Help with Malware Removal

[pedrodsky1]

Hope you can help me with this problem.A friend of mine tried to formatted my netbook,which was known already as having malware.
this is the log of DDS
DDS (Ver_09-06-26.01) - NTFSx86
Run by Joao at 13:50:37,40 on 19-03-2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.139 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\wgaer_m.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Joao\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\joao\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.il", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--wgbl6a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]

=============== Created Last 30 ================

2011-03-19 13:33 <DIR> --d----- c:\program files\Trend Micro
2011-03-17 13:32 4,152,184 a------- c:\windows\system32\wgaer_m.exe
2011-03-17 13:32 1,303 a------- c:\windows\system32\WGAScanner.xml
2011-03-17 08:43 <DIR> --d----- c:\windows\Panther
2011-03-17 08:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2011-03-17 08:43 333,203 a--shr-- C:\bootmgr
2011-03-17 08:43 <DIR> --d----- C:\Boot
2011-03-17 08:19 80,896 a------- c:\windows\system32\MSNP.ax
2011-03-17 08:19 293,376 a------- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 217,088 a------- c:\windows\system32\psisrndr.ax
2011-03-17 07:37 <DIR> --d----- c:\users\joao\appdata\roaming\AVG10
2011-03-17 04:40 293,376 a------- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 97,800 a------- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 622,080 a------- c:\windows\system32\icardagt.exe
2011-03-17 04:05 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2011-03-17 04:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 11,264 a------- c:\windows\system32\icardres.dll
2011-03-17 04:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 04:05 326,160 a------- c:\windows\system32\PresentationHost.exe
2011-03-17 03:53 96,760 a------- c:\windows\system32\dfshim.dll
2011-03-17 03:53 282,112 a------- c:\windows\system32\mscoree.dll
2011-03-17 03:53 41,984 a------- c:\windows\system32\netfxperf.dll
2011-03-17 03:53 158,720 a------- c:\windows\system32\mscorier.dll
2011-03-17 03:53 83,968 a------- c:\windows\system32\mscories.dll
2011-03-17 03:47 24,064 a------- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 411,136 a------- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 31,232 a------- c:\windows\system32\httpapi.dll
2011-03-17 03:46 231,936 a------- c:\windows\system32\msshsq.dll
2011-03-17 03:42 2,048 a------- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 409,600 a------- c:\windows\system32\odbc32.dll
2011-03-17 03:37 2,927,104 a------- c:\windows\explorer.exe
2011-03-17 03:37 213,504 a------- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 1,399,296 a------- c:\windows\system32\msxml6.dll
2011-03-17 03:36 104,960 a------- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 27,136 a------- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 19,968 a------- c:\windows\system32\ARP.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\netevent.dll
2011-03-17 03:36 11,264 a------- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 10,240 a------- c:\windows\system32\finger.exe
2011-03-17 03:36 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 2,868,224 a------- c:\windows\system32\mf.dll
2011-03-17 03:34 2,038,784 a------- c:\windows\system32\win32k.sys
2011-03-17 03:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 376,832 a------- c:\windows\system32\winhttp.dll
2011-03-17 03:34 81,920 a------- c:\windows\system32\iccvid.dll
2011-03-17 03:34 274,432 a------- c:\windows\system32\schannel.dll
2011-03-17 03:34 126,464 a------- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 296,960 a------- c:\windows\system32\gdi32.dll
2011-03-17 03:34 67,072 a------- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 738,304 a------- c:\windows\system32\inetcomm.dll
2011-03-17 03:34 562,176 a------- c:\windows\system32\msdtcprx.dll
2011-03-17 03:34 38,912 a------- c:\windows\system32\xolehlp.dll
2011-03-17 03:33 71,680 a------- c:\windows\system32\atl.dll
2011-03-17 03:33 160,256 a------- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 28,672 a------- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 499,712 a------- c:\windows\system32\kerberos.dll
2011-03-17 03:32 175,104 a------- c:\windows\system32\wdigest.dll
2011-03-17 03:32 1,256,448 a------- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 72,704 a------- c:\windows\system32\secur32.dll
2011-03-17 03:32 9,728 a------- c:\windows\system32\lsass.exe
2011-03-17 03:31 636,928 a------- c:\windows\system32\localspl.dll
2011-03-17 03:31 2,048 a------- c:\windows\system32\tzres.dll
2011-03-17 03:31 36,352 a------- c:\windows\system32\rtutils.dll
2011-03-17 03:29 329,216 a------- c:\windows\system32\msdrm.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:21 898,952 a------- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 94,720 a------- c:\windows\system32\logagent.exe
2011-03-17 03:18 313,344 a------- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 43,520 a------- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 18,432 a------- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 13,824 a------- c:\windows\system32\apilogen.dll
2011-03-17 03:16 351,232 a------- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 <DIR> --d-h--- c:\programdata\Common Files
2011-03-17 03:09 <DIR> --d-h--- c:\progra~2\Common Files
2011-03-17 03:05 <DIR> --d----- c:\windows\system32\drivers\AVG
2011-03-17 03:05 <DIR> --d----- c:\programdata\AVG10
2011-03-17 03:05 <DIR> --d----- c:\progra~2\AVG10
2011-03-17 03:03 <DIR> --d----- c:\program files\AVG
2011-03-17 03:02 31,744 a------- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 50,176 a------- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 22,528 a------- c:\windows\system32\msyuv.dll
2011-03-17 03:02 13,312 a------- c:\windows\system32\msrle32.dll
2011-03-17 03:02 11,776 a------- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 123,904 a------- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 91,136 a------- c:\windows\system32\avifil32.dll
2011-03-17 03:02 82,944 a------- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 65,024 a------- c:\windows\system32\avicap32.dll
2011-03-17 02:11 310,784 a------- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 7,680 a------- c:\windows\system32\spwmp.dll
2011-03-17 02:11 4,096 a------- c:\windows\system32\msdxm.ocx
2011-03-17 02:11 4,096 a------- c:\windows\system32\dxmasf.dll
2011-03-17 02:09 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2011-03-17 02:06 <DIR> --d----- c:\programdata\MFAData
2011-03-17 02:06 <DIR> --d----- c:\progra~2\MFAData
2011-03-17 01:56 <DIR> --dsh--- C:\$RECYCLE.BIN
2011-03-17 01:39 256,512 a------- c:\windows\PEV.exe
2011-03-17 01:39 161,792 a------- c:\windows\SWREG.exe
2011-03-17 01:39 98,816 a------- c:\windows\sed.exe
2011-03-17 01:39 89,088 a------- c:\windows\MBR.exe
2011-03-17 01:33 171,520 a------- c:\windows\system32\wintrust.dll
2011-03-17 01:33 98,304 a------- c:\windows\system32\cabview.dll
2011-03-17 01:17 2,421,760 a------- c:\windows\system32\wucltux.dll
2011-03-17 01:16 87,552 a------- c:\windows\system32\wudriver.dll
2011-03-17 01:16 171,608 a------- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 33,792 a------- c:\windows\system32\wuapp.exe
2011-03-17 01:07 156,771 a------- c:\windows\system32\netathr.inf
2011-03-17 01:07 49,217 a------- c:\windows\system32\athrext.cat
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\athr.sys
2011-03-17 01:07 397,312 a------- c:\windows\system32\athihvs.dll
2011-03-17 01:07 61,440 a------- c:\windows\system32\athihvui.dll
2011-03-17 01:07 <DIR> --d----- c:\windows\system32\nn-NO
2011-03-17 01:07 <DIR> --d----- c:\program files\Atheros
2011-03-17 01:07 <DIR> --d----- c:\program files\Cisco
2011-03-17 01:06 <DIR> --dsh--- c:\windows\Installer
2011-03-17 01:06 <DIR> --d----- c:\programdata\Atheros
2011-03-17 01:06 <DIR> --d----- c:\progra~2\Atheros
2011-03-17 01:05 14,592 a------- c:\windows\system32\results.xml
2011-03-17 01:02 1,002,008 a------- c:\windows\system32\igxpun.exe
2011-03-17 01:02 319,456 a------- c:\windows\system32\difxapi.dll
2011-03-17 01:02 <DIR> --d----- c:\windows\system32\Lang
2011-03-17 01:02 <DIR> --d----- C:\Intel
2011-03-17 00:56 <DIR> --d----- c:\users\Joao
2011-03-17 00:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

