Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eset says that i have Win32/Bagle.QU worm


  • This topic is locked This topic is locked
16 replies to this topic

#1 techtalk

techtalk

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 02 May 2009 - 07:36 AM

Hi,

Please help Eset says: 5/1/2009 10:14:16 PM Real-time file system protection file F:\System Volume Information\_restore{14530BA3-FB0B-4034-B279-0801CB0F0F83}\RP332\A0153870.exe Win32/Bagle.QU worm unable to clean NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: F:\WINDOWS\System32\svchost.exe.

Also i got virus a few days and a friend of mine used some anti-virus apps and he says that now i am clean but i want to be sure because i have very important work files in my pc that i can´t backup all because my 750 gb HD is almost full.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:01 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ESET\ESET Smart Security\egui.exe
F:\Program Files\NetLimiter\NetLimiter.exe
F:\WINDOWS\system32\CTXFIHLP.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
F:\WINDOWS\SYSTEM32\CTXFISPI.EXE
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Chaos Software\Intellect\alarm.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Logitech\SetPoint II\SetpointII.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Creative\Shared Files\CTAudSvc.exe
F:\Program Files\ESET\ESET Smart Security\ekrn.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\PSIService.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Microsoft Office\Office12\WINWORD.EXE
F:\Program Files\AllerCalc\AllerCalc.exe
F:\Program Files\KeePass Password Safe\KeePass.exe
F:\Program Files\Neo's SafeKeys\neos-safekeys-2008-v2_3_0.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=71126
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Ad-Watch] F:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UVS12 Preload] F:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [NetLimiter] F:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SkinClock] F:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [alarm.exe] "F:\Program Files\Chaos Software\Intellect\alarm.exe"
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Compilação das melhores bandas sonoras - 413 músicas.lnk = ?
O4 - Startup: Mozilla Firefox.lnk = F:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: On-Screen Keyboard.lnk = F:\WINDOWS\system32\osk.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Orbit.lnk = ?
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Copy to &Lightning Note - F:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - f:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O8 - Extra context menu item: Preencher - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214280138000
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214310942078
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - F:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - F:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - F:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11583 bytes

BC AdBot (Login to Remove)

 


#2 techtalk

techtalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 10 May 2009 - 08:34 AM

Anyone? I am waiting.

I know i should´t bumb on my topic but I can´t use apps and sites that ask for passwords because of this!
=============
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 13 May 2009 - 07:36 PM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:57 PM

Posted 16 May 2009 - 05:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 techtalk

techtalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 17 May 2009 - 01:20 PM

The eset alert of Bagle.QU doesn´t appear anymore maybe some updated virus signature solved this part.

But i am very afraid of computer malware since bad experiences in the past and like i said i got recently virus although.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Dontcare at 19:11:00.54 on Sun 05/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1087 [GMT 1:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
F:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ESET\ESET Smart Security\egui.exe
F:\Program Files\NetLimiter\NetLimiter.exe
F:\WINDOWS\system32\CTXFIHLP.EXE
F:\WINDOWS\SYSTEM32\CTXFISPI.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Chaos Software\Intellect\alarm.exe
F:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Creative\Shared Files\CTAudSvc.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
F:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\Program Files\ESET\ESET Smart Security\ekrn.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\PSIService.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\WINDOWS\system32\SearchIndexer.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Winamp\winamp.exe
F:\Program Files\EditPlus 3\editplus.exe
F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Dontcare\Desktop\dds.com
F:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - f:\program files\orbitdownloader\orbitcth.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - f:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre6\bin\ssv.dll
BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - f:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - f:\program files\siber systems\ai roboform\roboform.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [SkinClock] f:\program files\atomic alarm clock\AtomicAlarmClock.exe
uRun: [swg] f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "f:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [alarm.exe] "f:\program files\chaos software\intellect\alarm.exe"
uRun: [uTorrent] "f:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
mRun: [Ad-Watch] f:\program files\lavasoft\ad-aware\Ad-Watch.exe
mRun: [egui] "f:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [UVS12 Preload] f:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [NetLimiter] f:\program files\netlimiter\NetLimiter.exe /s
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
StartupFolder: f:\docume~1\dontcare\startm~1\programs\startup\compil~1.lnk - h:\música convertida, usar o i e anotar kbps\Compilação das melhores bandas sonoras - 413 músicas
StartupFolder: f:\docume~1\dontcare\startm~1\programs\startup\mozill~1.lnk - f:\program files\mozilla firefox\firefox.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - f:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\Orbit.lnk -
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - f:\program files\windows desktop search\WindowsSearch.exe
IE: &Download by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/204
IE: Copy to &Lightning Note - f:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: Do&wnload selected by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - f:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: Preencher - file://f:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - f:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - f:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
LSP: f:\program files\netlimiter\nl_lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214280138000
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214310942078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - f:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - f:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\dontcare\applic~1\mozilla\firefox\profiles\1gr7xt2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: f:\documents and settings\dontcare\application data\mozilla\firefox\profiles\1gr7xt2p.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: f:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: f:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: f:\program files\google\google updater\2.2.1265.1931\npCIDetect12.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;f:\program files\lavasoft\ad-aware\aawservice.exe [2008-6-2 611664]
R2 ekrn;Eset Service;f:\program files\eset\eset smart security\ekrn.exe [2008-8-18 468224]
R2 LBeepKE;LBeepKE;f:\windows\system32\drivers\LBeepKE.sys [2009-1-27 10384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-17 210216]
R3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;f:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
R3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;f:\windows\system32\drivers\Awrtpd.sys [2008-4-29 12960]
R3 CT20XUT.SYS;CT20XUT.SYS;f:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;f:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;f:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S2 0223261242581786mcinstcleanup;McAfee Application Installer Cleanup (0223261242581786);f:\docume~1\dontcare\locals~1\temp\022326~1.exe f:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> f:\docume~1\dontcare\locals~1\temp\022326~1.exe f:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;f:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-9-6 79360]
S3 CT20XUT;CT20XUT;f:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;f:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;f:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 getPlus® Helper;getPlus® Helper;f:\program files\nos\bin\getPlus_HelperSvc.exe [2009-5-15 33176]
S3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder/Decoder);f:\windows\system32\drivers\hcwpvrp2.sys --> f:\windows\system32\drivers\hcwPVRP2.sys [?]
S3 iadusb;MT882;f:\windows\system32\drivers\glauiad.sys --> f:\windows\system32\drivers\glauiad.sys [?]
S3 usb2vcom;USB to Serial Bridge Controller;f:\windows\system32\drivers\usb2vcom.sys [2008-10-13 30368]

