Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: WordPress Websites Compromised by the Thousands Redirect to Tech-Support Scams

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

virus? cant even activate vista :(

Started by fpnc , Jul 24 2009 07:02 AM

This topic is locked

14 replies to this topic

#1 fpnc

Members
14 posts
OFFLINE

Local time:10:34 AM

Posted 24 July 2009 - 07:02 AM

Hey guys

I got a very weird problem that i never encountered before

i download a game and when i installed it my computer simply crashed. When it restarted a window appear for to to active windows vista..
i was like WTF :S...then i tryed to activate it and this error appears

Posted Image

i searched on google and saw was some kind of virus, so i run some anti-virus like spybot and Malwarebyte on safemode..they encounter some virus, deleted it but the problem continues..i installed Dr.web too but dunno why it crashed when i try to open it and cant even uninstal now -_-``

anyway i hope u guys can help me cause i am afraid i can lose my windows key

here goes the hijackthislog

many thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:57, on 24-07-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\DrWeb\SpIDerAgent.exe
C:\Program Files\DrWeb\SpIDerMl.exe
C:\Program Files\DrWeb\spiderui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe"
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...572/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Norton 2009 Reset .norton2009ResetAeLookupSvc (.norton2009ResetAeLookupSvc) - Unknown owner - C:\Windows\TEMP\ctwwftngnn.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6971 bytes

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 schrauber

Mr.Mechanic

Malware Response Team
24,794 posts
OFFLINE

Gender:Male
Location:Munich,Germany
Local time:10:34 AM

Posted 04 August 2009 - 11:30 AM

Hello fpnc and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#3 fpnc

Topic Starter

Members
14 posts
OFFLINE

Local time:10:34 AM

Posted 04 August 2009 - 02:16 PM

Helllo and thanks for answering

Unfortunately the problem persists

i am experience exactly the same...like i said i downloaded a game from the internet, then when after installing the pc just crashed...when it restarted my validation of windows vista was gone and everytime i try validate it this error appears

http://i25.tinypic.com/344yy61.jpg

a detail i forgot to mention before is that my pc dont find the cd/dvd recorder on my pc

Posted Image

and it seems that the cookies on my pc arent working since i have to put username and pass on various sites and it never rebembers them when before this all worked fine

hope u guys can help me eheh :thumbup2:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Paulo Machado at 19:58:54,42 on 04-08-2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2280 [GMT 1:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\TEMP\ctwwftngnn.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\twex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DrWeb\SpIDerAgent.exe
C:\Program Files\DrWeb\SpIDerMl.exe
C:\Program Files\DrWeb\spiderui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\TEMP\ctwwftngnn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Paulo Machado\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ww.google.pt/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe"
mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe"
mRun: [SpIDerNT] c:\progra~1\drweb\spiderui.exe /agent
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
LSP: c:\program files\drweb\drwebsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5572/mcfscan.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: rbadzm - rbadzm.dll

============= SERVICES / DRIVERS ===============

R?2 .norton2009ResetAeLookupSvc;Norton 2009 Reset .norton2009ResetAeLookupSvc;c:\windows\temp\ctwwftngnn.exe service --> c:\windows\temp\ctwwftngnn.exe service [?]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2009-7-24 101496]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2009-1-21 886072]
R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\drweb\spider.sys [2009-4-16 394184]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1E60x86.sys [2008-9-23 48128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-12-23 250880]
S1 rbadza;RAMDAC XGPU Controller;c:\windows\system32\rbadza.sys [2009-7-27 8416]
S1 SliceDisk5;SliceDisk5;c:\users\paulom~1\appdata\local\temp\slicedisk.sys [2009-7-27 8416]
S2 .norton2009ResetAeLookupSvcAeLookupSvc;Norton 2009 Reset .norton2009ResetAeLookupSvc .norton2009ResetAeLookupSvcAeLookupSvc;c:\windows\temp\qwkrafjcle.exe service --> c:\windows\temp\qwkrafjcle.exe service [?]
S2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\drweb\spidernt.exe [2009-4-16 251144]

