TechSpot

Virus, explorer 100% of memory

By evantro
Dec 2, 2010
  1. hello


    I have a computer infected, and I can't remove the virus.
    Could you please help me ?
    When I start the computer in safe mode or not the explorer grow until 100% of memory

    here are the several files generated

    King regards and thanks in advance

    Eric
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Logs should also be in English.
    Please ignore the comment on the DDS Attah.txt log to zip it> we do not want it zipped.
     
  3. evantro

    evantro TS Rookie Topic Starter Posts: 16

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    DDS (Ver_10-11-27.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/08/2007 9:04:52
    System Uptime: 12/02/2010 12:18:58 (7034 hours ago)
    Motherboard: Hewlett-Packard | | 30C6
    Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U1 | 1862/mhz

    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 50 GiB total, 9,465 GiB free.
    D: is FIXED (NTFS) - 5 GiB total, 0,636 GiB free.
    E: is CDROM ()
    ==== Disabled Device Manager Items =============
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Adaptador ISATAP de Microsoft
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Adaptador ISATAP de Microsoft

    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel

    ==== System Restore Points ==================

    No restore point in system.

    ==== Installed Programs ======================
    Active@ Partition Manager
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.6 - CPSID_49167
    Adobe Acrobat 8.1.6 Professional
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS
    Adobe Reader 8.2.0 - Français
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Software Update
    Archiveur WinRAR
    ASL_HS_Installer32
    µTorrent
    Auslogics Disk Defrag
    BadCopy Pro
    BlackBerry Desktop Software 4.2.1
    Broadcom 802.11 Wireless LAN Adapter
    Cain & Abel v4.9.35
    Card Detector for Huawei E1752 and E1552
    CCleaner
    CDex - Open Source Digital Audio CD Extractor
    ColorSchemer Studio 2
    Combined Community Codec Pack 2009-09-09
    Conexant HD Audio
    Connect
    D3DX10
    Desinstalación de Internet Everywhere
    DirectVobSub (remove only)
    EBP Btrieve 8.6
    EBP Comptabilité 12.1
    Emma Core
    FileZilla Client 3.3.4.1
    GeoGebra
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    HelpNDoc 2.9.0.144 Personal Edition
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP DVD Play 3.0
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Help and Support
    HP Product Detection
    HP Quick Launch Buttons 6.10 C1
    HP Update
    HP User Guide 0039
    HP Wireless Assistant
    Intel(R) Graphics Media Accelerator Driver
    IsoBuster 2.7
    Java Auto Updater
    Java(TM) 6 Update 20
    kuler
    Malwarebytes' Anti-Malware
    Media Go
    Microsoft .NET Framework 3.5 Language Pack SP1 - esn
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Antimalware Service ES-ES Language Pack
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (French) 2007
    Microsoft Office Excel MUI (French) 2007
    Microsoft Office FrontPage 2003
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook MUI (French) 2007
    Microsoft Office PowerPoint MUI (French) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (French) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (French) 2007
    Microsoft Office Shared MUI (French) 2007
    Microsoft Office Word MUI (French) 2007

    Microsoft Security Essentials

    Microsoft Silverlight

    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server*2008 Native Client
    Microsoft SQL*Server Compact*3.5 SP1*- Français
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - fra
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft Works
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)
    Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
    Mise à jour Microsoft Office Word 2007 Help (KB963665)
    Module de compatibilité pour Microsoft Office System 2007
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    Moleskinsoft Directory Size 2.
    Mozilla Firefox (3.6.12)
    Mp3tag v2.45a
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MusicBrainz Picard
    NetWaiting
    OGA Notifier 2.0.0048.0
    Outils de conception SQL*Server Compact*3.5 SP1*- Français
    Paint.NET v3.5.5
    Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn

    PC Connectivity Solution

    PDF Settings CS4

    Photoshop Camera Raw

    PlayStation(R)Network Downloader

    PlayStation(R)Store

    PSPad editor

    Quicksys RegDefrag 2.9

    QuickTime

    Roxio Creator Audio

    Roxio Creator Basic v9

    Roxio Creator Copy

    Roxio Creator Data

    Roxio Creator EasyArchive

    Roxio Creator Tools

    Roxio Express Labeler 3

    Roxio MyDVD Basic v9

    Samsung PC Studio

    Sauvegarde des Dossiers personnels Microsoft Outlook

    Security Update for 2007 Microsoft Office System (KB2288621)

    Security Update for 2007 Microsoft Office System (KB2289158)

    Security Update for 2007 Microsoft Office System (KB2344875)

    Security Update for 2007 Microsoft Office System (KB2345043)

    Security Update for 2007 Microsoft Office System (KB969559)

    Security Update for 2007 Microsoft Office System (KB976321)

    Security Update for CAPICOM (KB931906)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

    Security Update for Microsoft Office Access 2007 (KB979440)

    Security Update for Microsoft Office Excel 2007 (KB2345035)

    Security Update for Microsoft Office InfoPath 2007 (KB979441)

    Security Update for Microsoft Office Outlook 2007 (KB2288953)

    Security Update for Microsoft Office PowerPoint 2007 (KB982158)

    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

    Security Update for Microsoft Office Publisher 2007 (KB982124)

    Security Update for Microsoft Office system 2007 (972581)

    Security Update for Microsoft Office system 2007 (KB974234)

    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

    Security Update for Microsoft Office Word 2007 (KB2344993)

    Segoe UI

    SEMC OMSI Module

    Skype web features

    Skype™ 4.2

    Sonic Activation Module

    Sony Ericsson PC Suite 6.009.00

    Spelling Dictionaries Support For Adobe Reader 8

    Spybot - Search & Destroy

    SQL Server System CLR Types

    Suite Shared Configuration CS4

    Synaptics Pointing Device Driver

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Outlook 2007 Junk Email Filter (KB2443839)

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    VLC media player 1.1.4

    WampServer 2.0

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Messenger

    Windows Live OneCare safety scanner

    Windows Live Photo Common

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    WinHTTrack Website Copier 3.43-9C

    WinZip 11.1



    ==== Event Viewer Messages From Past Week ========



    30/11/2010 8:57:22, Error: Service Control Manager [7031] - El servicio Microsoft Antimalware Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 15000 milisegundos: Reiniciar el servicio.

    30/11/2010 8:49:10, Error: Service Control Manager [7022] - El servicio Windows Update no respondió después de iniciar.

    30/11/2010 8:44:58, Error: Service Control Manager [7022] - El servicio KTMRM para DTC (Coordinador de transacciones distribuidas) no respondió después de iniciar.

    30/11/2010 8:44:58, Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Audiosrv.

    30/11/2010 8:35:22, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: is3srv szkg5 szkgfs

    30/11/2010 8:35:22, Error: Service Control Manager [7000] - El servicio eamonm no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado.