=============== Created Last 30 ================

2009-05-17 18:36 <DIR> --d----- f:\program files\common files\McAfee
2009-05-17 18:35 <DIR> --d----- f:\program files\McAfee
2009-05-02 20:42 <DIR> -cd-h--- f:\windows\ie8
2009-05-02 20:30 <DIR> --d----- f:\docume~1\dontcare\applic~1\Windows Desktop Search
2009-04-30 18:55 1,856,577 -------- f:\windows\NEOS-S~1.CAB
2009-04-30 18:55 1,596 a------- f:\windows\ST6UNST.000
2009-04-30 18:52 <DIR> --d----- f:\program files\Neo's SafeKeys
2009-04-30 18:52 286,720 -------- f:\windows\Setup1.exe
2009-04-30 18:52 73,216 a------- f:\windows\ST6UNST.EXE
2009-04-27 23:06 497,496 a------- f:\windows\system32\XceedZip.dll
2009-04-26 13:20 15,504 a------- f:\windows\system32\drivers\mbam.sys
2009-04-26 13:20 38,496 a------- f:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 13:20 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware
2009-04-20 19:22 <DIR> --d----- f:\program files\Trend Micro
2009-04-18 18:00 <DIR> --d----- f:\program files\Quake

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- f:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- f:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- f:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- f:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- f:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- f:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- f:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- f:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- f:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- f:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- f:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- f:\windows\system32\pdh.dll
2009-02-20 12:45 6,928 a------- f:\windows\system32\d3d9caps.dat
2009-02-20 03:05 444,952 a------- f:\windows\system32\wrap_oal.dll
2009-02-20 03:05 109,080 a------- f:\windows\system32\OpenAL32.dll
2008-12-02 03:41 3,766 a--sh--- f:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-11-29 02:35 88 ---shr-- f:\docume~1\alluse~1\applic~1\FBB9B00AFD.sys

============= FINISH: 19:11:37.10 ===============




didn´t know how to attach Attach.txt so here he goes (sorry if this is the wrong way):



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/24/2008 12:13:01 AM
System Uptime: 5/16/2009 12:48:22 PM (31 hours ago)

Motherboard: ASUSTeK Computer Inc. | | P4C800
Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2798/200mhz