=============== Created Last 30 ================

2009-07-30 16:59 <DIR> --dsh--- c:\windows\system32\twain32
2009-07-27 20:54 8,416 a------- c:\windows\system32\drivers\ovfsthqdoqewrrbckudcaqfiphtacptdgtcgfe.sys
2009-07-27 20:54 8,416 a------- c:\windows\system32\drivers\nwlnkfwd.sys
2009-07-27 20:54 8,416 a------- c:\windows\system32\drivers\nwlnkflt.sys
2009-07-27 20:54 8,416 a------- c:\windows\system32\drivers\ipinip.sys
2009-07-27 20:54 8,416 a------- c:\windows\system32\drivers\blbdrive.sys
2009-07-27 20:54 23,155 a------- c:\windows\system32\rbadzm.dll
2009-07-27 20:54 8,416 a------- c:\windows\system32\rbadza.sys
2009-07-24 12:30 <DIR> --d----- c:\programdata\Windows Genuine Advantage
2009-07-24 11:29 <DIR> --d----- C:\00000082
2009-07-24 11:18 <DIR> --d----- c:\users\paulo machado\DoctorWeb
2009-07-24 11:18 101,496 a------- c:\windows\system32\drivers\dwprot.sys
2009-07-24 11:18 <DIR> --d----- c:\programdata\Doctor Web
2009-07-24 11:18 <DIR> --d----- c:\program files\DrWeb
2009-07-24 11:18 <DIR> --d----- c:\program files\common files\Doctor Web
2009-07-24 11:18 <DIR> --d----- c:\progra~2\Doctor Web
2009-07-24 03:56 <DIR> --d----- c:\users\paulom~1\appdata\roaming\Malwarebytes
2009-07-24 03:56 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-24 03:56 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-24 03:35 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-24 03:34 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-24 02:00 <DIR> --d----- c:\programdata\FarmFrenzy-PizzaParty
2009-07-24 02:00 <DIR> --d----- c:\progra~2\FarmFrenzy-PizzaParty
2009-07-21 12:29 <DIR> --d----- c:\programdata\Symantec
2009-07-21 12:29 <DIR> --d----- c:\progra~2\Symantec
2009-07-21 12:28 <DIR> --d----- c:\programdata\Norton
2009-07-21 12:28 <DIR> --d----- c:\progra~2\Norton
2009-07-21 12:27 <DIR> --d----- c:\programdata\NortonInstaller
2009-07-21 12:27 <DIR> --d----- c:\progra~2\NortonInstaller
2009-07-20 19:23 <DIR> --d----- c:\programdata\ESET
2009-07-15 18:09 <DIR> --d----- c:\program files\BT Next Evolution
2009-07-15 10:46 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 10:46 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 10:46 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 10:46 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-08-04 19:11 664,232 a------- c:\windows\system32\prfh0816.dat
2009-08-04 19:11 136,912 a------- c:\windows\system32\prfc0816.dat
2009-08-04 19:08 51,200 a------- c:\windows\inf\infpub.dat
2009-07-27 20:54 8,416 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 11:27 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-24 11:27 86,016 a------- c:\windows\inf\infstor.dat
2009-07-24 10:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-20 13:22 348,160 a------- c:\windows\system32\msvcr71.dll
2009-05-21 17:29 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-01 19:43 47,360 a------- c:\users\paulom~1\appdata\roaming\pcouffin.sys
2008-12-30 21:49 22,328 a------- c:\users\paulom~1\appdata\roaming\PnkBstrK.sys
2008-12-25 21:31 174 a--sh--- c:\program files\desktop.ini
2007-01-18 05:46 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat
2007-01-18 05:46 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat
2007-01-18 05:46 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat
2007-01-18 05:46 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:01:28,09 ===============

#4 PropagandaPanda

Malware Response Team
10,433 posts
OFFLINE

Gender:Male
Local time:05:34 AM

Posted 05 August 2009 - 09:46 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

I see evidence that you are using a program to reset the Norton trial. Please remove this.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.

Close all other open programs as there is a slight chance your computer will crash.
Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
Leaving the settings at default, click Scan.
When the scan is complete, click Save and save the log onto your desktop.

Please include the log in your next reply.