==================== Find3M ====================

2011-03-17 01:08 51,200 a------- c:\windows\inf\infpub.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstrng.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstor.dat
2011-01-08 07:50 34,304 a------- c:\windows\system32\atmlib.dll
2011-01-08 05:57 292,352 a------- c:\windows\system32\atmfd.dll
2010-12-29 17:41 323,072 a------- c:\windows\system32\sbe.dll
2010-12-29 17:41 153,088 a------- c:\windows\system32\sbeio.dll
2010-12-29 17:41 429,056 a------- c:\windows\system32\EncDec.dll
2008-06-12 00:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-09 23:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:57:05,99 ===============

 

[Blade81]

Hi,

Please do NOT run 'FIXES' (ComboFix etc) without being asked (ran ComboFix though it shouldn't be used without supervision).

Look for c:\ComboFix.txt file and post back its contents. What are the existing symptoms?

 

[pedrodsky1]

thanks for your reply.the laptop opens windows of "windows explorer" all the time.Also noticed that opens the "search finder" in any browser(firefox,IE,etc).
here´s the combofix log
ComboFix 11-03-15.02 - Joao 17-03-2011 1:41.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.230 [GMT 0:00]
Executando de: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-17 to 2011-03-17 ))))))))))))))))))))))))))))
.
.
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 01:50 . 2011-03-17 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-17 01:33 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-03-17 01:17 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-03-17 01:17 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-03-17 01:17 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-03-17 01:17 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-03-17 01:16 . 2011-03-17 01:16 -------- d-----w- c:\windows\system32\Macromed
2011-03-17 01:16 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\windows\system32\nn-NO
2011-03-17 01:07 . 2009-09-14 10:00 61440 ----a-w- c:\windows\system32\athihvui.dll
2011-03-17 01:07 . 2009-09-14 10:00 397312 ----a-w- c:\windows\system32\athihvs.dll
2011-03-17 01:07 . 2009-09-05 22:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 . 2009-09-05 22:25 1183744 ----a-w- c:\windows\system32\athr.sys
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\program files\Atheros
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\program files\Cisco
2011-03-17 01:07 . 2011-03-17 01:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-03-17 01:06 . 2011-03-17 01:07 -------- d-sh--w- c:\windows\Installer
2011-03-17 01:06 . 2011-03-17 01:08 -------- d-----w- c:\programdata\Atheros
2011-03-17 01:02 . 2011-03-17 01:02 -------- d-----w- c:\windows\system32\Lang
2011-03-17 01:02 . 2009-08-14 15:12 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-03-17 01:02 . 2006-11-10 09:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-03-17 01:02 . 2011-03-17 01:02 -------- d-----w- C:\Intel
2011-03-17 00:56 . 2011-03-17 01:08 -------- d-----w- c:\users\Joao
2011-03-17 00:55 . 2011-03-17 00:59 -------- d-----w- c:\windows\Debug
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - NATIVEWIFIP
*NewlyCreated* - NDISUIO
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 01:50
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tempo para conclusão: 2011-03-17 01:58:02
ComboFix-quarantined-files.txt 2011-03-17 01:57
.
Pré-execução: 65.461.342.208 bytes free
Pós execução: 65.410.342.912 bytes free
.
- - End Of File - - 50B5F74053338761DBABE38F8FBCFCBD

 

[Blade81]

Hi,

Run ComboFix again and let it update itself when prompted. Post back the report.