==== Disk Partitions =========================

A: is Removable
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 112 GiB total, 54.456 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 699 GiB total, 61.832 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6680
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6680
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1: 5/3/2009 1:17:55 PM - System Checkpoint
RP2: 5/4/2009 1:15:55 AM - Removed Java™ 6 Update 7
RP3: 5/5/2009 10:45:29 PM - System Checkpoint
RP4: 5/7/2009 9:07:36 PM - System Checkpoint
RP5: 5/9/2009 1:30:15 PM - System Checkpoint
RP6: 5/10/2009 1:33:21 PM - System Checkpoint
RP7: 5/11/2009 1:41:22 PM - System Checkpoint
RP8: 5/12/2009 1:49:09 PM - System Checkpoint
RP9: 5/12/2009 7:52:22 PM - Removed SUPERAntiSpyware Free Edition
RP10: 5/12/2009 10:08:23 PM - Removido Adobe Reader 8.1.4 - Português
RP11: 5/14/2009 1:58:15 PM - System Checkpoint
RP12: 5/16/2009 1:20:52 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Ad-Aware
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
AI RoboForm
AllerCalc
Amiga SWOS v1.02
Apple Software Update
Assistente de Início de Sessão do Windows Live
ATI - Software Uninstall Utility
ATI Display Driver
Atomic Alarm Clock 5.2
AutoUpdate
Avant Browser (remove only)
Battlefield 2™
BS.Player PRO
CCleaner (remove only)
CDDRV_Installer
Chinese Traditional Fonts Support For Adobe Reader 8
Choice Guard
Condemned - Criminal Origins
Corel VideoStudio 12
Creative Audio Control Panel
Creative Console Launcher
Critical Update for Windows Media Player 11 (KB959772)
Daikatana
DivX Codec
Easy CD-DA Extractor 11
EAX4 Unified Redist
EditPlus 3
eMule
ESET Smart Security
FastStone Capture 5.8
Ferramenta de Carregamento do Windows Live
FLV Player 2.0 (build 25)
FoxyTunes for Firefox
getPlus® for Adobe
GOM Player
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Photo and Imaging 2.0 - Scanners
ImagXpress
Java™ 6 Update 13
K-Lite Codec Pack 4.3.4 (Standard)
KeePass Password Safe 1.11
KhalInstallWrapper
Liquidator
Logitech SetPoint
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSN Winks Installer
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Natura Sound Therapy
Need for Speed™ Most Wanted
Neo's SafeKeys 2008
Nero 7 Premium
Nero ControlCenter
neroxml
NetLimiter 1.30 (remove only)
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
OpenAL
Orbit Downloader
OutRun2006 Coast 2 Coast
PC Connectivity Solution
Peter Jackson's King Kong - The Official Game of the Movie
Photoshop Camera Raw
Quake
Quake II
QuickTime
S.T.A.L.K.E.R. - Clear Sky [v1.0007]
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Security Task Manager 1.7f
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Spybot - Search & Destroy
Suite Shared Configuration CS4
Timex Data Link USB
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6b
VideoStudio
WebFldrs XP
Winamp
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WristApp Installer
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0
Zip Motion Block Video codec (Remove Only)

==== Event Viewer Messages From Past Week ========

5/12/2009 11:37:08 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
5/12/2009 11:37:08 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the path specified.
5/12/2009 11:37:08 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 18 May 2009 - 07:45 PM

Hello.

Please continue with the following and once it's done post a new set of DDS logs.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run RootRepeal CR

Please download RootRepeal to your desktop
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Unzip it to it's own folder
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Report tab at the bottom.
  • Now click the Scan button in the Report Tab. Posted Image
  • A box will pop up, check the boxes beside ALL SIX
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the log here in your reply.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 techtalk

techtalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 19 May 2009 - 02:45 PM

Malwarabytes didn´t detected any malware







ROOTREPEAL crashed my PC 2 times and aborted with errors one time here is the report:


ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/19 20:31
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: F:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAC742000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: F:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF799B000 Size: 8192 File Visible: No
Status: -

Name: PCI_PNP8384
Image Path: \Driver\PCI_PNP8384
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: F:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA926A000 Size: 45056 File Visible: No
Status: -

Name: spes.sys
Image Path: spes.sys
Address: 0xF74D6000 Size: 1048576 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: F:\WINDOWS\setupapi.log
Status: Size mismatch (API: 219734, Raw: 219415)

Path: F:\Documents and Settings\Dontcare\ntuser.dat.LOG
Status: Size mismatch (API: 1024, Raw: 32768)

Path: F:\WINDOWS\Temp\Perflib_Perfdata_7f4.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: F:\WINDOWS\Temp\sqlite_6F0VdqzIno7u6Xx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: F:\WINDOWS\Temp\sqlite_fBKIDZMV2DrnnvY
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: F:\WINDOWS\Temp\sqlite_QMvilCVYTlsUTjD
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: F:\WINDOWS\Temp\sqlite_vizrqEFUNid0feg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: F:\WINDOWS\Temp\sqlite_ZO5DJP1mMFp4YQl
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: F:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl
Status: Allocation size mismatch (API: 8192, Raw: 4096)

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ar
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ca-AD
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\cs-CZ
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\de-DE
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\el-GR
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\en-GB
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\es-AR
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\fi-FI
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\fr-FR
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\it-IT
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ja-JP
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ko-KR
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\mn-MN
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\nl-NL
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\pl-PL
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\pt-BR
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\pt-PT
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ro-RO
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ru-RU
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\sk-SK
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\sr-YU
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\uk-UA
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\zh-CN
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\zh-TW
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker\brightness.png
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker\colourPickerArrow.gif
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker\colourPickerCrosshair.gif
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker\EdColorPicker.css
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker\EdColorPicker.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker\EdColorPicker.js
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker\EdColorPicker.xul
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\chrome\content\colorPicker\hsPanel.png
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ar\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ar\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ar\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ca-AD\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ca-AD\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ca-AD\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\cs-CZ\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\cs-CZ\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\cs-CZ\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\de-DE\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\de-DE\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\de-DE\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\el-GR\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\el-GR\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\el-GR\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\en-GB\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\en-GB\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\en-GB\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\es-AR\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\es-AR\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\es-AR\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\fi-FI\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\fi-FI\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\fi-FI\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\fr-FR\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\fr-FR\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\fr-FR\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\it-IT\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\it-IT\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\it-IT\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ja-JP\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ja-JP\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ja-JP\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ko-KR\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ko-KR\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\ko-KR\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\mn-MN\downbar.properties
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\mn-MN\downbarAboutText.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\mn-MN\downbartext.dtd
Status: Locked to the Windows API!