In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#5 fpnc

Topic Starter

Members
14 posts
OFFLINE

Local time:10:34 AM

Posted 05 August 2009 - 05:38 PM

Hello Panda

looks much better now...windows vista was able to validate and my dvd drive appear again eheh

here goes the logs (didnt undertand if u wanted them attached or not sorry :thumbup2:

)

COMBOFIX LOG

ComboFix 09-08-04.03 - Paulo Machado 05-08-2009 19:17.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2874 [GMT 1:00]
Executando de: c:\users\Paulo Machado\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Paulo Machado\Desktop\Windows Live Messenger .lnk
c:\windows\Installer\305ca.msi
c:\windows\Installer\6d241.msi
c:\windows\system32\drivers\hjgruixeiwmgev.sys
c:\windows\system32\drivers\ovfsthqdoqewrrbckudcaqfiphtacptdgtcgfe.sys
c:\windows\system32\hjgruidicsmcvx.dat
c:\windows\system32\hjgruiqoecshck.dll
c:\windows\system32\hjgruixpypovtt.dll
c:\windows\system32\hjgruiylkrvmqt.dat
c:\windows\system32\rbadza.sys
c:\windows\system32\SelfDel.bat
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twain32\user.ds.lll
c:\windows\system32\twex.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruieqsfquir
-------\Legacy_RBADZA
-------\Service_rbadza
-------\Service_ovfsthyqfmfpctuanxtktragmotwroecmehugu

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-05 to 2009-08-05 ))))))))))))))))))))))))))))
.