    28/11/2010 15:08:18, Error: Service Control Manager [7001] - El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: AFD DfsC is3srv MpFilter NetBIOS netbt nsiproxy pavboot PSched RasAcd rdbss Smb spldr szkg5 szkgfs tdx Wanarpv6

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio SMB MiniRedirector Wrapper and Engine depende del servicio Redirected Buffering Sub Sysytem, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio SMB 2.0 MiniRedirector depende del servicio SMB MiniRedirector Wrapper and Engine, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio SMB 1.x MiniRedirector depende del servicio SMB MiniRedirector Wrapper and Engine, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Servicio Interfaz de almacenamiento en red depende del servicio NSI proxy service, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Reconocimiento de ubicación de red depende del servicio Servicio Interfaz de almacenamiento en red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Estación de trabajo depende del servicio Servicio Interfaz de almacenamiento en red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Conexiones de red depende del servicio Servicio Interfaz de almacenamiento en red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Cliente DNS depende del servicio Controlador de soporte TDI heredado NetIO, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Cliente DHCP depende del servicio Ancilliary Function Driver for Winsock, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Aplicación auxiliar IP depende del servicio Servicio Interfaz de almacenamiento en red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    28/11/2010 15:08:05, Error: Service Control Manager [7001] - El servicio Aplicación auxiliar de NetBIOS sobre TCP/IP depende del servicio Ancilliary Function Driver for Winsock, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos vinculados al sistema no funciona.

    28/11/2010 15:06:58, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio netprofm con argumentos "" para ejecutar el servidor: {A47979D2-C419-11D9-A5B4-001185AD2B89}

    28/11/2010 15:06:58, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio netman con argumentos "" para ejecutar el servidor: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    28/11/2010 15:06:58, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio fdPHost con argumentos "" para ejecutar el servidor: {145B4335-FE2A-4927-A040-7C35AD3180EF}

    28/11/2010 12:56:41, Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio ShellHWDetection.

    28/11/2010 12:45:33, Error: Service Control Manager [7022] - El servicio Windows Update no respondió después de iniciar.

    28/11/2010 12:40:56, Error: Service Control Manager [7022] - El servicio Servicios de base TPM no respondió después de iniciar.

    28/11/2010 12:38:59, Error: Service Control Manager [7022] - El servicio KTMRM para DTC (Coordinador de transacciones distribuidas) no respondió después de iniciar.

    28/11/2010 12:36:15, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio HP Health Check Service.

    28/11/2010 12:36:15, Error: Service Control Manager [7000] - El servicio HP Health Check Service no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.

    28/11/2010 12:33:26, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: is3srv szkg5 szkgfs

    28/11/2010 12:15:24, Error: Service Control Manager [7022] - El servicio Windows Update no respondió después de iniciar.

    28/11/2010 12:13:11, Error: Service Control Manager [7000] - El servicio Servicio de uso compartido de red del Reproductor de Windows Media no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.

    28/11/2010 12:13:10, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Servicio de uso compartido de red del Reproductor de Windows Media.

    28/11/2010 12:12:07, Error: Service Control Manager [7022] - El servicio Servicios de base TPM no respondió después de iniciar.

    28/11/2010 12:09:20, Error: Service Control Manager [7022] - El servicio KTMRM para DTC (Coordinador de transacciones distribuidas) no respondió después de iniciar.

    28/11/2010 12:07:01, Error: Service Control Manager [7000] - El servicio HP Health Check Service no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.

    28/11/2010 12:07:00, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio HP Health Check Service.

    28/11/2010 12:06:30, Error: Service Control Manager [7022] - El servicio Service Google Update (gupdate) no respondió después de iniciar.

    28/11/2010 12:02:21, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Microsoft .NET Framework NGEN v4.0.30319_X86.

    28/11/2010 12:00:16, Error: Microsoft Antimalware [3002] - La característica de protección en tiempo real de Microsoft Antimalware detectó un error y no pudo iniciarse. Característica: Al tener acceso Código de error: 0x80004005 Descripción del error: Error no especificado Causa: El controlador de filtro omitió ciertos elementos de detección y está en modo de paso a través. Esto puede deberse a la escasez de recursos.

    28/11/2010 11:56:44, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: is3srv szkg5 szkgfs

    27/11/2010 19:18:45, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:18:21, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:17:58, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:17:34, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:16:24, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:14:03, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:13:57, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:13:45, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:13:10, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:09:07, Error: cdrom [11] - El controlador detectó un error de controladora en \Device\CdRom0.

    27/11/2010 19:07:27, Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio WerSvc.

    27/11/2010 17:16:16, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: is3srv szkg5 szkgfs

    27/11/2010 16:59:59, Error: ACPI [13] - : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.

    27/11/2010 16:59:54, Error: ACPI [13] - : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.

    27/11/2010 16:59:49, Error: ACPI [13] - : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.

    27/11/2010 16:59:44, Error: ACPI [13] - : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.

    27/11/2010 16:59:39, Error: ACPI [13] - : la controladora integrada (EC) no respondió en el período de tiempo de espera especificado. Puede deberse a un error en el firmware o hardware de EC, o a un acceso incorrecto a la EC por parte del BIOS. Pregunte al fabricante del equipo si dispone de un BIOS actualizado. En algunas situaciones, este error puede provocar el funcionamiento incorrecto del equipo.

    27/11/2010 11:53:14, Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio stisvc.

    26/11/2010 19:53:21, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: is3srv szkg5 szkgfs

    25/11/2010 13:20:57, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: is3srv szkg5 szkgfs

    02/12/2010 13:31:27, Error: Microsoft Antimalware [2001] - Microsoft Antimalware detectó un error al intentar actualizar las firmas. Nueva versión de la firma: Versión anterior de la firma: 1.95.861.0 Origen de la actualización: Servidor de Microsoft Update Fase de actualización: Buscar Ruta de acceso de origen: Default URL Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión del motor actual: Versión del motor anterior: 1.1.6402.0 Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores

    02/12/2010 12:58:48, Error: Microsoft Antimalware [2001] - Microsoft Antimalware detectó un error al intentar actualizar las firmas. Nueva versión de la firma: Versión anterior de la firma: 1.95.861.0 Origen de la actualización: Servidor de Microsoft Update Fase de actualización: Buscar Ruta de acceso de origen: Default URL Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión del motor actual: Versión del motor anterior: 1.1.6402.0 Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores

    02/12/2010 12:58:48, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio wuauserv con argumentos "" para ejecutar el servidor: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    02/12/2010 12:25:59, Error: Service Control Manager [7031] - El servicio Microsoft Antimalware Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 15000 milisegundos: Reiniciar el servicio.

    02/12/2010 12:23:07, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {9E175B6D-F52A-11D8-B9A5-505054503030}

    02/12/2010 12:22:57, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    02/12/2010 12:22:45, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor: {DD522ACC-F821-461A-A407-50B198B896DC}

    02/12/2010 12:20:59, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: is3srv MpFilter pavboot spldr szkg5 szkgfs Wanarpv6

    02/12/2010 12:20:59, Error: Service Control Manager [7001] - El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

    02/12/2010 12:19:39, Error: EventLog [6008] - El cierre anterior del sistema a las 9:23:59 del 30/11/2010 resultó inesperado.