 

[pedrodsky1]

Help with Malware Remover

Hi,this is the new report
ComboFix 11-03-15.02 - Joao 21-03-2011 11:37:00.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.255 [GMT 0:00]
Executando de: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- MODO DE FUNCIONALIDADE REDUZIDA -
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))
.
.
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-20 15:29 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 . 2008-09-12 04:46 2048 ----a-w- c:\program files\Microsoft Games\Tinker\SparkResource.dll
2011-03-20 15:27 . 2008-09-12 04:46 333312 ----a-w- c:\program files\Microsoft Games\Tinker\SparkGDF.dll
2011-03-20 15:27 . 2008-09-12 04:46 1307136 ----a-w- c:\program files\Microsoft Games\Tinker\Tinker.exe
2011-03-20 15:27 . 2011-03-20 15:27 -------- d-----w- c:\program files\BitLocker
2011-03-20 15:25 . 2007-02-22 02:26 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-03-20 15:21 . 2007-02-21 19:46 1496912 ----a-w- c:\program files\Microsoft Games\HoldEm\HoldEm.exe
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\0816
2011-03-20 15:17 . 2011-03-20 15:25 -------- d-----w- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\pt
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\pt\Microsoft.Ink.Resources.dll
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LMPRTPRC.DLL.mui
2011-03-19 14:01 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-19 14:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-19 14:01 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-03-19 14:00 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-19 13:42 . 2011-03-19 13:42 -------- d-----w- c:\program files\ERUNT
2011-03-19 13:39 . 2011-03-19 13:39 -------- d-----w- c:\program files\Microsoft.NET
2011-03-19 13:36 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-19 13:36 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-19 13:36 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-19 13:33 . 2011-03-19 13:33 -------- d-----w- c:\program files\Trend Micro
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 08:19 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-03-17 08:19 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-17 07:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-17 04:40 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-03-17 04:05 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-03-17 04:05 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-03-17 03:53 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-03-17 03:47 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-03-17 03:46 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-03-17 03:42 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-03-17 03:37 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-17 03:37 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-03-17 03:37 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-17 03:37 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-17 03:37 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-17 03:37 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2011-03-17 03:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-03-17 03:36 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-03-17 03:36 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-03-17 03:36 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2011-03-17 03:34 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-03-17 03:34 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-17 03:34 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-03-17 03:34 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-03-17 03:34 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-03-17 03:34 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-03-17 03:34 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2011-03-17 03:34 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-03-17 03:34 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2011-03-17 03:34 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2011-03-17 03:33 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2011-03-17 03:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-03-17 03:32 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-03-17 03:32 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2011-03-17 03:32 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2011-03-17 03:31 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2011-03-17 03:31 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-17 03:31 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-17 03:31 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:29 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2011-03-17 03:21 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-03-17 03:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-03-17 03:16 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 . 2011-03-17 03:09 -------- d--h--w- c:\programdata\Common Files
2011-03-17 03:05 . 2011-03-21 11:24 -------- d-----w- c:\programdata\AVG10
2011-03-17 03:02 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-03-17 03:02 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-03-17 03:02 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-03-17 02:11 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-17 02:11 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-03-17 02:11 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\tpm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\kbdclass.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 3072 ----a-w- c:\windows\system32\drivers\pt-PT\kbdhid.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 12288 ----a-w- c:\windows\system32\drivers\pt-PT\i8042prt.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 7680 ----a-w- c:\windows\system32\drivers\pt-PT\luafv.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\e100b325.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\e1e6032.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\viac7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\processr.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\crusoe.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk8.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\intelppm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 10240 ----a-w- c:\windows\system32\drivers\pt-PT\battc.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 18432 ----a-w- c:\windows\system32\drivers\pt-PT\E1G60I32.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\b57nd60x.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\wdf01000.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 9728 ----a-w- c:\windows\system32\drivers\pt-PT\pci.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 4608 ----a-w- c:\windows\system32\drivers\pt-PT\isapnp.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mssmbios.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\NV_AGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 27648 ----a-w- c:\windows\system32\drivers\pt-PT\mpio.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\VIAAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\ULIAGPKX.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\SISAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AMDAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AGP440.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\windows\system32\drivers\pt-PT\http.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 10752 ----a-w- c:\windows\system32\drivers\pt-PT\acpi.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 36864 ----a-w- c:\windows\system32\drivers\pt-PT\volsnap.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 6144 ----a-w- c:\windows\system32\drivers\pt-PT\sermouse.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 5632 ----a-w- c:\windows\system32\drivers\pt-PT\mouclass.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mouhid.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 14848 ----a-w- c:\windows\system32\drivers\pt-PT\fvevol.sys.mui
2011-03-20 15:07 . 2011-03-20 15:07 3072 ----a-w- c:\windows\system32\drivers\pt-PT\qwavedrv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\serscan.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4608 ----a-w- c:\windows\system32\drivers\pt-PT\modem.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4096 ----a-w- c:\windows\system32\drivers\pt-PT\ipnat.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 9728 ----a-w- c:\windows\system32\drivers\pt-PT\afd.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 7680 ----a-w- c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 6656 ----a-w- c:\windows\system32\drivers\pt-PT\yk60x86.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\hidbth.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 11264 ----a-w- c:\windows\system32\drivers\pt-PT\ltmdmnt.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3072 ----a-w- c:\windows\system32\drivers\pt-PT\srv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mpad.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 77824 ----a-w- c:\windows\system32\drivers\pt-PT\ntfs.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\ntrigdigi.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 6656 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\WpdMtpDr.dll.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\parvdm.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\parport.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 11776 ----a-w- c:\windows\system32\drivers\pt-PT\serial.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\RNDISMP.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 12288 ----a-w- c:\windows\system32\drivers\pt-PT\ohci1394.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\UAGP35.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\GAGP30KX.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\drivers\pt-PT\dxgkrnl.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\umbus.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\Dot4usb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\BRPARWDM.SYS.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\amdide.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\fltmgr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\bcm4sbxp.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\bthpan.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\atikmdag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\scsiport.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\nv4_mini.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mtag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\wacompen.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pscr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\SCR111.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\scmstcs.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\grserial.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\stcusb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\gpr400.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cxbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cmbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\rndismpx.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3072 ----a-w- c:\windows\system32\drivers\pt-PT\pnpmem.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\wd.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 6656 ----a-w- c:\windows\system32\drivers\pt-PT\IPMIDrv.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pcmcia.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 3584 ----a-w- c:\windows\system32\drivers\pt-PT\pacer.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\msdsm.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 11264 ----a-w- c:\windows\system32\drivers\pt-PT\BrSerId.sys.mui
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
c:\users\Joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Scan Suplementar -------
.
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 11:39
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
Tempo para conclusão: 2011-03-21 11:42:09
ComboFix-quarantined-files.txt 2011-03-21 11:42
.
Pré-execução: 49.704.931.328 bytes free
Pós execução: 50.006.245.376 bytes free
.
- - End Of File - - 2E7CE6EFBD2E02DFC6C08CB93917E456

 

[Blade81]

Hi,

Please download ComboFix here to your desktop and run it. Post back the report.