2009-08-05 18:22 . 2009-08-05 18:24 -------- d-----w- c:\users\Paulo Machado\AppData\Local\temp
2009-08-05 18:22 . 2009-08-05 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 14:09 . 2009-08-05 16:01 -------- d-----w- c:\programdata\FarmFrenzy3
2009-08-05 14:08 . 2009-08-05 14:08 -------- d-----w- c:\program files\Alawar
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\ipinip.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\blbdrive.sys
2009-07-27 19:54 . 2009-07-27 19:54 23155 ----a-w- c:\windows\system32\rbadzm.dll
2009-07-24 10:29 . 2009-07-24 10:29 -------- d-----w- C:\00000082
2009-07-24 10:18 . 2009-07-24 10:25 -------- d-----w- c:\users\Paulo Machado\DoctorWeb
2009-07-24 10:18 . 2009-04-07 15:01 101496 ----a-w- c:\windows\system32\drivers\dwprot.sys
2009-07-24 10:18 . 2009-07-24 10:18 -------- d-----w- c:\programdata\Doctor Web
2009-07-24 10:18 . 2009-07-24 10:18 -------- d-----w- c:\program files\Common Files\Doctor Web
2009-07-24 02:56 . 2009-07-24 02:56 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\Malwarebytes
2009-07-24 02:56 . 2009-07-24 02:56 -------- d-----w- c:\programdata\Malwarebytes
2009-07-24 02:34 . 2009-07-24 02:34 -------- d-----w- c:\windows\system32\EventProviders
2009-07-24 01:00 . 2009-07-24 02:00 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty
2009-07-24 00:35 . 2009-07-24 00:35 -------- d-----w- c:\users\Paulo Machado\AppData\Local\Symantec
2009-07-21 11:29 . 2009-07-21 11:30 -------- d-----w- c:\programdata\Symantec
2009-07-21 11:28 . 2009-07-24 10:27 -------- d-----w- c:\programdata\Norton
2009-07-21 11:27 . 2009-07-21 11:27 -------- d-----w- c:\programdata\NortonInstaller
2009-07-15 17:09 . 2009-07-21 11:00 -------- d-----w- c:\program files\BT Next Evolution
2009-07-15 09:46 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 09:46 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 09:46 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 09:46 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 17:37 . 2007-01-18 04:49 677720 ----a-w- c:\windows\system32\prfh0816.dat
2009-08-05 17:37 . 2007-01-18 04:49 149824 ----a-w- c:\windows\system32\prfc0816.dat
2009-08-05 13:35 . 2009-01-03 21:33 -------- d-----w- c:\program files\Steam
2009-07-27 19:54 . 2008-12-28 15:33 8416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-27 17:50 . 2009-01-26 00:58 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\dvdcss
2009-07-24 10:14 . 2009-04-03 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-24 09:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-24 02:26 . 2009-06-25 19:28 -------- d-----w- c:\program files\Google
2009-07-21 21:52 . 2009-07-29 08:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 13:10 . 2008-12-26 22:09 -------- d-----w- c:\programdata\McAfee
2009-07-20 12:22 . 2006-07-11 18:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-15 14:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-03 23:53 . 2009-01-03 21:33 -------- d-----w- c:\program files\Common Files\Steam
2009-06-27 12:58 . 2009-06-27 12:55 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\DataCast
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\program files\MarkAny
2009-06-27 12:55 . 2008-12-23 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\program files\Samsung
2009-06-26 01:47 . 2009-06-26 01:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-26 01:46 . 2009-06-26 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-26 01:40 . 2009-04-05 21:45 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Lite
2009-06-26 01:39 . 2009-06-26 01:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-25 21:45 . 2009-06-25 21:45 -------- d-----w- c:\program files\Codemasters
2009-06-20 21:14 . 2009-02-11 12:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 15:03 . 2008-12-23 20:42 85600 ----a-w- c:\users\Paulo Machado\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 12:05 . 2008-12-24 11:12 1 ----a-w- c:\users\Paulo Machado\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 16:29 . 2009-05-21 16:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-03-19 20:12 . 2009-01-12 20:22 48 --sh--w- c:\windows\SBE112F39.tmp
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 81920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-03-25 14131200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rbadzm]
2009-07-27 19:54 23155 ----a-w- c:\windows\System32\rbadzm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Paulo Machado^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Paulo Machado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130331581-1154666309-3599531796-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{67A44428-8E3C-4E2F-8096-8A7FEFD888AF}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"UDP Query User{BB953416-7053-4397-ACA3-6848F4C66C5D}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"{E39BE721-5CDA-4037-949C-D8255BF12F55}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41F518AF-6619-475C-9571-7AE32D503553}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7E0F28FE-3BAA-482C-8717-E03CE31FEFAA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{345CB6E6-67E2-4D04-9620-74D5D486F9F3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8A60D238-6FC9-45F6-842E-762E1C4F25C3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{EE506C63-7222-4C03-9AA3-0CBC5C9AB3A2}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8B10CCD6-0E15-4DA6-9686-2ABEF2833063}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C959D744-95CC-4AAB-912D-019D22837FEB}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2FF38F3F-A204-4A70-8C4A-C05773FE5AE4}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B79FE053-1C6F-4452-9A91-1B621D7E859F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{F29318F3-57B0-40E5-B1C1-CDB4D879558D}"= UDP:c:\windows\explorer.exe:Explorer