    ==== End Of File ===========================

    GMER 1.0.15.15530 - http://www.gmer.net

    Rootkit scan 2010-12-02 14:14:43
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC7BP
    Running: dmxtgdje.exe; Driver: C:\Users\Eric\AppData\Local\Temp\ugrcqpod.sys

    ---- User IAT/EAT - GMER 1.0.15 ----
    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73E37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73E8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73E3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73E2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73E375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73E2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73E3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73E2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73E2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73E271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73EBCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73E5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73E2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73E26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73E2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\explorer.exe[1928] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73E32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dinámico/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ---
    Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report07b48037
    ---- EOF - GMER 1.0.15 ----

    Malwarebytes' Anti-Malware 1.50

    www.malwarebytes.org
    Versión de la Base de Datos: 5232
    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18975
    02/12/2010 13:22:22
    mbam-log-2010-12-02 (13-22-22).txt

    Tipos de Análisis: Análisis Rápido

    Objetos examinados: 157350
    Tiempo transcurrido: 23 minuto(s), 19 segundo(s)
    Procesos en Memoria Infectados: 0
    Módulos de Memoria Infectados: 0
    Claves del Registro Infectadas: 6
    Valores del Registro Infectados: 2
    Elementos de Datos del Registro Infectados: 0
    Carpetas Infectadas: 5
    Archivos Infectados: 6

    Procesos en Memoria Infectados:
    (No se han detectado elementos maliciosos)

    Módulos de Memoria Infectados:
    (No se han detectado elementos maliciosos)

    Claves del Registro Infectadas:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.

    Valores del Registro Infectados:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.

    Elementos de Datos del Registro Infectados:
    (No se han detectado elementos maliciosos)

    Carpetas Infectadas:

    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.

    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.

    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.

    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.

    c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.

    Archivos Infectados:

    c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.

    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.

    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.

    c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.

    c:\program files\resultbar\resultbar.dll (Adware.ResultBar) -> Quarantined and deleted successfully.

    EDIT: Attempt has been made to remove some of the unnecessary double-spacing in logs. No content has been changed. Member advised
     
  4. evantro

    evantro TS Rookie Topic Starter Posts: 16

    DDS (Ver_10-11-27.01) - NTFSx86 NETWORK
    Run by Eric at 14:14:53,12 on 02/12/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.1013.357 [GMT 1:00]
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsv
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Taskmgr.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Eric\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.es/
    uInternet Settings,ProxyServer = 193.55.112.41:3128
    uInternet Settings,ProxyOverride = <local>
    BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dl
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: CGToolBar: {d369081e-2ae8-4caf-9a55-3e6cf9bc4a71} - mscoree.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\users\eric\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [CardDetectorHUAWEI1752_1552] c:\program files\carddetector\huawei1752_1552\CardDetector.exe
    mRun: [IEWINTERNET-SPSessionManager] "c:\program files\orange\internet everywhere\sessionmanager\SessionManager.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Ajouter au fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convertir au format Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htm
    IE: Convertir en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll

    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab

    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab

    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    Notify: igfxcui - igfxdev.dll

    Hosts: 91.121.174.173 atenpace.org

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\uq31zump.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=

    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\microsoft\office live\npOLW.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll

    FF - plugin: c:\program files\sony\media go\npmediago.dll

    FF - plugin: c:\users\eric\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\uq31zump.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    FF - Extension: Diccionario de Español/España: es-es@dictionaries.addons.mozilla.org - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\uq31zump.default\extensions\es-es@dictionaries.addons.mozilla.org

    FF - Extension: Firebug: firebug@software.joehewitt.com - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\uq31zump.default\extensions\firebug@software.joehewitt.com

    FF - Extension: UrlParams: {433AF77F-54E5-425b-81D7-6884C7AE77E6} - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\uq31zump.default\extensions\{433AF77F-54E5-425b-81D7-6884C7AE77E6}

    FF - Extension: SEO Website Analysis: {8BCA0E8A-E57B-425b-A05B-CD3868EB577E} - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\uq31zump.default\extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}

    ---- FIREFOX POLICIES ----

    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1

    ============= SERVICES / DRIVERS ===============

    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-11 27632]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-6-17 28552]
    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\bin\WGE_SRV.exe [2006-12-7 32768]
    S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\common files\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2009-12-16 306296]
    S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\common files\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2009-12-16 162936
    S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-1-11 90112]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-1 1153368]
    S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2007-6-9 146432]
    S3 FontCache;Servicio de caché de fuentes de Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-1 21504]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-6-15 103040]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-1-11 86824]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-1-11 15016]

    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-1-11 114600]

    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-1-11 108328]

    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-1-11 26024]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-1-11 104616]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-1-11 109736
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Peauvcsf;Peauvcsf; [x]

    =============== Created Last 30 ================

    2010-12-02 12:25:58 54016 ----a-w- c:\windows\system32\drivers\bvnhunb.sys
    2010-12-02 11:31:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-02 11:31:10 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-02 11:31:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-02 11:30:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-02 11:17:39 -------- d---a-w- C:\Eric
    2010-11-30 08:19:27 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{15e0b185-6692-4e29-aa9f-e03bdaab3352}\mpengine.dll
    2010-11-28 09:31:33 -------- d-----w- c:\users\eric\appdata\roaming\Auslogics
    2010-11-28 09:31:26 -------- d-----w- c:\program files\Auslogics
    2010-11-27 15:55:25 -------- d-----w- c:\program files\SP35954
    2010-11-27 15:33:42 -------- d-----w- c:\windows\Downloaded Installations
    2010-11-25 17:19:46 -------- d-----w- c:\users\eric\appdata\roaming\HelpNDoc
    2010-11-25 17:19:06 -------- d-----w- c:\program files\IBE Software
    2010-11-23 19:44:53 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-11-18 19:53:55 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-11-16 18:49:03 469256 ----a-w- c:\program files\common files\windows live\.cache\eebe48cb1cb85be2b\InstallManager_WLE_WLE.exe
    2010-11-16 18:47:03 15712 ----a-w- c:\program files\common files\windows live\.cache\a8cedf5b1cb85be1f\MeshBetaRemover.exe
    2010-11-16 18:45:23 94040 ----a-w- c:\program files\common files\windows live\.cache\6d07ae2b1cb85be18\DSETUP.dll
    2010-11-16 18:45:23 525656 ----a-w- c:\program files\common files\windows live\.cache\6d07ae2b1cb85be18\DXSETUP.exe
    2010-11-16 18:45:23 1691480 ----a-w- c:\program files\common files\windows live\.cache\6d07ae2b1cb85be18\dsetup32.dll
    2010-11-16 18:45:15 525656 ----a-w- c:\program files\common files\windows live\.cache\675e08cb1cb85be17\DXSETUP.exe
    2010-11-16 18:45:15 1691480 ----a-w- c:\program files\common files\windows live\.cache\675e08cb1cb85be17\dsetup32.dll
    2010-11-16 18:45:14 94040 ----a-w- c:\program files\common files\windows live\.cache\675e08cb1cb85be17\DSETUP.dll
    2010-11-16 18:40:53 -------- d-----w- c:\users\eric\appdata\local\Windows Live
    2010-11-16 18:39:37 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-11-09 21:49:30 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

    ==================== Find3M ====================

    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll



    ============= FINISH: 14:15:34,54 ===============

    EDIT: Attempt has been made to remove some of the double spacing in the logs. Content has not been changed. Member advised.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm going to edit your posts to get rid of the double spacing. There's no reason to spread the logs out. It's going to take me a while, then I'll review the logs.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run the following

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    Security Check

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Please do not double space the log entries. Paste both logs in next reply just as they appear after the program has run. IF you have a text editor set to double space lines, set it back to sing;e space.
     