Path: F:\Documents and Settings\Dontcare\Desktop\Pendentes\Vindo do XP pifado, já só falta fazer o antes de formatar\Mozilla estava em CDocuments and SettingsLondon BeatApplication Data\Firefox\Profiles\kt33g920.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\downbarff2\translations\0.9.5\nl-NL\downbar.properties
Status: Locked to the Windows SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spes.sys" at address 0xf74d70e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spes.sys" at address 0xf74f5ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spes.sys" at address 0xf74f6030

#: 119 Function Name: NtOpenKey
Status: Hooked by "spes.sys" at address 0xf74d70c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spes.sys" at address 0xf74f6108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spes.sys" at address 0xf74f5f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spes.sys" at address 0xf74f619a

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a61d1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a2911f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a68e1f8 Size: -

Object: Hidden Code [Driver: az1lnffwࠅఐ卆浩, IRP_MJ_CREATE]
Process: System Address: 0x8a27d3a8 Size: -

Object: Hidden Code [Driver: az1lnffwࠅఐ卆浩, IRP_MJ_CLOSE]
Process: System Address: 0x8a27d3a8 Size: -

Object: Hidden Code [Driver: az1lnffwࠅఐ卆浩, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a27d3a8 Size: -

Object: Hidden Code [Driver: az1lnffwࠅఐ卆浩, IRP_MJ_POWER]
Process: System Address: 0x8a27d3a8 Size: -

Object: Hidden Code [Driver: az1lnffwࠅఐ卆浩, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a27d3a8 Size: -

Object: Hidden Code [Driver: az1lnffwࠅఐ卆浩, IRP_MJ_PNP]
Process: System Address: 0x8a27d3a8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a3481f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a3481f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3481f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3481f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a3481f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3481f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a3481f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a61f1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x899331f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x899331f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899331f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899331f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x899331f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x899331f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a3471f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a3471f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3471f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3471f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a3471f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3471f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a3471f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x88cdb1f8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_CREATE]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_CLOSE]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_READ]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_CLEANUP]
Process: System Address: 0x8a1302b8 Size: -

Object: Hidden Code [Driver: Cdfs؅剒敬؁అ瑎䱆쟘뜘⫤, IRP_MJ_PNP]
Process: System Address: 0x8a1302b8 Size: -











DDS (Ver_09-05-14.01) - NTFSx86
Run by Dontcare at 20:40:14.93 on Tue 05/19/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1352 [GMT 1:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
F:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ESET\ESET Smart Security\egui.exe
F:\WINDOWS\system32\CTXFIHLP.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\WINDOWS\SYSTEM32\CTXFISPI.EXE
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
F:\Program Files\ESET\ESET Smart Security\ekrn.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
F:\WINDOWS\system32\PSIService.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
\\?\F:\WINDOWS\system32\WBEM\WMIADAP.EXE
F:\Documents and Settings\Dontcare\Desktop\RootRepeal\RootRepeal.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Chaos Software\Intellect\alarm.exe
F:\Program Files\NetLimiter\NetLimiter.exe
F:\Documents and Settings\Dontcare\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - f:\program files\orbitdownloader\orbitcth.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - f:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre6\bin\ssv.dll
BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - f:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - f:\program files\siber systems\ai roboform\roboform.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [SkinClock] f:\program files\atomic alarm clock\AtomicAlarmClock.exe
uRun: [swg] f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "f:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [alarm.exe] "f:\program files\chaos software\intellect\alarm.exe"
uRun: [uTorrent] "f:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
mRun: [Ad-Watch] f:\program files\lavasoft\ad-aware\Ad-Watch.exe
mRun: [egui] "f:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [UVS12 Preload] f:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [NetLimiter] f:\program files\netlimiter\NetLimiter.exe /s
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
StartupFolder: f:\docume~1\dontcare\startm~1\programs\startup\compil~1.lnk - h:\música convertida, usar o i e anotar kbps\Compilação das melhores bandas sonoras - 413 músicas
StartupFolder: f:\docume~1\dontcare\startm~1\programs\startup\mozill~1.lnk - f:\program files\mozilla firefox\firefox.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - f:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\Orbit.lnk -
IE: &Download by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/204
IE: Copy to &Lightning Note - f:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: Do&wnload selected by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - f:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: Preencher - file://f:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - f:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - f:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll
LSP: f:\program files\netlimiter\nl_lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214280138000
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214310942078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - f:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\dontcare\applic~1\mozilla\firefox\profiles\1gr7xt2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: f:\documents and settings\dontcare\application data\mozilla\firefox\profiles\1gr7xt2p.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: f:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: f:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: f:\program files\google\google updater\2.2.1265.1931\npCIDetect12.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;f:\program files\lavasoft\ad-aware\aawservice.exe [2008-6-2 611664]
R2 ekrn;Eset Service;f:\program files\eset\eset smart security\ekrn.exe [2008-8-18 468224]
R2 LBeepKE;LBeepKE;f:\windows\system32\drivers\LBeepKE.sys [2009-1-27 10384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-17 210216]
R3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;f:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
R3 CT20XUT.SYS;CT20XUT.SYS;f:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;f:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;f:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;f:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-9-6 79360]
S3 CT20XUT;CT20XUT;f:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;f:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;f:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 getPlus® Helper;getPlus® Helper;f:\program files\nos\bin\getPlus_HelperSvc.exe [2009-5-15 33176]
S3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder/Decoder);f:\windows\system32\drivers\hcwpvrp2.sys --> f:\windows\system32\drivers\hcwPVRP2.sys [?]
S3 iadusb;MT882;f:\windows\system32\drivers\glauiad.sys --> f:\windows\system32\drivers\glauiad.sys [?]
S3 usb2vcom;USB to Serial Bridge Controller;f:\windows\system32\drivers\usb2vcom.sys [2008-10-13 30368]
UnknownUnknown rootrepeal;rootrepeal; [x]