"{3A8387B3-5E21-403A-B01E-377F3079396F}"= TCP:c:\windows\explorer.exe:Explorer
"{5DE32FDB-C968-4EB8-9CBE-7D14623AB039}"= UDP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4CD3435D-AAD7-41AD-A68D-E8525291A5CF}"= TCP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4AF792AE-81E1-4C2F-AD59-42204C3DA3FE}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{FFABDF6C-081F-4D75-BC00-92B40780A83B}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{04DC8800-C282-451F-9FEC-A701637483BF}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ABCEAE1D-9459-4DF6-92F6-5D6320D14CA8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CA3C2CB3-CB47-4D24-9CD7-21235544BA49}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F6369-FEB2-4911-B8EF-F86C2C2F045B}"= UDP:c:\windows\System32\wininit.exe:wininit
"{31BEE82B-623A-4FD6-810F-2BF4FC1FC226}"= TCP:c:\windows\System32\wininit.exe:wininit
"{A52613FC-8C13-4032-8F19-0D15642E47E9}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{47BA3F39-3B61-452F-A482-3C3A1C5E8D76}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{58F3643E-A491-4F8A-B1DE-90A9DB4DC485}"= UDP:c:\windows\System32\services.exe:services
"{3952E4EF-6AB9-42A1-B415-465D1B27B121}"= TCP:c:\windows\System32\services.exe:services
"{0BB51D01-E942-4411-9C21-2B6F40816568}"= UDP:c:\windows\System32\services.exe:services
"{40BB5D3C-C509-47B5-8E10-FAEA38C48533}"= TCP:c:\windows\System32\services.exe:services
"{46603B7B-3C9B-4923-8296-6112CBAEA290}"= UDP:c:\windows\System32\lsass.exe:lsass
"{8EEF70C8-D19C-41AA-829F-C171A939F596}"= TCP:c:\windows\System32\lsass.exe:lsass
"{FEEB1D79-EA81-4655-A2D8-1530C0CEAFE1}"= UDP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{8582C608-FE0E-42FE-BEB1-5BB16824FBEF}"= TCP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{964530BF-4818-4B67-BF13-DBEA850CEFEC}"= UDP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{2210A3C2-6B33-4685-B081-DCC8B7C9F35D}"= TCP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{7B3EDE70-0871-4EF1-B94A-AA1CC9F91439}"= UDP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{17AD1397-5975-494E-9355-94D789E7CA9A}"= TCP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{3214D0D9-C7CD-470D-A706-52431F048D2F}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{754847D7-B6E4-4351-84C7-3AEA97434079}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{36395B9A-C60C-48AB-B8C4-5726E6A9C719}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{064E850C-4682-465E-818F-D553E683E231}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{77F92F00-7B90-4623-B2E7-645727230791}"= UDP:c:\windows\explorer.exe:Explorer
"{F8063591-42AB-4143-8E5F-F2F0D6317663}"= TCP:c:\windows\explorer.exe:Explorer
"{A32F622D-25F0-477E-A5FF-B1B73CA84EA6}"= UDP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{E26E5B36-3E35-4C9B-98EC-F54F1A007E06}"= TCP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{BBBB5268-C05B-4BFE-BAEA-31536E76D7D8}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{5799FA8B-B384-483D-A66C-88C127FBAB20}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{C4606F59-A627-4BFB-98BA-731B30DB55F6}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{C97C069A-2F0D-4469-B5DF-1640115E54DD}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{A2A313F6-5C48-4345-98E0-69C0B217EF9F}"= UDP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{05A601D6-6206-4B59-A7ED-B6C219CEEA16}"= TCP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{64CCF949-895C-4D45-88FC-5F1A6F610B5F}"= UDP:c:\program files\BT Next Evolution\btnext.exe:BT Next Evolution
"{B40FFDC6-BA4E-413E-A9CE-4E13CE1A5762}"= TCP:c:\program files\BT Next Evolution\btnext.exe:BT Next Evolution
"{086310FB-61DE-46E4-B0E5-F3C0DF5CDBA4}"= UDP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{D3871CD2-FAD2-4813-9B4D-5E70B449FE72}"= TCP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{C9AC6928-D0E2-4433-AA9D-AD094396780F}"= UDP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{254BC55F-F37A-4FE0-938D-2C6D2DA77A7E}"= TCP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{E7D424AA-4FFD-473C-AE6A-13821DFBAC74}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{AC607783-0EEC-4710-A7C6-E5846050325F}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{19171C3B-E031-4834-A976-31A558B849EC}c:\\program files\\steam\\steamapps\\_ultima_\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\_ultima_\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F4C3C9D2-064F-4771-A8B9-3A4153BA796E}c:\\program files\\steam\\steamapps\\_ultima_\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\_ultima_\counter-strike\hl.exe:Half-Life Launcher