  7. evantro

    evantro TS Rookie Topic Starter Posts: 16

    I am doing what you requested, but I can't stop Windows Defender that I use as anti-virus.

    It doesn't appear in the tray bar, and when I try to launch it I receive an error message.

    I hope it won't blur the results...

    Anyway I'll post the results as soon as I got them.
     
  8. evantro

    evantro TS Rookie Topic Starter Posts: 16

    hello

    I didn't find the log: C:\Program Files\EsetOnlineScanner\log.txt
    but this one: C:\Program Files\ESET\ESET Online Scanner\log.txt. I suppose that it is the good one.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=53251


    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    ESET Online Scanner v3
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    Microsoft Security Essentials successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 20
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 8.2.0 - Français
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Spybot Teatimer.exe is disabled!
    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That is only the registration for Eset- not the scan.

    To disable Windows Defender:
    1. Open Windows Defender by clicking the Start button [​IMG], clicking All Programs, and then clicking Windows Defender.
    2 Click Tools, and then click Options.
    3.Under Administrator options, clear the Use Windows Defender check box, and then click Save. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    =====================================
    Now please run the Eset scan again.
    =====================================
    Follow with Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  10. evantro

    evantro TS Rookie Topic Starter Posts: 16

    I can't access to windows defender. A message says that it is deactivated. (see enclose)
    the nod32 scan is very long but I don't find other logs than the one I already post
    here is the combofix log

    thank's

    ComboFix 10-12-09.02 - Eric 10/12/2010 9:15.2.1 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.1013.275 [GMT 1:00]
    Running from: c:\users\Eric\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
    .

    2010-12-10 08:28 . 2010-12-10 08:28 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-12-10 08:28 . 2010-12-10 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-10 08:28 . 2010-12-10 08:28 -------- d-----w- c:\users\Admin RDC\AppData\Local\temp
    2010-12-09 22:17 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0789C33B-8F73-4DEA-B26C-0A278E2287BE}\mpengine.dll
    2010-12-02 11:31 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-02 11:31 . 2010-12-02 11:31 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-02 11:31 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-02 11:30 . 2010-12-02 11:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-02 11:17 . 2010-12-05 16:02 -------- d---a-w- C:\Eric
    2010-11-28 09:31 . 2010-11-28 09:31 -------- d-----w- c:\users\Eric\AppData\Roaming\Auslogics
    2010-11-28 09:31 . 2010-11-28 09:31 -------- d-----w- c:\program files\Auslogics
    2010-11-27 15:55 . 2010-11-27 15:55 -------- d-----w- c:\program files\SP35954
    2010-11-27 15:33 . 2010-11-27 15:33 -------- d-----w- c:\windows\Downloaded Installations
    2010-11-25 17:19 . 2010-11-25 18:44 -------- d-----w- c:\users\Eric\AppData\Roaming\HelpNDoc
    2010-11-25 17:19 . 2010-11-25 17:19 -------- d-----w- c:\program files\IBE Software
    2010-11-23 19:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-11-18 19:53 . 2007-03-23 02:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-11-17 20:46 . 2010-11-17 20:46 -------- d-----w- c:\users\Eric\AppData\Roaming\vlc
    2010-11-16 18:49 . 2010-11-16 18:49 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\eebe48cb1cb85be2b\InstallManager_WLE_WLE.exe
    2010-11-16 18:47 . 2010-11-16 18:47 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\a8cedf5b1cb85be1f\MeshBetaRemover.exe
    2010-11-16 18:45 . 2010-11-16 18:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d07ae2b1cb85be18\DXSETUP.exe
    2010-11-16 18:45 . 2010-11-16 18:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d07ae2b1cb85be18\DSETUP.dll
    2010-11-16 18:45 . 2010-11-16 18:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d07ae2b1cb85be18\dsetup32.dll
    2010-11-16 18:45 . 2010-11-16 18:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\675e08cb1cb85be17\DXSETUP.exe
    2010-11-16 18:45 . 2010-11-16 18:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\675e08cb1cb85be17\dsetup32.dll
    2010-11-16 18:45 . 2010-11-16 18:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\675e08cb1cb85be17\DSETUP.dll
    2010-11-16 18:40 . 2010-12-09 22:02 -------- d-----w- c:\users\Eric\AppData\Local\Windows Live
    2010-11-16 18:39 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-10 04:33 . 2010-09-20 17:20 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-10-19 20:51 . 2009-10-05 07:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-13 13:56 . 2010-10-15 19:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
    "Google Update"="c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-23 136176]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-26 328568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "CardDetectorHUAWEI1752_1552"="c:\program files\CardDetector\HUAWEI1752_1552\CardDetector.exe" [2009-08-27 282624]
    "IEWINTERNET-SPSessionManager"="c:\program files\Orange\Internet Everywhere\SessionManager\SessionManager.exe" [2009-08-27 140016]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gladinet Cloud Desktop.lnk]
    backup=c:\windows\pss\Gladinet Cloud Desktop.lnkCommon Startup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Gladinet Cloud Desktop.lnk
    backupExtension=Common Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-14 19:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2009-11-24 15:21 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 14:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
    2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-57600503-372010182-768747849-1000]
    "EnableNotificationsRef"=dword:00000001

    R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
    R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
    R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\Drivers\cam1690.sys [2007-06-09 146432]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-23 103040]
    R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
    R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
    R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
    R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
    R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
    R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
    R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 Peauvcsf;Peauvcsf; [x]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
    S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2009-12-16 306296]
    S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2009-12-16 162936]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:07]

    2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:07]

    2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57600503-372010182-768747849-1003Core.job
    - c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 07:36]

    2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57600503-372010182-768747849-1003UA.job
    - c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 07:36]

    2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{5EF9B73E-66F2-4292-8413-3BB8451480A6}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]

    2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{E8CA922A-19F4-4613-A352-4375FB8A84F6}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]

    2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{FA643EEE-5ADA-40D2-8E3D-380504076B9A}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.es/
    uInternet Settings,ProxyServer = 193.55.112.41:3128
    uInternet Settings,ProxyOverride = <local>
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\uq31zump.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
    FF - plugin: c:\users\Eric\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\uq31zump.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Diccionario de Español/España: es-es@dictionaries.addons.mozilla.org - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\uq31zump.default\extensions\es-es@dictionaries.addons.mozilla.org
    FF - Extension: Firebug: firebug@software.joehewitt.com - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\uq31zump.default\extensions\firebug@software.joehewitt.com
    FF - Extension: UrlParams: {433AF77F-54E5-425b-81D7-6884C7AE77E6} - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\uq31zump.default\extensions\{433AF77F-54E5-425b-81D7-6884C7AE77E6}
    FF - Extension: SEO Website Analysis: {8BCA0E8A-E57B-425b-A05B-CD3868EB577E} - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\uq31zump.default\extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}

    ---- FIREFOX POLICIES ----
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-10 09:28
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\TEMP\TMP000009D507EC843DE33FA131 524288 bytes

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-12-10 09:36:04
    ComboFix-quarantined-files.txt 2010-12-10 08:36

    Pre-Run: 9.343.107.072 bytes libres
    Post-Run: 9.303.240.704 bytes libres

    - - End Of File - - 244BC2E491F76030E6F4F97164590673
     

    Attached Files:

  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Translated Spanish to English:
    Try All Programs> Windows Defender.