 

[pedrodsky1]

ComboFix 11-03-21.01 - Joao 21-03-2011 19:15:23.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.352 [GMT 0:00]
Executando de: c:\users\Joao\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
A cópia de c:\windows\system32\Version.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6002.18005_none_16e9c83b4e078740\version.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))
.
.
2011-03-21 19:26 . 2011-03-21 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-20 15:29 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 . 2008-09-12 04:46 2048 ----a-w- c:\program files\Microsoft Games\Tinker\SparkResource.dll
2011-03-20 15:27 . 2008-09-12 04:46 333312 ----a-w- c:\program files\Microsoft Games\Tinker\SparkGDF.dll
2011-03-20 15:27 . 2008-09-12 04:46 1307136 ----a-w- c:\program files\Microsoft Games\Tinker\Tinker.exe
2011-03-20 15:27 . 2011-03-20 15:27 -------- d-----w- c:\program files\BitLocker
2011-03-20 15:25 . 2007-02-22 02:26 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-03-20 15:21 . 2007-02-21 19:46 1496912 ----a-w- c:\program files\Microsoft Games\HoldEm\HoldEm.exe
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\0816
2011-03-20 15:17 . 2011-03-20 15:25 -------- d-----w- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\pt
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\pt\Microsoft.Ink.Resources.dll
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LMPRTPRC.DLL.mui
2011-03-19 14:01 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-19 14:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-19 14:01 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-03-19 14:00 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-19 13:42 . 2011-03-19 13:42 -------- d-----w- c:\program files\ERUNT
2011-03-19 13:39 . 2011-03-19 13:39 -------- d-----w- c:\program files\Microsoft.NET
2011-03-19 13:36 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-19 13:36 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-19 13:36 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-19 13:33 . 2011-03-19 13:33 -------- d-----w- c:\program files\Trend Micro
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 08:19 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-03-17 08:19 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-17 07:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-17 04:40 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-03-17 04:05 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-03-17 04:05 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-03-17 03:53 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-03-17 03:47 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-03-17 03:46 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-03-17 03:42 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-03-17 03:37 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-17 03:37 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-03-17 03:37 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-17 03:37 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-17 03:37 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-17 03:37 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2011-03-17 03:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-03-17 03:36 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-03-17 03:36 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-03-17 03:36 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2011-03-17 03:34 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-03-17 03:34 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-17 03:34 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-03-17 03:34 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-03-17 03:34 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-03-17 03:34 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-03-17 03:34 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2011-03-17 03:34 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-03-17 03:34 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2011-03-17 03:34 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2011-03-17 03:33 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2011-03-17 03:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-03-17 03:32 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-03-17 03:32 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2011-03-17 03:32 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2011-03-17 03:31 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2011-03-17 03:31 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-17 03:31 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-17 03:31 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:29 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2011-03-17 03:21 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-03-17 03:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-03-17 03:16 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 . 2011-03-17 03:09 -------- d--h--w- c:\programdata\Common Files
2011-03-17 03:05 . 2011-03-21 11:24 -------- d-----w- c:\programdata\AVG10
2011-03-17 03:02 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-03-17 03:02 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-03-17 03:02 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-03-17 02:11 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-17 02:11 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-03-17 02:11 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\tpm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\kbdclass.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 3072 ----a-w- c:\windows\system32\drivers\pt-PT\kbdhid.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 12288 ----a-w- c:\windows\system32\drivers\pt-PT\i8042prt.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 7680 ----a-w- c:\windows\system32\drivers\pt-PT\luafv.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\e100b325.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\e1e6032.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\viac7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\processr.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\crusoe.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk8.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\intelppm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 10240 ----a-w- c:\windows\system32\drivers\pt-PT\battc.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 18432 ----a-w- c:\windows\system32\drivers\pt-PT\E1G60I32.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\b57nd60x.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\wdf01000.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 9728 ----a-w- c:\windows\system32\drivers\pt-PT\pci.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 4608 ----a-w- c:\windows\system32\drivers\pt-PT\isapnp.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mssmbios.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\NV_AGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 27648 ----a-w- c:\windows\system32\drivers\pt-PT\mpio.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\VIAAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\ULIAGPKX.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\SISAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AMDAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AGP440.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\windows\system32\drivers\pt-PT\http.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 10752 ----a-w- c:\windows\system32\drivers\pt-PT\acpi.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 36864 ----a-w- c:\windows\system32\drivers\pt-PT\volsnap.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 6144 ----a-w- c:\windows\system32\drivers\pt-PT\sermouse.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 5632 ----a-w- c:\windows\system32\drivers\pt-PT\mouclass.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mouhid.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 14848 ----a-w- c:\windows\system32\drivers\pt-PT\fvevol.sys.mui
2011-03-20 15:07 . 2011-03-20 15:07 3072 ----a-w- c:\windows\system32\drivers\pt-PT\qwavedrv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\serscan.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4608 ----a-w- c:\windows\system32\drivers\pt-PT\modem.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4096 ----a-w- c:\windows\system32\drivers\pt-PT\ipnat.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 9728 ----a-w- c:\windows\system32\drivers\pt-PT\afd.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 7680 ----a-w- c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 6656 ----a-w- c:\windows\system32\drivers\pt-PT\yk60x86.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\hidbth.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 11264 ----a-w- c:\windows\system32\drivers\pt-PT\ltmdmnt.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3072 ----a-w- c:\windows\system32\drivers\pt-PT\srv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mpad.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 77824 ----a-w- c:\windows\system32\drivers\pt-PT\ntfs.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\ntrigdigi.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 6656 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\WpdMtpDr.dll.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\parvdm.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\parport.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 11776 ----a-w- c:\windows\system32\drivers\pt-PT\serial.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\RNDISMP.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 12288 ----a-w- c:\windows\system32\drivers\pt-PT\ohci1394.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\UAGP35.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\GAGP30KX.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\drivers\pt-PT\dxgkrnl.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\umbus.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\Dot4usb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\BRPARWDM.SYS.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\amdide.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\fltmgr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\bcm4sbxp.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\bthpan.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\atikmdag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\scsiport.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\nv4_mini.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mtag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\wacompen.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pscr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\SCR111.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\scmstcs.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\grserial.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\stcusb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\gpr400.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cxbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cmbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\rndismpx.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3072 ----a-w- c:\windows\system32\drivers\pt-PT\pnpmem.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\wd.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 6656 ----a-w- c:\windows\system32\drivers\pt-PT\IPMIDrv.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pcmcia.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 3584 ----a-w- c:\windows\system32\drivers\pt-PT\pacer.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\msdsm.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 11264 ----a-w- c:\windows\system32\drivers\pt-PT\BrSerId.sys.mui
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
c:\users\Joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Scan Suplementar -------
.
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 19:30
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-03-21 19:36:18 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-03-21 19:36
ComboFix2.txt 2011-03-21 11:42
.
Pré-execução: 49.113.538.560 bytes free
Pós execução: 48.882.683.904 bytes free
.
- - End Of File - - 5768FE3CBD9014D2E5EABDF70F468D03