=============== Created Last 30 ================

2009-05-17 18:36 <DIR> --d----- f:\program files\common files\McAfee
2009-05-17 18:35 <DIR> --d----- f:\program files\McAfee
2009-05-02 20:42 <DIR> -cd-h--- f:\windows\ie8
2009-04-30 18:55 1,856,577 -------- f:\windows\NEOS-S~1.CAB
2009-04-30 18:55 1,596 a------- f:\windows\ST6UNST.000
2009-04-30 18:52 <DIR> --d----- f:\program files\Neo's SafeKeys
2009-04-30 18:52 286,720 -------- f:\windows\Setup1.exe
2009-04-30 18:52 73,216 a------- f:\windows\ST6UNST.EXE
2009-04-27 23:06 497,496 a------- f:\windows\system32\XceedZip.dll
2009-04-26 13:20 15,504 a------- f:\windows\system32\drivers\mbam.sys
2009-04-26 13:20 38,496 a------- f:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 13:20 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware
2009-04-20 19:22 <DIR> --d----- f:\program files\Trend Micro

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- f:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- f:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- f:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- f:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- f:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- f:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- f:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- f:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- f:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- f:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- f:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- f:\windows\system32\pdh.dll
2009-02-20 12:45 6,928 a------- f:\windows\system32\d3d9caps.dat
2009-02-20 03:05 444,952 a------- f:\windows\system32\wrap_oal.dll
2009-02-20 03:05 109,080 a------- f:\windows\system32\OpenAL32.dll
2008-12-02 03:41 3,766 a--sh--- f:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-11-29 02:35 88 ---shr-- f:\docume~1\alluse~1\applic~1\FBB9B00AFD.sys

============= FINISH: 20:40:39.62 ===============
























UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/24/2008 12:13:01 AM
System Uptime: 5/19/2009 7:12:35 PM (1 hours ago)

Motherboard: ASUSTeK Computer Inc. | | P4C800
Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2798/200mhz