    I need a virus scan:
    Run Kaspersky Online Scanner in Internet Explorer

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
     
  12. evantro

    evantro TS Rookie Topic Starter Posts: 16

    The ultimate scan with enod 32 didn't gave any result (nothing found)

    after all the last steps of your ultimate message I am able to deactivate Windows defender. I did it and launch an other scan.

    The result still the same: nothing found...

    anyway I'll launch the kaspersky and send you the resulting log.

    Thank's
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I repeat> the scans generate a log, whether malware is found or not.
     
  14. evantro

    evantro TS Rookie Topic Starter Posts: 16

    I started the process with kapersky but at the end of the actualization I received an error message:

    ERROR: Anti-virus database was updated after licence expiry ...

    What should I do ?
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Uninstall the Kaspersky you have now. Then go to the site and download/scan new. Use the URL link I gave you. Be sure to follow this:
     
  16. evantro

    evantro TS Rookie Topic Starter Posts: 16

    I am sorry to insist with my problem, but I'm stuck.
    I already did it twice but to be sure I de-installed microsoft sercurity, so I now don't have any anti virus on the computer. I runned TFC again to clean any temp file.

    I don't have any entry in the startup menu or in the control panel to desinstall kaspersky. I downloaded the kaspersky removal tool to ensure that I don't have any rest of kaspersky (I didn't used it before).

    When I launched the kaspersky online, it downloaded another time .jar and actualisations, then throw the same licence message.
    I check on there web and forums, and the only thing I see is the clock which is set properly.


    I also runed an other time eset nod 32 and there is no more log file...

    What's going on ? I confirm that I search in all the computer. I booted with a Linux live cd to search and I didn't found it....

    Thank's
     
  17. evantro

    evantro TS Rookie Topic Starter Posts: 16

    has there is no log I post a hard copy of the result:

    nothing
     

    Attached Files:

  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, for now I'll pass on the online AV scanning.
    I note that you are loading Gladinet Cloud Desktop. I found this description on their home site:
    I'm
    not familiar with this program, but just going by the description, could this be running in the background and using so much of the system resources?
    =============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\drivers\is3srv.sys
    c:\windows\system32\DRIVERS\szkg.sys
    c:\windows\system32\drivers\szkgfs.sys
    c:\windows\system32\DRIVERS\eamonm.sys 
    Extra::
    File::
    c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    Firefox::
    Firefox-; - Profile- c:\users\eric\appdata\roaming\mozilla\firefox\profiles\uq31zump.default\
    DirLook::
    C:\Eric
    c:\program files\SP35954
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    Driver::
    Peauvcsf
    is3srv
    szkg5
    eamonm
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    You have this extension on Firefox: mp3tubetoolbarsearch.com Much of the malware found in Mbam came from this source. I don't know whether it's from the extension itself or the site where you got it, but I recommend that you remove it. There are also some old Java versions that remain as extensions and they need to be removed also:
    Open Firefoc> Click on Tools> Add-ons> Find each of the following and uninstall it. Restart Firefox when done:
    mp3tubetoolbarsearch
    Java v6u14
    Java v6u15
    Jave v6u17
    Java v6u20

    Close Firefox when through then re-launch Firefox. You do not need to add Java update as extensions. When you update Java to the current version, Firefox will be protected. Current v6u22 is here:Java Updates Be sure to Uninstall any earlier versions in Add/Remove Programs.
    ==============================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  19. evantro

    evantro TS Rookie Topic Starter Posts: 16

    hello,

    just a few comments:
    - I do not use anymore gladinet, and I thought I had uninstalled it. There is no entry to remove it. If you have a procedure to cleanly delete it it will be great.
    - I firefox I didn't find I neither found a way to disable the module mp3tubetoolbar, I think that i had already deactivated it (hope so)


    ComboFix 10-12-20.01 - Eric 20/12/2010 23:23:18.3.1 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.1013.380 [GMT 1:00]
    Running from: c:\eric\ComboFix.exe
    Command switches used :: c:\eric\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point

    FILE ::
    "c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll"
    "c:\windows\system32\DRIVERS\eamonm.sys"
    "c:\windows\system32\drivers\is3srv.sys"
    "c:\windows\system32\DRIVERS\szkg.sys"
    "c:\windows\system32\drivers\szkgfs.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_EAMONM
    -------\Legacy_PEAUVCSF
    -------\Legacy_SZKG5
    -------\Service_eamonm
    -------\Service_is3srv
    -------\Service_Peauvcsf
    -------\Service_szkg5


    ((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
    .

    2010-12-20 22:37 . 2010-12-20 22:37 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-12-20 22:37 . 2010-12-20 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-20 22:37 . 2010-12-20 22:37 -------- d-----w- c:\users\Admin RDC\AppData\Local\temp
    2010-12-20 22:15 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1A84D0A-9165-448A-B3DF-B2F7ED9CAE55}\mpengine.dll
    2010-12-17 09:54 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-17 09:48 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2010-12-02 11:31 . 2010-12-02 11:31 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-02 11:30 . 2010-12-10 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-02 11:17 . 2010-12-20 22:22 -------- d---a-w- C:\Eric
    2010-11-28 09:31 . 2010-11-28 09:31 -------- d-----w- c:\users\Eric\AppData\Roaming\Auslogics
    2010-11-28 09:31 . 2010-11-28 09:31 -------- d-----w- c:\program files\Auslogics
    2010-11-27 15:55 . 2010-11-27 15:55 -------- d-----w- c:\program files\SP35954
    2010-11-27 15:33 . 2010-11-27 15:33 -------- d-----w- c:\windows\Downloaded Installations
    2010-11-25 17:19 . 2010-11-25 18:44 -------- d-----w- c:\users\Eric\AppData\Roaming\HelpNDoc
    2010-11-25 17:19 . 2010-11-25 17:19 -------- d-----w- c:\program files\IBE Software
    2010-11-23 19:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 09:41 . 2009-10-05 07:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\Eric ----