R0 DwProt;DrWeb Protection;c:\windows\System32\drivers\dwprot.sys [24-07-2009 11:18 101496]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [21-01-2009 16:09 886072]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [23-09-2008 17:15 48128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [23-12-2008 22:05 250880]
S2 .norton2009ResetAeLookupSvc;Norton 2009 Reset .norton2009ResetAeLookupSvc;c:\windows\TEMP\ctwwftngnn.exe service --> c:\windows\TEMP\ctwwftngnn.exe service [?]
S2 .norton2009ResetAeLookupSvcAeLookupSvc;Norton 2009 Reset .norton2009ResetAeLookupSvc .norton2009ResetAeLookupSvcAeLookupSvc;c:\windows\TEMP\qwkrafjcle.exe service --> c:\windows\TEMP\qwkrafjcle.exe service [?]
S2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe --> c:\progra~1\DrWeb\spidernt.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Conteúdo da pasta 'Tarefas Agendadas'
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-SpIDerAgent - c:\program files\DrWeb\SpIDerAgent.exe
HKLM-Run-SpIDerMail - c:\program files\DrWeb\spiderml.exe
HKLM-Run-SpIDerNT - c:\progra~1\DrWeb\spiderui.exe
SafeBoot-rbadza.sys

.
------- Scan Suplementar -------
.
uStart Page = hxxp://ww.google.pt/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\DrWeb\drwebsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 19:24
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-08-05 19:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-08-05 18:28

Pré-execução: 48.882.094.080 bytes livres
Pós execução: 49.904.967.680 bytes livres

263 --- E O F --- 2009-07-30 07:36

GMER LOG

GMER 1.0.15.15011 [jk3lv1dh.exe] - http://www.gmer.net
Rootkit scan 2009-08-05 23:31:17
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\sptd.sys IoCreateFile

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!IoCreateFile 82677768 5 Bytes JMP 8FD5D5F7 \SystemRoot\System32\Drivers\sptd.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestor de Filtros de Sistema de Ficheiros da Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq@imagepath \systemroot\system32\drivers\ovfsthmsxjufblmodylupnlhckvsqiqvlmetrj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq@inst 0
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main@ver dec310309
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main@cid 01
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main@bid 887125247-1130331581-1154666309-3599531796
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main@aid 303369
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main@sid 16
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main@cmddelay 14401
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main\injector@iexplore.exe ovfsthwi.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main\injector@explorer.exe ovfsthff.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\modules@ovfsth.dll \systemroot\system32\ovfsthrdptrmbioxigtmvfqckrcbsyuoxibyeg.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthmsxjufblmodylupnlhckvsqiqvlmetrj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\modules@ovfsthlog.dat \systemroot\system32\ovfsthpfxkrxdutpcveucdaprwdcwuwiawexvr.dat
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\modules@ovfsthwi.dll \systemroot\system32\ovfsthdcbqtpduebpdbhbsodivodftuajbpypl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\modules@ovfsthff.dll \systemroot\system32\ovfsthnerqipbrgnpuijtpbikxnsutfqhxphwt.dll
Reg HKLM\SYSTEM\ControlSet001\Services\ovfsthjsfvtxcnivsvwvpmeorvoxeqtebewffq\modules@ovfsth.dat \systemroot\system32\ovfsthuxodeeoaxbenuibgglhboemptbsjgwio.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x00 0xD6 0x5C 0xBF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0x69 0x0E 0x9F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x79 0x9B 0xE7 0x8A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAA 0xB8 0x47 0xA1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x33 0xD5 0x17 0x0F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x02 0x19 0x9B 0xAC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEE 0x87 0x49 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0x69 0x0E 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x79 0x9B 0xE7 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0xB3 0xA0 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6B 0xF8 0xC2 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x2D 0x84 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAA 0xB8 0x47 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xA5 0x69 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x45 0x85 0xD9 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEE 0x87 0x49 0xE1 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0x69 0x0E 0x9F ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x79 0x9B 0xE7 0x8A ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0xB3 0xA0 0xA8 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6B 0xF8 0xC2 0x1F ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x2D 0x84 0xE5 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAA 0xB8 0x47 0xA1 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xA5 0x69 0xFC ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x45 0x85 0xD9 0x28 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xB3 0x13 0x52 0xA9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- EOF - GMER 1.0.15 ----

PS: only change i made since i started the topic was deleting dr.web antivirus

many thanks

#6 PropagandaPanda

Malware Response Team
10,433 posts
OFFLINE

Gender:Male
Local time:05:34 AM

Posted 05 August 2009 - 09:10 PM

Hello.

Run ComboFix with CFScript
We will run ComboFix again with a script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.

Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:

http://www.bleepingcomputer.com/forums/t/244060/virus-cant-even-activate-vista/

Suspect::[59]
c:\windows\system32\drivers\blbdrive.sys
c:\windows\system32\drivers\ipinip.sys

FileLook::
c:\windows\system32\drivers\blbdrive.sys
c:\windows\system32\drivers\ipinip.sys

File::
c:\windows\System32\rbadzm.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rbadzm]

Driver::
.norton2009ResetAeLookupSvc
.norton2009ResetAeLookupSvcAeLookupSvc
SPIDERNT

Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).

If you have trouble updating, try the other mirror download site.
Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simply double click the file to install the updates.
If MalwareBytes asks to reboot to remove certain items, do so right away.