==== Disk Partitions =========================

A: is Removable
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 112 GiB total, 54.851 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 699 GiB total, 61.143 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6680
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6680
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1: 5/3/2009 1:17:55 PM - System Checkpoint
RP2: 5/4/2009 1:15:55 AM - Removed Java™ 6 Update 7
RP3: 5/5/2009 10:45:29 PM - System Checkpoint
RP4: 5/7/2009 9:07:36 PM - System Checkpoint
RP5: 5/9/2009 1:30:15 PM - System Checkpoint
RP6: 5/10/2009 1:33:21 PM - System Checkpoint
RP7: 5/11/2009 1:41:22 PM - System Checkpoint
RP8: 5/12/2009 1:49:09 PM - System Checkpoint
RP9: 5/12/2009 7:52:22 PM - Removed SUPERAntiSpyware Free Edition
RP10: 5/12/2009 10:08:23 PM - Removido Adobe Reader 8.1.4 - Português
RP11: 5/14/2009 1:58:15 PM - System Checkpoint
RP12: 5/16/2009 1:20:52 PM - System Checkpoint
RP13: 5/17/2009 10:01:42 PM - System Checkpoint
RP14: 5/18/2009 10:13:26 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Ad-Aware
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
AI RoboForm
AllerCalc
Amiga SWOS v1.02
Apple Software Update
Assistente de Início de Sessão do Windows Live
ATI - Software Uninstall Utility
ATI Display Driver
Atomic Alarm Clock 5.2
AutoUpdate
Avant Browser (remove only)
Battlefield 2™
BS.Player PRO
CCleaner (remove only)
CDDRV_Installer
Chinese Traditional Fonts Support For Adobe Reader 8
Choice Guard
Condemned - Criminal Origins
Corel VideoStudio 12
Creative Audio Control Panel
Creative Console Launcher
Critical Update for Windows Media Player 11 (KB959772)
Daikatana
DivX Codec
Easy CD-DA Extractor 11
EAX4 Unified Redist
EditPlus 3
eMule
ESET Smart Security
FastStone Capture 5.8
Ferramenta de Carregamento do Windows Live
FLV Player 2.0 (build 25)
FoxyTunes for Firefox
getPlus® for Adobe
GOM Player
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Photo and Imaging 2.0 - Scanners
ImagXpress
Java™ 6 Update 13
K-Lite Codec Pack 4.3.4 (Standard)
KeePass Password Safe 1.11
KhalInstallWrapper
Liquidator
Logitech SetPoint
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSN Winks Installer
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Natura Sound Therapy
Need for Speed™ Most Wanted
Neo's SafeKeys 2008
Nero 7 Premium
Nero ControlCenter
neroxml
NetLimiter 1.30 (remove only)
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
OpenAL
Orbit Downloader
OutRun2006 Coast 2 Coast
PC Connectivity Solution
Peter Jackson's King Kong - The Official Game of the Movie
Photoshop Camera Raw
Quake
Quake II
QuickTime
S.T.A.L.K.E.R. - Clear Sky [v1.0007]
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Security Task Manager 1.7f
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Spybot - Search & Destroy
Suite Shared Configuration CS4
Timex Data Link USB
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6b
VideoStudio
WebFldrs XP
Winamp
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WristApp Installer
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0
Zip Motion Block Video codec (Remove Only)

==== Event Viewer Messages From Past Week ========

5/19/2009 8:29:38 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/14/2009 12:36:28 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
5/14/2009 12:36:28 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the path specified.
5/14/2009 12:36:28 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Edited by techtalk, 19 May 2009 - 03:00 PM.


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 19 May 2009 - 03:48 PM

Hello.

Malwarabytes didn´t detected any malware

I would like to see the log though.

PLease run an online scan for me.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 21 May 2009 - 04:31 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 techtalk

techtalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 21 May 2009 - 04:42 PM

been having problems with the on-line scan besides it will take a few days since my HD is big.

Thanks

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 21 May 2009 - 04:57 PM

Ok.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 techtalk

techtalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 23 May 2009 - 03:07 PM

At last here are the reports:

Malwarebytes' Anti-Malware 1.36
Database version: 2171
Windows 5.1.2600 Service Pack 3

5/23/2009 8:52:53 PM
mbam-log-2009-05-23 (20-52-53).txt

Scan type: Quick Scan
Objects scanned: 82065
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 21, 2009 21:16:26
Records in database: 2211439
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 125103
Threat name: 10
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 47:40:11


File name / Threat name / Threats count
H:\Armazem\Ficheiros\Programas usados,+ em P2P\CryptLoad\CryptLoad_1.0.4.rar Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar Infected: not-a-virus:Monitor.Win32.Perflogger.ad 1
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar Infected: not-a-virus:Monitor.Win32.Perflogger.cm 1
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar Infected: not-a-virus:Monitor.Win32.Perflogger.ca 2
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar Infected: not-a-virus:Monitor.Win32.Perflogger.cj 1
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar Infected: not-a-virus:Monitor.Win32.Perflogger.fq 1
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar Infected: not-a-virus:Monitor.Win32.Perflogger.cb 1
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Smart Keystroke Recorder Pro Edition\Smart.Keystroke.Recorder.Pro.Edition_by_shanu.rar Infected: not-a-virus:Monitor.Win32.SKRecorder.a 2
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Video converters\Any Video Converter\AVC.Pro.v2.6.3.incl.Patch_zyberakuma\Any.Video.Converter.Professional.v2.6.3.incl.Patch_zyberakuma\Patch\any.video.converter_universal_patch_by_ChupaChu.exe Infected: Trojan.Win32.Genome.cge 1
H:\Downloads\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

The selected area was scanned.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 24 May 2009 - 09:46 AM

Hello.

Kaspersky detected several keylogger related files and some other things.

H:\Armazem\Ficheiros\Programas usados,+ em P2P\CryptLoad\CryptLoad_1.0.4.rar
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar <- I would in fact delete that whole FOLDER (bolded).
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Perfect Keylogger, é detectado virus mas é devido a natureza do programa\Perfect.Keylogger.v1.6.7.By.ido_51_WaReZ-BB.org.rar
H:\Armazem\Ficheiros\Programas usados,+ em P2P\Keyloggers\Smart Keystroke Recorder Pro Edition\Smart.Keystroke.Recorder.Pro.Edition_by_shanu.rar

H:\Armazem\Ficheiros\Programas usados,+ em P2P\Video converters\Any Video Converter\AVC.Pro.v2.6.3.incl.Patch_zyberakuma\Any.Video.Converter.Professional.v2.6.3.incl.Patch_zyberakuma\Patch\any.video.converter_universal_patch_by_ChupaChu.exe
H:\Downloads\mirc617.exe
^^These two above are optional.