    2010-12-10 08:39 . 2010-12-10 08:39 20529 ----a-w- c:\eric\log combofix.txt
    2010-12-05 15:04 . 2010-12-05 15:01 166 ----a-w- c:\eric\Nod32 online.txt
    2010-12-03 08:27 . 2010-12-03 08:25 161243 ----a-w- c:\eric\rkunhooker.zip
    2010-12-03 08:27 . 2010-12-03 08:19 2205157 ----a-w- c:\eric\IceSword122en.zip
    2010-12-02 21:29 . 2010-12-02 21:29 5729 ----a-w- c:\eric\Attach.txt.zip
    2010-12-02 13:16 . 2010-12-02 13:16 24725 ----a-w- c:\eric\Attach.txt
    2010-12-02 13:15 . 2010-12-02 13:16 18516 ----a-w- c:\eric\DDS.txt
    2010-12-02 13:14 . 2010-12-02 13:14 5564 ----a-w- c:\eric\gmer.log
    2010-12-02 12:23 . 2010-12-02 12:23 3935 ----a-w- c:\eric\mbam-log-2010-12-02 (13-22-22).txt
    2010-12-02 11:17 . 2010-12-02 11:13 446464 ----a-w- c:\eric\TFC.exe
    2010-12-02 11:17 . 2010-12-02 11:16 64 ----a-w- c:\eric\procedure.txt
    2010-12-02 11:17 . 2010-12-02 11:14 7622112 ----a-w- c:\eric\mbam-setup-1.50.0.0.exe
    2010-12-02 11:17 . 2010-12-02 11:14 296448 ----a-w- c:\eric\dmxtgdje.exe
    2010-12-02 11:17 . 2010-12-02 11:15 630272 ----a-w- c:\eric\dds.scr
    2010-12-02 11:17 . 2010-12-20 22:03 3995496 ----a-r- c:\eric\ComboFix.exe

    ---- Directory of c:\program files\SP35954 ----

    2007-04-25 16:31 . 2007-04-25 16:31 1073522 ----a-w- c:\program files\SP35954\winflash32\bios.wph
    2007-04-25 16:31 . 2007-04-25 16:31 1073522 ----a-w- c:\program files\SP35954\Winphlash64\BIOS.WPH
    2007-03-28 17:06 . 2007-03-28 17:06 249 ----a-w- c:\program files\SP35954\Winphlash64\PHLASH.INI
    2007-03-28 17:06 . 2007-03-28 17:06 1498 ----a-w- c:\program files\SP35954\Winphlash64\PHLASH.LOG
    2007-03-28 16:34 . 2007-03-28 16:34 701 ----a-w- c:\program files\SP35954\winflash32\PHLASH.INI
    2007-03-28 08:01 . 2007-03-28 08:01 8628 ---ha-w- c:\program files\SP35954\Winphlash64\winphlash.GID
    2007-02-28 22:56 . 2007-02-28 22:56 502 ----a-w- c:\program files\SP35954\SPReturnCodeTest.js
    2007-02-01 15:26 . 2007-02-01 15:26 185904 ----a-w- c:\program files\SP35954\SPTest.exe
    2006-11-21 09:28 . 2006-11-21 09:28 45888 ----a-w- c:\program files\SP35954\Winphlash64\PhlashNT.sys
    2006-11-21 09:16 . 2006-11-21 09:16 327680 ----a-w- c:\program files\SP35954\Winphlash64\WinPhlash64.exe
    2006-09-22 09:05 . 2006-09-22 09:05 348160 ----a-w- c:\program files\SP35954\winflash32\SWinFlash.exe
    2006-09-06 09:09 . 2006-09-06 09:09 31616 ----a-w- c:\program files\SP35954\winflash32\PhlashNT.sys
    2006-06-14 12:25 . 2006-06-14 12:25 1497583 ----a-w- c:\program files\SP35954\Winphlash64\Winphlash.HLP
    2006-03-03 10:17 . 2006-03-03 10:17 26883 ----a-w- c:\program files\SP35954\winflash32\Phlash9X.vxd
    2006-03-01 16:45 . 2006-03-01 16:45 200704 ----a-w- c:\program files\SP35954\winflash32\PhlashLc.dll
    2005-09-28 09:30 . 2005-09-28 09:30 200704 ----a-w- c:\program files\SP35954\Winphlash64\PhlashLc.dll
    2004-08-03 23:56 . 2004-08-03 23:56 283648 ----a-w- c:\program files\SP35954\winflash32\winhlp32.exe
    2004-08-03 23:56 . 2004-08-03 23:56 283648 ----a-w- c:\program files\SP35954\Winphlash64\winhlp32.exe
    2003-01-08 14:24 . 2003-01-08 14:24 380454 ----a-w- c:\program files\SP35954\winflash32\WINPHLASH.HLP
    2002-06-06 11:01 . 2002-06-06 11:01 266293 ----a-r- c:\program files\SP35954\winflash32\msvcrt.dll
    2002-06-06 11:01 . 2002-06-06 11:01 266293 ----a-r- c:\program files\SP35954\Winphlash64\msvcrt.dll
    2002-06-06 11:01 . 2002-06-06 11:01 401462 ----a-r- c:\program files\SP35954\winflash32\msvcp60.dll
    2002-06-06 11:01 . 2002-06-06 11:01 401462 ----a-r- c:\program files\SP35954\Winphlash64\msvcp60.dll
    2002-06-06 11:00 . 2002-06-06 11:00 995383 ----a-r- c:\program files\SP35954\winflash32\mfc42.dll
    2002-06-06 11:00 . 2002-06-06 11:00 995383 ----a-r- c:\program files\SP35954\Winphlash64\mfc42.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
    "Google Update"="c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-23 136176]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-26 328568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "CardDetectorHUAWEI1752_1552"="c:\program files\CardDetector\HUAWEI1752_1552\CardDetector.exe" [2009-08-27 282624]
    "IEWINTERNET-SPSessionManager"="c:\program files\Orange\Internet Everywhere\SessionManager\SessionManager.exe" [2009-08-27 140016]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gladinet Cloud Desktop.lnk]
    backup=c:\windows\pss\Gladinet Cloud Desktop.lnkCommon Startup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Gladinet Cloud Desktop.lnk
    backupExtension=Common Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-14 19:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2009-11-24 15:21 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 14:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-57600503-372010182-768747849-1000]
    "EnableNotificationsRef"=dword:00000001

    R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\Drivers\cam1690.sys [2007-06-09 146432]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-23 103040]
    R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
    R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
    R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
    R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
    R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
    R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
    R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
    S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2009-12-16 306296]
    S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2009-12-16 162936]
    S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:07]

    2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:07]

    2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57600503-372010182-768747849-1003Core.job
    - c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 07:36]

    2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57600503-372010182-768747849-1003UA.job
    - c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 07:36]

    2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{5EF9B73E-66F2-4292-8413-3BB8451480A6}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]

    2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{E8CA922A-19F4-4613-A352-4375FB8A84F6}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]

    2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{FA643EEE-5ADA-40D2-8E3D-380504076B9A}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.es/
    uInternet Settings,ProxyServer = 193.55.112.41:3128
    uInternet Settings,ProxyOverride = <local>
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\uq31zump.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Diccionario de Español/España: es-es@dictionaries.addons.mozilla.org - %profile%\extensions\es-es@dictionaries.addons.mozilla.org
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: UrlParams: {433AF77F-54E5-425b-81D7-6884C7AE77E6} - %profile%\extensions\{433AF77F-54E5-425b-81D7-6884C7AE77E6}
    FF - Ext: SEO Website Analysis: {8BCA0E8A-E57B-425b-A05B-CD3868EB577E} - %profile%\extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\servicing\TrustedInstaller.exe
    c:\pvsw\Bin\WGE_SRV.exe
    c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\pvsw\BIN\W3dbsmgr.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\conime.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-21 06:58:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-21 05:57
    ComboFix2.txt 2010-12-10 08:36

    Pre-Run: 9.252.925.440 bytes libres
    Post-Run: 9.077.686.272 bytes libres

    - - End Of File - - 2DAE076E9CF2614BEA2714EFCDF5DE25


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:27:24, on 21/12/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Users\Eric\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...ehome&locale=FR_FR&c=71&bd=PRESARIO&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.55.112.41:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: CGToolBar - {d369081e-2ae8-4caf-9a55-3e6cf9bc4a71} - mscoree.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [CardDetectorHUAWEI1752_1552] C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe
    O4 - HKLM\..\Run: [IEWINTERNET-SPSessionManager] "C:\Program Files\Orange\Internet Everywhere\SessionManager\SessionManager.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
    O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
    O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\mprdim.dll,-200 (RemoteAccess) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
    O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 26009 bytes
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Are you getting popups similar to
    The way the Services show in HJT indicate a rootkit. I'd like you to run the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.

