011/07/09 18:03:18.0804 5248 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys

2011/07/09 18:03:18.0888 5248 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys

2011/07/09 18:03:18.0942 5248 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

2011/07/09 18:03:19.0007 5248 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys

2011/07/09 18:03:19.0076 5248 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

2011/07/09 18:03:19.0152 5248 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

2011/07/09 18:03:19.0209 5248 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

2011/07/09 18:03:19.0301 5248 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

2011/07/09 18:03:19.0419 5248 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

2011/07/09 18:03:19.0502 5248 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

2011/07/09 18:03:19.0545 5248 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

2011/07/09 18:03:19.0677 5248 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

2011/07/09 18:03:19.0745 5248 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

2011/07/09 18:03:19.0942 5248 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

2011/07/09 18:03:20.0022 5248 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

2011/07/09 18:03:20.0233 5248 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys

2011/07/09 18:03:20.0380 5248 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

2011/07/09 18:03:20.0544 5248 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

2011/07/09 18:03:20.0608 5248 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

2011/07/09 18:03:20.0783 5248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/09 18:03:20.0837 5248 MBR (0x1B8) (30d352063c29e1894a7582d6a7b179c1) \Device\Harddisk1\DR1

2011/07/09 18:03:20.0895 5248 Boot (0x1200) (2c8ec1cf7eed955b693ce1bc4ae5d82b) \Device\Harddisk0\DR0\Partition0

2011/07/09 18:03:20.0953 5248 Boot (0x1200) (e561d3855e7409f40c075f86402524ce) \Device\Harddisk0\DR0\Partition1

2011/07/09 18:03:20.0974 5248 ================================================================================

2011/07/09 18:03:20.0974 5248 Scan finished

2011/07/09 18:03:20.0974 5248 ================================================================================

2011/07/09 18:03:21.0029 1784 Detected object count: 0

2011/07/09 18:03:21.0030 1784 Actual detected object count: 0

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    Search-engines.com


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

I tryed it twice (looking for search-engines.com and for search-results.com) and the result was the same: no files fiound. But the "thing" is still here...

Here the logs:

1)

SystemLook 04.09.10 by jpshortstuff

Log created at 14:28 on 10/07/2011 by viriato

Administrator - Elevation successful

========== filefind ==========

Searching for "Search-engines.com"

No files found.

-= EOF =-

2)

SystemLook 04.09.10 by jpshortstuff

Log created at 14:36 on 10/07/2011 by viriato

Administrator - Elevation successful

========== filefind ==========

Searching for "Search-Results.com"

No files found.

-= EOF =-

Link to post
Share on other sites

It seems it's working.

I did what you said, and get the resulkt I send you in the jpg attatch 1.

Now, my FF configuration, regarding the "search-results" effect, is like goes in attatch 2.

Is it necessary to do something else?

Tks.

post-85785-0-07572300-1310423006.jpg

post-85785-0-17351200-1310423024.jpg

Link to post
Share on other sites

Well, I'm just a common user, and I really am not sure if theese are the defauts of FF. In the second JPG I've sent you there are some extensions refering "search-results". And I don't know if it means any thing, in this context... :blush:

Link to post
Share on other sites

I've tryed to delete them. I've run the restoring Firefox link. And finally I've unistallt a re-install Firefox.

But "he" is still there! And continues in my Control Panel.

In about:config it remains, too:

extensions.wrc.SearchRules.rambler.ru.style;.WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url("IMAGE") right no-repeat}

In fact, I'm tired of this small "war" agains this small bastard, and I presume you will be, too.

Do you think that if I re-install Windows it will turn out the question? (The problem is that my Windows come with the Asus Eee PC I have, and I don't know if I have the backup cd...)

Anyway: thanks a million for all you are doing trying help me.

Link to post
Share on other sites

Try this:

The usual method for uninstalling extensions and themes is by using the Add-ons manager for your Mozilla application, as follows.

1.Click "Tools -> Add-ons (Add-on Manager in SeaMonkey 2)

2.Click on the Extensions or Themes button on the top.

3.Click on the extension or theme you want to uninstall.

4.Click Uninstall.

5.Restart your Mozilla application.

Let me know if that fixed it

Link to post
Share on other sites

The previous message is with several miswords and typing errors - and I'm not referring my natural dificulties with English language. This is the (let's say) more or less corrected version:

I've tryed to delete them. I've run the restoring Firefox link. And finally I've unistall and re-install Firefox.

But "he" is still there! And continues in my Control Panel.

In about:config it remains, too:

extensions.wrc.SearchRules.rambler.ru.style;.WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url("IMAGE") right no-repeat}

In fact, I'm tired of this "war" against such a small bastard, and I presume will be, too.

Do you think that if I re-install Windows it will turn out the question? (The problem is that my Windows come with the Asus Eee PC I have, and I don't know if I have the backup cd...)

Anyway: thanks a million for all you are doing trying help me.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.