 

[Blade81]

Hi again,

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• Please post contents of that file + fresh dds.txt in your next reply.

Are the symptoms still present?

 

[pedrodsky1]

the symptons are still present.
mbam log:
´Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6121

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019

21-03-2011 22:30:59
mbam-log-2011-03-21 (22-30-59).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 268172
Time elapsed: 2 hour(s), 14 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dds log

DDS (Ver_09-06-26.01) - NTFSx86
Run by Joao at 23:05:41,59 on 21-03-2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.245 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Users\Joao\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\joao\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.il", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--wgbl6a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-03-21 20:13 <DIR> --d----- c:\users\joao\appdata\roaming\Malwarebytes
2011-03-21 20:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 20:12 <DIR> --d----- c:\programdata\Malwarebytes
2011-03-21 20:12 <DIR> --d----- c:\progra~2\Malwarebytes
2011-03-21 20:12 20,952 a------- c:\windows\system32\drivers\mbam.sys
2011-03-21 20:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 19:59 <DIR> --d----- c:\windows\system32\drivers\AVG
2011-03-21 19:57 <DIR> --d----- c:\program files\AVG
2011-03-21 19:47 222,080 -------- c:\windows\system32\MpSigStub.exe
2011-03-21 19:28 <DIR> --d----- C:\$RECYCLE.BIN
2011-03-20 15:29 233,888 a------- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 <DIR> --d----- c:\program files\BitLocker
2011-03-20 15:25 711 a------- c:\windows\system32\CPSOKBTasks.xml
2011-03-20 15:25 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 675,152 a------- c:\windows\system32\gpprefcl.dll
2011-03-20 15:19 332,682 a------- c:\windows\system32\prfi0816.dat
2011-03-20 15:19 654,866 a------- c:\windows\system32\prfh0816.dat
2011-03-20 15:19 129,702 a------- c:\windows\system32\prfc0816.dat
2011-03-20 15:19 39,514 a------- c:\windows\system32\prfd0816.dat
2011-03-20 15:17 <DIR> --d----- c:\windows\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\0816
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\pt
2011-03-19 14:01 303,616 a------- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 125,952 a------- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 101,888 a------- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 145,408 a------- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 17,920 a------- c:\windows\system32\netevent.dll
2011-03-19 14:01 420,352 a------- c:\windows\system32\vbscript.dll
2011-03-19 14:01 378,368 a------- c:\windows\system32\winhttp.dll
2011-03-19 14:00 738,816 a------- c:\windows\system32\inetcomm.dll
2011-03-19 13:36 295,264 a------- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 1,130,824 a------- c:\windows\system32\dfshim.dll
2011-03-19 13:36 297,808 a------- c:\windows\system32\mscoree.dll
2011-03-19 13:36 49,472 a------- c:\windows\system32\netfxperf.dll
2011-03-19 13:33 <DIR> --d----- c:\program files\Trend Micro
2011-03-17 08:43 <DIR> --d----- c:\windows\Panther
2011-03-17 08:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2011-03-17 08:43 333,203 a--shr-- C:\bootmgr
2011-03-17 08:43 <DIR> --d----- C:\Boot
2011-03-17 08:19 80,896 a------- c:\windows\system32\MSNP.ax
2011-03-17 08:19 293,376 a------- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 217,088 a------- c:\windows\system32\psisrndr.ax
2011-03-17 07:37 <DIR> --d----- c:\users\joao\appdata\roaming\AVG10
2011-03-17 04:40 293,376 a------- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 97,800 a------- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 622,080 a------- c:\windows\system32\icardagt.exe
2011-03-17 04:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 11,264 a------- c:\windows\system32\icardres.dll
2011-03-17 04:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 158,720 a------- c:\windows\system32\mscorier.dll
2011-03-17 03:53 83,968 a------- c:\windows\system32\mscories.dll
2011-03-17 03:47 24,064 a------- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 411,136 a------- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 31,232 a------- c:\windows\system32\httpapi.dll
2011-03-17 03:46 231,936 a------- c:\windows\system32\msshsq.dll
2011-03-17 03:42 2,048 a------- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 409,600 a------- c:\windows\system32\odbc32.dll
2011-03-17 03:37 2,927,104 a------- c:\windows\explorer.exe
2011-03-17 03:37 213,504 a------- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 1,399,296 a------- c:\windows\system32\msxml6.dll
2011-03-17 03:36 104,960 a------- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 27,136 a------- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 19,968 a------- c:\windows\system32\ARP.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 11,264 a------- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 10,240 a------- c:\windows\system32\finger.exe
2011-03-17 03:36 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 2,868,224 a------- c:\windows\system32\mf.dll
2011-03-17 03:34 2,038,784 a------- c:\windows\system32\win32k.sys
2011-03-17 03:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 81,920 a------- c:\windows\system32\iccvid.dll
2011-03-17 03:34 274,432 a------- c:\windows\system32\schannel.dll