    Leave the log in your next reply please.

    Also an update of how the system is running now> same? better> worse? anything new?
     
  21. evantro

    evantro TS Rookie Topic Starter Posts: 16

    hello,

    I don't see the message like ...globalroot\systemroot\system32\UAC...
    I downloaded and ran the last program without any problem. since combofix the computer works much better. the disk is not running 100% of the time and respond much more faster.

    I don't have reinstalled any antivirus program yet and I'm waiting to clean it completely until coming back to a normal use again to not interfere with your work.

    Thank's


    2010/12/22 09:07:47.0315 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2010/12/22 09:07:47.0316 ================================================================================
    2010/12/22 09:07:47.0316 SystemInfo:
    2010/12/22 09:07:47.0316
    2010/12/22 09:07:47.0316 OS Version: 6.0.6002 ServicePack: 2.0
    2010/12/22 09:07:47.0316 Product type: Workstation
    2010/12/22 09:07:47.0316 ComputerName: CVALETTE
    2010/12/22 09:07:47.0316 UserName: Eric
    2010/12/22 09:07:47.0316 Windows directory: C:\Windows
    2010/12/22 09:07:47.0316 System windows directory: C:\Windows
    2010/12/22 09:07:47.0316 Processor architecture: Intel x86
    2010/12/22 09:07:47.0316 Number of processors: 1
    2010/12/22 09:07:47.0316 Page size: 0x1000
    2010/12/22 09:07:47.0316 Boot type: Normal boot
    2010/12/22 09:07:47.0316 ================================================================================
    2010/12/22 09:07:48.0652 Initialize success
    2010/12/22 09:07:56.0778 ================================================================================
    2010/12/22 09:07:56.0779 Scan started
    2010/12/22 09:07:56.0779 Mode: Manual;
    2010/12/22 09:07:56.0779 ================================================================================
    2010/12/22 09:08:02.0026 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/12/22 09:08:02.0534 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/12/22 09:08:03.0316 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/12/22 09:08:03.0793 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/12/22 09:08:04.0021 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/12/22 09:08:04.0221 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/12/22 09:08:04.0523 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2010/12/22 09:08:04.0636 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/12/22 09:08:04.0946 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2010/12/22 09:08:05.0191 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2010/12/22 09:08:05.0473 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2010/12/22 09:08:05.0706 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/12/22 09:08:06.0322 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2010/12/22 09:08:08.0292 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/12/22 09:08:11.0801 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/12/22 09:08:13.0528 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/22 09:08:14.0742 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/12/22 09:08:16.0224 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2010/12/22 09:08:16.0709 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2010/12/22 09:08:17.0197 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/12/22 09:08:17.0570 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/22 09:08:17.0836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/12/22 09:08:17.0939 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/12/22 09:08:18.0104 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/12/22 09:08:18.0260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/12/22 09:08:18.0427 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/12/22 09:08:18.0459 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/12/22 09:08:18.0586 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/12/22 09:08:19.0009 CAM1690 (e6c113db60029e25c716d2a503963a46) C:\Windows\system32\Drivers\cam1690.sys
    2010/12/22 09:08:19.0385 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/22 09:08:21.0805 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/22 09:08:22.0750 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/12/22 09:08:23.0365 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/12/22 09:08:23.0756 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/22 09:08:24.0012 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2010/12/22 09:08:24.0684 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
    2010/12/22 09:08:24.0870 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/22 09:08:24.0927 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/12/22 09:08:25.0036 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/12/22 09:08:25.0285 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/22 09:08:25.0533 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/12/22 09:08:25.0696 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/22 09:08:25.0895 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/22 09:08:26.0091 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
    2010/12/22 09:08:26.0186 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/12/22 09:08:26.0383 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
    2010/12/22 09:08:26.0570 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/12/22 09:08:27.0048 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/12/22 09:08:28.0197 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/12/22 09:08:28.0592 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/12/22 09:08:29.0075 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/22 09:08:29.0569 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/22 09:08:30.0213 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/12/22 09:08:30.0579 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/22 09:08:30.0977 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/22 09:08:31.0362 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/22 09:08:31.0778 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/12/22 09:08:32.0248 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    2010/12/22 09:08:32.0595 HdAudAddService (07eee11d6e2b78122e17db3878b4c687) C:\Windows\system32\drivers\CHDART.sys
    2010/12/22 09:08:33.0111 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/22 09:08:34.0849 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/12/22 09:08:35.0961 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/12/22 09:08:36.0970 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/22 09:08:38.0166 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/12/22 09:08:38.0947 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2010/12/22 09:08:39.0857 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/12/22 09:08:40.0872 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2010/12/22 09:08:41.0821 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/12/22 09:08:42.0603 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2010/12/22 09:08:43.0228 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys
    2010/12/22 09:08:43.0512 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/12/22 09:08:43.0628 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/22 09:08:44.0103 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/12/22 09:08:44.0515 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/12/22 09:08:45.0014 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/12/22 09:08:45.0427 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/12/22 09:08:45.0572 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2010/12/22 09:08:45.0869 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/22 09:08:46.0182 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/22 09:08:46.0395 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/12/22 09:08:46.0780 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/12/22 09:08:47.0071 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/12/22 09:08:47.0216 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2010/12/22 09:08:47.0696 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/22 09:08:47.0828 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/12/22 09:08:47.0982 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/12/22 09:08:48.0144 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/22 09:08:48.0376 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/22 09:08:48.0541 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/22 09:08:48.0989 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/22 09:08:49.0556 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/12/22 09:08:49.0867 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/12/22 09:08:50.0279 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/12/22 09:08:50.0996 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/12/22 09:08:51.0420 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/12/22 09:08:52.0261 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/12/22 09:08:52.0853 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/12/22 09:08:53.0420 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/22 09:08:53.0666 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/22 09:08:53.0890 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/22 09:08:54.0029 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/22 09:08:54.0267 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/12/22 09:08:55.0300 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/22 09:08:56.0906 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/12/22 09:08:57.0679 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/22 09:08:58.0301 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/22 09:08:59.0321 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/22 09:09:00.0263 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/22 09:09:01.0184 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    2010/12/22 09:09:01.0802 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/12/22 09:09:02.0579 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/12/22 09:09:03.0542 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/12/22 09:09:04.0691 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/22 09:09:05.0289 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/22 09:09:06.0258 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/22 09:09:06.0604 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/22 09:09:06.0833 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/22 09:09:07.0679 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/22 09:09:08.0650 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/12/22 09:09:09.0850 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/22 09:09:10.0944 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/12/22 09:09:11.0406 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/22 09:09:12.0305 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/22 09:09:13.0070 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/22 09:09:13.0878 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/22 09:09:14.0967 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/22 09:09:15.0818 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/22 09:09:16.0685 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
    2010/12/22 09:09:17.0939 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/12/22 09:09:18.0880 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/12/22 09:09:19.0898 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/22 09:09:21.0109 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/22 09:09:22.0132 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/12/22 09:09:22.0904 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/12/22 09:09:23.0569 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2010/12/22 09:09:24.0063 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2010/12/22 09:09:24.0537 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2010/12/22 09:09:25.0415 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/12/22 09:09:25.0866 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/12/22 09:09:26.0328 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/12/22 09:09:26.0441 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/12/22 09:09:26.0643 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
    2010/12/22 09:09:26.0853 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    2010/12/22 09:09:27.0139 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/12/22 09:09:27.0251 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2010/12/22 09:09:27.0609 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/12/22 09:09:27.0988 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/12/22 09:09:28.0449 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/22 09:09:28.0765 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/12/22 09:09:28.0982 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/22 09:09:29.0060 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    2010/12/22 09:09:29.0183 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/12/22 09:09:29.0358 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/12/22 09:09:29.0425 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/22 09:09:29.0509 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/22 09:09:29.0660 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/22 09:09:29.0732 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/22 09:09:29.0805 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/22 09:09:29.0951 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/22 09:09:30.0030 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/22 09:09:30.0105 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/22 09:09:30.0256 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/22 09:09:30.0332 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/22 09:09:32.0457 RimUsb (5ec6fa6386ab2580b5ae3cf39ac1dfaf) C:\Windows\system32\Drivers\RimUsb.sys
    2010/12/22 09:09:33.0221 RimVSerPort (12a2fd77e334b223531f1e2918480d49) C:\Windows\system32\DRIVERS\RimSerial.sys
    2010/12/22 09:09:33.0358 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    2010/12/22 09:09:33.0801 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/22 09:09:34.0126 RTL8023xp (dda0d5842335e78e375e96c308858a61) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    2010/12/22 09:09:34.0284 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
    2010/12/22 09:09:34.0582 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
    2010/12/22 09:09:34.0675 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
    2010/12/22 09:09:35.0163 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
    2010/12/22 09:09:35.0619 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
    2010/12/22 09:09:35.0729 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
    2010/12/22 09:09:35.0950 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
    2010/12/22 09:09:36.0362 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/12/22 09:09:36.0763 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/12/22 09:09:36.0979 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
    2010/12/22 09:09:37.0069 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/12/22 09:09:37.0117 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/12/22 09:09:37.0294 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/12/22 09:09:37.0419 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2010/12/22 09:09:37.0470 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/12/22 09:09:37.0605 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2010/12/22 09:09:37.0654 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/12/22 09:09:37.0720 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2010/12/22 09:09:37.0760 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/12/22 09:09:37.0910 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/12/22 09:09:38.0013 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/22 09:09:38.0290 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/12/22 09:09:38.0371 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/22 09:09:38.0510 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/22 09:09:38.0584 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/22 09:09:38.0793 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/22 09:09:38.0876 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/12/22 09:09:38.0924 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/12/22 09:09:39.0041 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/12/22 09:09:39.0150 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/12/22 09:09:39.0417 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/12/22 09:09:39.0584 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/22 09:09:39.0744 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/22 09:09:39.0801 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/22 09:09:39.0847 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/22 09:09:39.0985 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/22 09:09:40.0030 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/22 09:09:40.0160 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/22 09:09:40.0319 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/12/22 09:09:40.0424 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/22 09:09:40.0491 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2010/12/22 09:09:40.0639 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/22 09:09:40.0729 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2010/12/22 09:09:40.0769 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/12/22 09:09:40.0921 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/12/22 09:09:40.0970 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/12/22 09:09:41.0039 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/22 09:09:41.0377 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2010/12/22 09:09:41.0569 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/22 09:09:41.0658 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/12/22 09:09:41.0844 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/22 09:09:41.0926 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/22 09:09:41.0989 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/12/22 09:09:42.0215 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/22 09:09:42.0444 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/22 09:09:42.0565 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/22 09:09:43.0735 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/12/22 09:09:44.0079 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/22 09:09:44.0169 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/12/22 09:09:44.0395 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2010/12/22 09:09:44.0543 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/12/22 09:09:44.0646 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2010/12/22 09:09:44.0771 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/12/22 09:09:44.0851 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/22 09:09:44.0940 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/12/22 09:09:45.0022 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/12/22 09:09:45.0173 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/12/22 09:09:45.0371 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/22 09:09:45.0440 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/22 09:09:45.0652 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/12/22 09:09:45.0948 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/22 09:09:46.0152 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/12/22 09:09:46.0675 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/12/22 09:09:46.0922 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/12/22 09:09:47.0019 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/22 09:09:47.0247 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/22 09:09:47.0352 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
    2010/12/22 09:09:47.0470 ================================================================================
    2010/12/22 09:09:47.0470 Scan finished
    2010/12/22 09:09:47.0470 ================================================================================
     