Post a new set of DDS log afterwards and let me know how your computer is running? What symptoms do you still have?

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 techtalk

techtalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2009 - 11:08 AM

Deleted all malware detected by Kaspersky.



DDS (Ver_09-05-14.01) - NTFSx86
Run by Dontcare at 17:06:09.93 on Sun 05/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1216 [GMT 1:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
F:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ESET\ESET Smart Security\egui.exe
F:\Program Files\NetLimiter\NetLimiter.exe
F:\WINDOWS\system32\CTXFIHLP.EXE
F:\WINDOWS\SYSTEM32\CTXFISPI.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Chaos Software\Intellect\alarm.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Logitech\SetPoint II\SetpointII.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
F:\Program Files\ESET\ESET Smart Security\ekrn.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
F:\WINDOWS\system32\PSIService.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Winamp\winamp.exe
F:\Program Files\AllerCalc\AllerCalc.exe
F:\Documents and Settings\Dontcare\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - f:\program files\orbitdownloader\orbitcth.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - f:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre6\bin\ssv.dll
BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - f:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - f:\program files\siber systems\ai roboform\roboform.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [SkinClock] f:\program files\atomic alarm clock\AtomicAlarmClock.exe
uRun: [swg] f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "f:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [alarm.exe] "f:\program files\chaos software\intellect\alarm.exe"
uRun: [uTorrent] "f:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
mRun: [Ad-Watch] f:\program files\lavasoft\ad-aware\Ad-Watch.exe
mRun: [egui] "f:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [UVS12 Preload] f:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [NetLimiter] f:\program files\netlimiter\NetLimiter.exe /s
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
StartupFolder: f:\docume~1\dontcare\startm~1\programs\startup\compil~1.lnk - h:\música convertida, usar o i e anotar kbps\Compilação das melhores bandas sonoras - 413 músicas
StartupFolder: f:\docume~1\dontcare\startm~1\programs\startup\mozill~1.lnk - f:\program files\mozilla firefox\firefox.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - f:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\Orbit.lnk -
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\setpoi~1.lnk - f:\program files\logitech\setpoint ii\SetpointII.exe
IE: &Download by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/204
IE: Copy to &Lightning Note - f:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: Do&wnload selected by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - f:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - f:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: Preencher - file://f:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - f:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - f:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
LSP: f:\program files\netlimiter\nl_lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214280138000
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214310942078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - f:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\dontcare\applic~1\mozilla\firefox\profiles\1gr7xt2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: f:\documents and settings\dontcare\application data\mozilla\firefox\profiles\1gr7xt2p.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: f:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: f:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: f:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;f:\program files\lavasoft\ad-aware\aawservice.exe [2008-6-2 611664]
R2 ekrn;Eset Service;f:\program files\eset\eset smart security\ekrn.exe [2008-8-18 468224]
R2 LBeepKE;LBeepKE;f:\windows\system32\drivers\LBeepKE.sys [2009-1-27 10384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-17 210216]
R3 CT20XUT.SYS;CT20XUT.SYS;f:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;f:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;f:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;f:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;f:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-9-6 79360]
S3 CT20XUT;CT20XUT;f:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;f:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;f:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 getPlus® Helper;getPlus® Helper;f:\program files\nos\bin\getPlus_HelperSvc.exe [2009-5-15 33176]
S3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder/Decoder);f:\windows\system32\drivers\hcwpvrp2.sys --> f:\windows\system32\drivers\hcwPVRP2.sys [?]
S3 iadusb;MT882;f:\windows\system32\drivers\glauiad.sys --> f:\windows\system32\drivers\glauiad.sys [?]
S3 rootrepeal;rootrepeal;\??\f:\windows\system32\drivers\rootrepeal.sys --> f:\windows\system32\drivers\rootrepeal.sys [?]
S3 usb2vcom;USB to Serial Bridge Controller;f:\windows\system32\drivers\usb2vcom.sys [2008-10-13 30368]

=============== Created Last 30 ================

2009-05-17 18:36 <DIR> --d----- f:\program files\common files\McAfee
2009-05-17 18:35 <DIR> --d----- f:\program files\McAfee
2009-05-02 20:42 <DIR> -cd-h--- f:\windows\ie8
2009-04-30 18:55 1,856,577 -------- f:\windows\NEOS-S~1.CAB
2009-04-30 18:55 1,596 a------- f:\windows\ST6UNST.000
2009-04-30 18:52 <DIR> --d----- f:\program files\Neo's SafeKeys
2009-04-30 18:52 286,720 -------- f:\windows\Setup1.exe
2009-04-30 18:52 73,216 a------- f:\windows\ST6UNST.EXE
2009-04-27 23:06 497,496 a------- f:\windows\system32\XceedZip.dll
2009-04-26 13:20 15,504 a------- f:\windows\system32\drivers\mbam.sys
2009-04-26 13:20 38,496 a------- f:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 13:20 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- f:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- f:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- f:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- f:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- f:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- f:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- f:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- f:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- f:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- f:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- f:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- f:\windows\system32\pdh.dll
2008-12-02 03:41 3,766 a--sh--- f:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-11-29 02:35 88 ---shr-- f:\docume~1\alluse~1\applic~1\FBB9B00AFD.sys