Please include the scan logfile in your next reply.

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#7 fpnc

Topic Starter

Members
14 posts
OFFLINE

Local time:10:34 AM

Posted 09 August 2009 - 12:48 PM

i am sorry for the delay, had some problems i had to attempt to :thumbup2:

here goes the logs
just 1 thing...

i don`t have internet on the computer (dunno why), my modem is ok and i even called to my isp company but they say all ok there the problem is mine
could it be virus or by using combofix something was deleted?

COMBOFIX LOG

ComboFix 09-08-04.03 - Paulo Machado 06-08-2009 12:11.5.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2698 [GMT 1:00]
Executando de: c:\users\Paulo Machado\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Paulo Machado\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\System32\rbadzm.dll"

file zipped: c:\windows\System32\drivers\blbdrive.sys
file zipped: c:\windows\System32\drivers\ipinip.sys
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\rbadzm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.norton2009ResetAeLookupSvc
-------\Service_.norton2009ResetAeLookupSvcAeLookupSvc

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-06 to 2009-08-06 ))))))))))))))))))))))))))))
.

2009-08-06 11:13 . 2009-08-06 11:15 -------- d-----w- c:\users\Paulo Machado\AppData\Local\temp
2009-08-06 11:13 . 2009-08-06 11:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-06 11:13 . 2009-08-06 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 14:09 . 2009-08-05 16:01 -------- d-----w- c:\programdata\FarmFrenzy3
2009-08-05 14:08 . 2009-08-05 14:08 -------- d-----w- c:\program files\Alawar
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\ipinip.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\blbdrive.sys
2009-07-24 10:29 . 2009-07-24 10:29 -------- d-----w- C:\00000082
2009-07-24 10:18 . 2009-07-24 10:25 -------- d-----w- c:\users\Paulo Machado\DoctorWeb
2009-07-24 02:56 . 2009-07-24 02:56 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\Malwarebytes
2009-07-24 02:56 . 2009-07-24 02:56 -------- d-----w- c:\programdata\Malwarebytes
2009-07-24 02:34 . 2009-07-24 02:34 -------- d-----w- c:\windows\system32\EventProviders
2009-07-24 01:00 . 2009-07-24 02:00 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty
2009-07-24 00:35 . 2009-07-24 00:35 -------- d-----w- c:\users\Paulo Machado\AppData\Local\Symantec
2009-07-21 11:29 . 2009-07-21 11:30 -------- d-----w- c:\programdata\Symantec
2009-07-21 11:28 . 2009-07-24 10:27 -------- d-----w- c:\programdata\Norton
2009-07-21 11:27 . 2009-07-21 11:27 -------- d-----w- c:\programdata\NortonInstaller
2009-07-15 17:09 . 2009-07-21 11:00 -------- d-----w- c:\program files\BT Next Evolution
2009-07-15 09:46 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 09:46 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 09:46 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 09:46 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 11:10 . 2007-01-18 04:49 713688 ----a-w- c:\windows\system32\prfh0816.dat
2009-08-06 11:10 . 2007-01-18 04:49 184256 ----a-w- c:\windows\system32\prfc0816.dat
2009-08-05 13:35 . 2009-01-03 21:33 -------- d-----w- c:\program files\Steam
2009-07-27 19:54 . 2008-12-28 15:33 8416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-27 17:50 . 2009-01-26 00:58 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\dvdcss
2009-07-24 10:14 . 2009-04-03 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-24 09:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-24 02:26 . 2009-06-25 19:28 -------- d-----w- c:\program files\Google
2009-07-21 21:52 . 2009-07-29 08:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 13:10 . 2008-12-26 22:09 -------- d-----w- c:\programdata\McAfee
2009-07-20 12:22 . 2006-07-11 18:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-15 14:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-03 23:53 . 2009-01-03 21:33 -------- d-----w- c:\program files\Common Files\Steam
2009-06-27 12:58 . 2009-06-27 12:55 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\DataCast
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\program files\MarkAny
2009-06-27 12:55 . 2008-12-23 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\program files\Samsung
2009-06-26 01:47 . 2009-06-26 01:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-26 01:46 . 2009-06-26 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-26 01:40 . 2009-04-05 21:45 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Lite
2009-06-26 01:39 . 2009-06-26 01:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-25 21:45 . 2009-06-25 21:45 -------- d-----w- c:\program files\Codemasters
2009-06-20 21:14 . 2009-02-11 12:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 15:03 . 2008-12-23 20:42 85600 ----a-w- c:\users\Paulo Machado\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 12:05 . 2008-12-24 11:12 1 ----a-w- c:\users\Paulo Machado\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 16:29 . 2009-05-21 16:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-03-19 20:12 . 2009-01-12 20:22 48 --sh--w- c:\windows\SBE112F39.tmp
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\blbdrive.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8416
Created time: 2009-07-27 19:54
Modified time: 2009-07-27 19:54
MD5: 61EE4F9B672CD1A9792B9B2C7630E98D
SHA1: ABE69AD0A7CEB9C9FE087CF3D991AB5A7C0A128B