  22. evantro

    evantro TS Rookie Topic Starter Posts: 16

    dispite my optimism, explorer.exe is once more using more and more memoria while I am writing it is growing over 556.000 KB ...

    Still something !
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please get an antivirus program on the system now! You are at risk every time you connect to the internet.

    What are you running when explorer.exe shows so high? And how are you seeing this? Do you keep the Task Manager on top to monitor it or does something happen that makes you check the memory?

    I guess simply I want to know how you knew it was high and what does 'growing' mean?

    Let's work with this basic definition:
    Windows Explorer is a file manager application. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop.

    1. Look at the Taskbar: what names do you see when Explorer is high?
    2. Do you have any RSS feeds like weather on the desktop.

    This high usage does not mean malware. It could be RAM going bad. For that you'd need to run memtest.
     
  24. evantro

    evantro TS Rookie Topic Starter Posts: 16

    hello

    I have reinstalled an antivirus.

    I join snapshot of the taskmanager in which you can see growing the process explorer.exe
    it reach almost 600Mo and the machine is unusable. A normal use should be around 10Mo, isn't it ?

    I made a memory test with memtest86 which didn't find any problem.

    You said that you where seeing a rootkit, where ? how could I be sure it is totaly removed ?

    Thank's
     

    Attached Files:

  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, that is excessive memory usage. How often do you reboot the computer? Do so now and check explorer.exe You should see a much lower usage.

    explorer.exe also represents the desktop. Do you have many processes on the desktop? Are any actively running such as RSS news feeds or weather programs?

    Check this Google Search Page for High Memory Use for explorer.exe.
    You may recognize something that applies to your system setup.
    ================================================
    I don't see any entry found for a rootkit. You can do a new scan with Eset:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    The Task Manager shows 65 processes running. This is close to twice the average number of 30-40. Each of these processes represents a program, a Service, an app or part of the OS that you have set to run.

    This isn't being done to your computer- you are actually causing it yourself by having too many processes starting on boot and too many Services set to Automatic.

    You have complete control over what you see here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...