============= FINISH: 17:06:43.43 ===============









UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/24/2008 12:13:01 AM
System Uptime: 5/24/2009 11:02:38 AM (6 hours ago)

Motherboard: ASUSTeK Computer Inc. | | P4C800
Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2798/200mhz

==== Disk Partitions =========================

A: is Removable
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 112 GiB total, 54.099 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 699 GiB total, 59.96 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6680
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6680
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1: 5/3/2009 1:17:55 PM - System Checkpoint
RP2: 5/4/2009 1:15:55 AM - Removed Java™ 6 Update 7
RP3: 5/5/2009 10:45:29 PM - System Checkpoint
RP4: 5/7/2009 9:07:36 PM - System Checkpoint
RP5: 5/9/2009 1:30:15 PM - System Checkpoint
RP6: 5/10/2009 1:33:21 PM - System Checkpoint
RP7: 5/11/2009 1:41:22 PM - System Checkpoint
RP8: 5/12/2009 1:49:09 PM - System Checkpoint
RP9: 5/12/2009 7:52:22 PM - Removed SUPERAntiSpyware Free Edition
RP10: 5/12/2009 10:08:23 PM - Removido Adobe Reader 8.1.4 - Português
RP11: 5/14/2009 1:58:15 PM - System Checkpoint
RP12: 5/16/2009 1:20:52 PM - System Checkpoint
RP13: 5/17/2009 10:01:42 PM - System Checkpoint
RP14: 5/18/2009 10:13:26 PM - System Checkpoint
RP15: 5/19/2009 10:29:10 PM - System Checkpoint
RP16: 5/20/2009 6:51:25 PM - Logitech SetPoint 5.10
RP17: 5/21/2009 8:19:02 PM - System Checkpoint
RP18: 5/23/2009 10:07:11 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Ad-Aware
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
AI RoboForm
AllerCalc
Amiga SWOS v1.02
Apple Software Update
Assistente de Início de Sessão do Windows Live
ATI - Software Uninstall Utility
ATI Display Driver
Atomic Alarm Clock 5.2
AutoUpdate
Avant Browser (remove only)
Battlefield 2™
BS.Player PRO
CCleaner (remove only)
CDDRV_Installer
Chinese Traditional Fonts Support For Adobe Reader 8
Choice Guard
Condemned - Criminal Origins
Corel VideoStudio 12
Creative Audio Control Panel
Creative Console Launcher
Critical Update for Windows Media Player 11 (KB959772)
Daikatana
DivX Codec
Easy CD-DA Extractor 11
EAX4 Unified Redist
EditPlus 3
eMule
ESET Smart Security
FastStone Capture 5.8
Ferramenta de Carregamento do Windows Live
FLV Player 2.0 (build 25)
FoxyTunes for Firefox
getPlus® for Adobe
GOM Player
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Photo and Imaging 2.0 - Scanners
ImagXpress
Java™ 6 Update 13
K-Lite Codec Pack 4.3.4 (Standard)
KeePass Password Safe 1.11
KhalInstallWrapper
Liquidator
Logitech SetPoint
Logitech SetPoint 5.10
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSN Winks Installer
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Natura Sound Therapy
Need for Speed™ Most Wanted
Neo's SafeKeys 2008
Nero 7 Premium
Nero ControlCenter
neroxml
NetLimiter 1.30 (remove only)
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
OpenAL
Orbit Downloader
OutRun2006 Coast 2 Coast
PC Connectivity Solution
Peter Jackson's King Kong - The Official Game of the Movie
Photoshop Camera Raw
Quake
Quake II
QuickTime
S.T.A.L.K.E.R. - Clear Sky [v1.0007]
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Security Task Manager 1.7f
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Spybot - Search & Destroy
Suite Shared Configuration CS4
Timex Data Link USB
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6b
VideoStudio
WebFldrs XP
Winamp
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WristApp Installer
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0
Zip Motion Block Video codec (Remove Only)

==== Event Viewer Messages From Past Week ========

5/19/2009 8:29:38 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/19/2009 7:13:58 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
5/19/2009 7:11:40 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
5/19/2009 7:11:40 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 24 May 2009 - 11:11 AM

Hello.

...and let me know how your computer is running? What symptoms do you still have?

~Extremeboy

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 techtalk

techtalk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2009 - 12:45 PM

I forgot,

Computer is running OK.

Edited by techtalk, 24 May 2009 - 12:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users