2011-03-17 03:34 126,464 a------- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 296,960 a------- c:\windows\system32\gdi32.dll
2011-03-17 03:34 67,072 a------- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 562,176 a------- c:\windows\system32\msdtcprx.dll
2011-03-17 03:34 38,912 a------- c:\windows\system32\xolehlp.dll
2011-03-17 03:33 71,680 a------- c:\windows\system32\atl.dll
2011-03-17 03:33 160,256 a------- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 28,672 a------- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 499,712 a------- c:\windows\system32\kerberos.dll
2011-03-17 03:32 175,104 a------- c:\windows\system32\wdigest.dll
2011-03-17 03:32 1,256,448 a------- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 72,704 a------- c:\windows\system32\secur32.dll
2011-03-17 03:32 9,728 a------- c:\windows\system32\lsass.exe
2011-03-17 03:31 636,928 a------- c:\windows\system32\localspl.dll
2011-03-17 03:31 2,048 a------- c:\windows\system32\tzres.dll
2011-03-17 03:31 36,352 a------- c:\windows\system32\rtutils.dll
2011-03-17 03:29 329,216 a------- c:\windows\system32\msdrm.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:21 898,952 a------- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 94,720 a------- c:\windows\system32\logagent.exe
2011-03-17 03:18 313,344 a------- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 43,520 a------- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 18,432 a------- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 13,824 a------- c:\windows\system32\apilogen.dll
2011-03-17 03:16 351,232 a------- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 <DIR> --d-h--- c:\programdata\Common Files
2011-03-17 03:09 <DIR> --d-h--- c:\progra~2\Common Files
2011-03-17 03:05 <DIR> --d----- c:\programdata\AVG10
2011-03-17 03:05 <DIR> --d----- c:\progra~2\AVG10
2011-03-17 03:02 31,744 a------- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 50,176 a------- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 22,528 a------- c:\windows\system32\msyuv.dll
2011-03-17 03:02 13,312 a------- c:\windows\system32\msrle32.dll
2011-03-17 03:02 11,776 a------- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 123,904 a------- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 91,136 a------- c:\windows\system32\avifil32.dll
2011-03-17 03:02 82,944 a------- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 65,024 a------- c:\windows\system32\avicap32.dll
2011-03-17 02:11 310,784 a------- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 7,680 a------- c:\windows\system32\spwmp.dll
2011-03-17 02:11 4,096 a------- c:\windows\system32\msdxm.ocx
2011-03-17 02:11 4,096 a------- c:\windows\system32\dxmasf.dll
2011-03-17 02:09 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2011-03-17 02:06 <DIR> --d----- c:\programdata\MFAData
2011-03-17 02:06 <DIR> --d----- c:\progra~2\MFAData
2011-03-17 01:39 256,512 a------- c:\windows\PEV.exe
2011-03-17 01:39 161,792 a------- c:\windows\SWREG.exe
2011-03-17 01:39 98,816 a------- c:\windows\sed.exe
2011-03-17 01:39 89,088 a------- c:\windows\MBR.exe
2011-03-17 01:33 171,520 a------- c:\windows\system32\wintrust.dll
2011-03-17 01:33 98,304 a------- c:\windows\system32\cabview.dll
2011-03-17 01:17 2,421,760 a------- c:\windows\system32\wucltux.dll
2011-03-17 01:16 87,552 a------- c:\windows\system32\wudriver.dll
2011-03-17 01:16 171,608 a------- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 33,792 a------- c:\windows\system32\wuapp.exe
2011-03-17 01:07 156,771 a------- c:\windows\system32\netathr.inf
2011-03-17 01:07 49,217 a------- c:\windows\system32\athrext.cat
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\athr.sys
2011-03-17 01:07 397,312 a------- c:\windows\system32\athihvs.dll
2011-03-17 01:07 61,440 a------- c:\windows\system32\athihvui.dll
2011-03-17 01:07 <DIR> --d----- c:\windows\system32\nn-NO
2011-03-17 01:07 <DIR> --d----- c:\program files\Atheros
2011-03-17 01:07 <DIR> --d----- c:\program files\Cisco
2011-03-17 01:06 <DIR> --dsh--- c:\windows\Installer
2011-03-17 01:06 <DIR> --d----- c:\programdata\Atheros
2011-03-17 01:06 <DIR> --d----- c:\progra~2\Atheros
2011-03-17 01:05 14,592 a------- c:\windows\system32\results.xml
2011-03-17 01:02 1,002,008 a------- c:\windows\system32\igxpun.exe
2011-03-17 01:02 319,456 a------- c:\windows\system32\difxapi.dll
2011-03-17 01:02 <DIR> --d----- c:\windows\system32\Lang
2011-03-17 01:02 <DIR> --d----- C:\Intel
2011-03-17 00:56 <DIR> --d----- c:\users\Joao
2011-03-17 00:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

==================== Find3M ====================

2011-03-20 15:16 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat
2011-03-20 15:16 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat
2011-03-20 15:16 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat
2011-03-20 15:16 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat
2011-03-17 01:08 51,200 a------- c:\windows\inf\infpub.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstrng.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstor.dat
2011-01-08 07:50 34,304 a------- c:\windows\system32\atmlib.dll
2011-01-08 05:57 292,352 a------- c:\windows\system32\atmfd.dll
2010-12-29 17:41 323,072 a------- c:\windows\system32\sbe.dll
2010-12-29 17:41 153,088 a------- c:\windows\system32\sbeio.dll
2010-12-29 17:41 429,056 a------- c:\windows\system32\EncDec.dll
2008-06-12 00:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-09 23:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:07:21,93 ===============

 

[Blade81]

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

 

[pedrodsky1]

this is the TDSSKiller log,the laptop remains the same,with erratic behaviour.
2011/03/22 09:05:24.0659 1924 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/22 09:05:25.0080 1924 ================================================================================
2011/03/22 09:05:25.0080 1924 SystemInfo:
2011/03/22 09:05:25.0080 1924
2011/03/22 09:05:25.0080 1924 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/22 09:05:25.0080 1924 Product type: Workstation
2011/03/22 09:05:25.0080 1924 ComputerName: JOAO-PC
2011/03/22 09:05:25.0080 1924 UserName: Joao
2011/03/22 09:05:25.0080 1924 Windows directory: C:\Windows
2011/03/22 09:05:25.0080 1924 System windows directory: C:\Windows
2011/03/22 09:05:25.0080 1924 Processor architecture: Intel x86
2011/03/22 09:05:25.0080 1924 Number of processors: 2
2011/03/22 09:05:25.0080 1924 Page size: 0x1000
2011/03/22 09:05:25.0080 1924 Boot type: Normal boot
2011/03/22 09:05:25.0080 1924 ================================================================================
2011/03/22 09:05:26.0219 1924 Initialize success
2011/03/22 09:05:32.0428 3776 ================================================================================
2011/03/22 09:05:32.0428 3776 Scan started
2011/03/22 09:05:32.0428 3776 Mode: Manual;
2011/03/22 09:05:32.0428 3776 ================================================================================
2011/03/22 09:05:35.0392 3776 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/22 09:05:36.0577 3776 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/22 09:05:37.0295 3776 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/22 09:05:38.0605 3776 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/22 09:05:39.0604 3776 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/22 09:05:40.0477 3776 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/22 09:05:40.0992 3776 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/22 09:05:41.0413 3776 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/22 09:05:41.0819 3776 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/22 09:05:42.0240 3776 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/22 09:05:42.0677 3776 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/22 09:05:43.0098 3776 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/22 09:05:43.0550 3776 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/22 09:05:44.0065 3776 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/22 09:05:44.0502 3776 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/22 09:05:45.0095 3776 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/22 09:05:45.0516 3776 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/22 09:05:45.0968 3776 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
2011/03/22 09:05:46.0561 3776 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/22 09:05:46.0967 3776 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/03/22 09:05:47.0357 3776 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/22 09:05:47.0762 3776 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/03/22 09:05:48.0184 3776 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/03/22 09:05:48.0605 3776 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/03/22 09:05:48.0995 3776 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/03/22 09:05:49.0416 3776 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/03/22 09:05:49.0915 3776 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/22 09:05:50.0368 3776 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/22 09:05:50.0820 3776 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/22 09:05:51.0226 3776 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/22 09:05:51.0647 3776 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/22 09:05:52.0115 3776 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/22 09:05:52.0536 3776 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/22 09:05:52.0957 3776 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/22 09:05:53.0378 3776 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/22 09:05:53.0815 3776 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/22 09:05:54.0314 3776 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/22 09:05:54.0736 3776 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/22 09:05:55.0188 3776 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/22 09:05:55.0516 3776 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/22 09:05:55.0984 3776 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/22 09:05:56.0452 3776 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/22 09:05:56.0842 3776 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/22 09:05:57.0325 3776 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/22 09:05:57.0762 3776 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/22 09:05:58.0230 3776 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/03/22 09:05:59.0135 3776 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/22 09:05:59.0712 3776 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/22 09:06:00.0258 3776 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/22 09:06:00.0726 3776 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/22 09:06:01.0178 3776 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/22 09:06:01.0834 3776 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/22 09:06:02.0380 3776 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/22 09:06:02.0848 3776 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/22 09:06:03.0378 3776 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/22 09:06:04.0252 3776 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/22 09:06:04.0720 3776 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/22 09:06:05.0219 3776 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/22 09:06:05.0624 3776 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/22 09:06:06.0092 3776 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/22 09:06:06.0748 3776 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/22 09:06:07.0247 3776 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/22 09:06:07.0715 3776 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/22 09:06:08.0105 3776 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/22 09:06:08.0542 3776 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/22 09:06:09.0025 3776 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/22 09:06:09.0415 3776 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/22 09:06:09.0836 3776 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/22 09:06:10.0304 3776 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/03/22 09:06:10.0788 3776 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/22 09:06:11.0209 3776 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/03/22 09:06:11.0771 3776 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/22 09:06:12.0208 3776 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/22 09:06:12.0894 3776 ialm (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/22 09:06:13.0518 3776 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/22 09:06:14.0158 3776 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/22 09:06:14.0641 3776 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/22 09:06:15.0218 3776 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/22 09:06:15.0671 3776 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/22 09:06:16.0139 3776 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/22 09:06:17.0012 3776 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/22 09:06:17.0434 3776 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/22 09:06:17.0870 3776 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/22 09:06:18.0292 3776 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/22 09:06:18.0760 3776 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/22 09:06:19.0150 3776 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/22 09:06:19.0586 3776 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/22 09:06:20.0008 3776 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/22 09:06:20.0460 3776 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/22 09:06:20.0959 3776 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/22 09:06:21.0443 3776 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/22 09:06:21.0911 3776 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/22 09:06:22.0316 3776 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/22 09:06:22.0738 3776 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/22 09:06:23.0206 3776 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/22 09:06:23.0658 3776 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/22 09:06:24.0095 3776 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/22 09:06:24.0516 3776 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/22 09:06:24.0937 3776 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/22 09:06:25.0358 3776 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/22 09:06:25.0780 3776 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/03/22 09:06:26.0263 3776 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/22 09:06:26.0700 3776 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/22 09:06:27.0106 3776 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/22 09:06:27.0527 3776 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/22 09:06:27.0964 3776 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/22 09:06:28.0400 3776 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/22 09:06:28.0837 3776 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/22 09:06:29.0274 3776 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/22 09:06:29.0711 3776 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/22 09:06:30.0132 3776 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/22 09:06:30.0631 3776 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/22 09:06:31.0068 3776 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/22 09:06:31.0520 3776 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/22 09:06:31.0942 3776 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/22 09:06:32.0363 3776 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/22 09:06:32.0784 3776 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/22 09:06:33.0236 3776 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/22 09:06:33.0782 3776 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/22 09:06:34.0250 3776 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/22 09:06:34.0687 3776 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/22 09:06:35.0171 3776 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/22 09:06:35.0623 3776 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/22 09:06:36.0076 3776 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/22 09:06:36.0512 3776 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/22 09:06:36.0965 3776 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/22 09:06:37.0370 3776 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/22 09:06:37.0823 3776 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/22 09:06:38.0353 3776 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/22 09:06:38.0821 3776 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/22 09:06:39.0289 3776 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/22 09:06:39.0757 3776 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/22 09:06:40.0194 3776 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/22 09:06:40.0631 3776 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/22 09:06:41.0099 3776 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/22 09:06:41.0536 3776 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/22 09:06:41.0972 3776 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/22 09:06:43.0252 3776 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/03/22 09:06:43.0766 3776 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/22 09:06:44.0188 3776 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/22 09:06:44.0593 3776 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/22 09:06:45.0061 3776 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/22 09:06:45.0482 3776 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/22 09:06:45.0904 3776 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/22 09:06:46.0387 3776 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/22 09:06:47.0105 3776 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/22 09:06:47.0573 3776 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/22 09:06:48.0072 3776 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/22 09:06:48.0556 3776 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/22 09:06:49.0055 3776 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/22 09:06:49.0476 3776 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/22 09:06:49.0897 3776 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/22 09:06:50.0396 3776 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/22 09:06:50.0864 3776 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/22 09:06:51.0317 3776 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/22 09:06:51.0754 3776 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/22 09:06:52.0175 3776 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/22 09:06:52.0627 3776 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/03/22 09:06:53.0048 3776 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/22 09:06:53.0516 3776 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/22 09:06:54.0000 3776 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/22 09:06:54.0421 3776 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/22 09:06:54.0905 3776 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/22 09:06:55.0342 3776 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/22 09:06:55.0763 3776 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/22 09:06:56.0184 3776 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/22 09:06:56.0683 3776 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/22 09:06:57.0089 3776 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/22 09:06:57.0541 3776 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/22 09:06:58.0009 3776 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/22 09:06:58.0493 3776 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/22 09:06:58.0930 3776 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/22 09:06:59.0382 3776 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/22 09:06:59.0959 3776 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/22 09:07:00.0443 3776 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/22 09:07:00.0895 3776 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/03/22 09:07:01.0348 3776 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/22 09:07:01.0800 3776 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/22 09:07:02.0315 3776 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/22 09:07:02.0736 3776 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/22 09:07:03.0142 3776 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/22 09:07:03.0563 3776 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/22 09:07:04.0124 3776 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/03/22 09:07:04.0577 3776 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/22 09:07:04.0982 3776 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/22 09:07:05.0388 3776 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/22 09:07:05.0825 3776 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/22 09:07:06.0246 3776 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/22 09:07:06.0667 3776 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/22 09:07:07.0166 3776 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/22 09:07:07.0572 3776 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/22 09:07:07.0978 3776 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/22 09:07:08.0414 3776 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/22 09:07:08.0836 3776 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/22 09:07:09.0335 3776 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/22 09:07:09.0740 3776 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/22 09:07:10.0146 3776 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/22 09:07:10.0552 3776 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/22 09:07:10.0988 3776 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/22 09:07:11.0550 3776 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/22 09:07:11.0971 3776 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/22 09:07:12.0392 3776 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/22 09:07:12.0814 3776 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/22 09:07:13.0219 3776 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/22 09:07:13.0609 3776 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/22 09:07:14.0030 3776 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/22 09:07:14.0467 3776 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/22 09:07:14.0951 3776 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/22 09:07:15.0419 3776 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/22 09:07:15.0840 3776 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/22 09:07:16.0246 3776 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/22 09:07:16.0651 3776 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/22 09:07:17.0088 3776 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/22 09:07:17.0494 3776 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/22 09:07:17.0915 3776 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/22 09:07:18.0336 3776 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/22 09:07:18.0757 3776 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/22 09:07:19.0241 3776 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/22 09:07:19.0662 3776 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/22 09:07:19.0756 3776 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/22 09:07:20.0192 3776 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/22 09:07:20.0629 3776 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/22 09:07:21.0284 3776 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/22 09:07:21.0799 3776 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/22 09:07:22.0330 3776 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/22 09:07:22.0501 3776 ================================================================================
2011/03/22 09:07:22.0501 3776 Scan finished
2011/03/22 09:07:22.0501 3776 ================================================================================
2011/03/22 09:09:21.0525 2240 Deinitialize success

 

[Blade81]

Hi,

Please post some screenshots showing those remaining symptoms.

 

[pedrodsky1]

help with malware removal

here are two screenshots attached.it keep opening the searching field on firefox,and the searching field in windows explorer.
thanks for your patience

 

[Blade81]

So, it opens those windows without pressing any button? Have you checked that there's not a key stuck?

 

[pedrodsky1]

no,in fact usually it opens 5 windows each time or more

 

[Blade81]

Hi,

Could you tell me if there were any other symptoms than this in the beginning and when did the issue pop up first time?

 

[pedrodsky1]

Hello,in fact i dont know,but the weird is that the laptop was already formatted and still shows the same symptoms

 

[Blade81]

That indicates some other than malware issue. Reformat would namely wipe all existing stuff away. Also, logs don't show any infection signs.

 

[pedrodsky1]

ok,thanks for your help

 

[Blade81]

You're welcome. If you're sure there's nothing pressing keyboard buttons down (sticky keys etc) then you may create a topic about the issue at Tech Support Guy for example. Like I said, if the problem was malware caused it should had disappeared when you had reformat done.