--- c:\windows\system32\drivers\ipinip.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8416
Created time: 2009-07-27 19:54
Modified time: 2009-07-27 19:54
MD5: 61EE4F9B672CD1A9792B9B2C7630E98D
SHA1: ABE69AD0A7CEB9C9FE087CF3D991AB5A7C0A128B

((((((((((((((((((((((((((((( SnapShot@2009-08-05_18.24.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-23 21:09 . 2009-08-06 10:29 51624 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-06 10:29 99806 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-08-05 18:18 99806 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 20:43 . 2009-08-06 10:29 10476 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1130331581-1154666309-3599531796-1000_UserData.bin
+ 2008-12-23 21:01 . 2008-03-11 11:38 48128 c:\windows\System32\drivers\L1E60x86.sys
- 2008-09-23 16:15 . 2008-09-23 16:15 48128 c:\windows\System32\drivers\L1E60x86.sys
- 2006-11-02 13:02 . 2009-08-05 18:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-08-05 18:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-08-05 18:16 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-05 18:37 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-05 18:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-05 18:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-17 18:06 . 2009-08-05 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-17 18:06 . 2009-08-05 17:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-17 18:06 . 2009-08-05 17:48 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-17 18:06 . 2009-08-05 21:57 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-17 18:06 . 2009-08-05 17:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-17 18:06 . 2009-08-05 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-07-24 10:27 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-08-05 21:55 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-08-04 18:08 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-08-05 21:55 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:33 . 2009-08-06 11:10 649700 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-06 11:10 156726 c:\windows\System32\perfc009.dat
- 2009-06-06 15:26 . 2009-08-05 18:16 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-06 15:26 . 2009-08-05 18:37 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 10:25 . 2009-07-24 10:27 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-08-05 21:55 143360 c:\windows\inf\infstrng.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 81920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-03-25 14131200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Paulo Machado^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Paulo Machado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130331581-1154666309-3599531796-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{67A44428-8E3C-4E2F-8096-8A7FEFD888AF}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"UDP Query User{BB953416-7053-4397-ACA3-6848F4C66C5D}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"{E39BE721-5CDA-4037-949C-D8255BF12F55}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41F518AF-6619-475C-9571-7AE32D503553}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7E0F28FE-3BAA-482C-8717-E03CE31FEFAA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{345CB6E6-67E2-4D04-9620-74D5D486F9F3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8A60D238-6FC9-45F6-842E-762E1C4F25C3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{EE506C63-7222-4C03-9AA3-0CBC5C9AB3A2}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8B10CCD6-0E15-4DA6-9686-2ABEF2833063}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C959D744-95CC-4AAB-912D-019D22837FEB}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2FF38F3F-A204-4A70-8C4A-C05773FE5AE4}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B79FE053-1C6F-4452-9A91-1B621D7E859F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{F29318F3-57B0-40E5-B1C1-CDB4D879558D}"= UDP:c:\windows\explorer.exe:Explorer
"{3A8387B3-5E21-403A-B01E-377F3079396F}"= TCP:c:\windows\explorer.exe:Explorer
"{5DE32FDB-C968-4EB8-9CBE-7D14623AB039}"= UDP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4CD3435D-AAD7-41AD-A68D-E8525291A5CF}"= TCP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4AF792AE-81E1-4C2F-AD59-42204C3DA3FE}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{FFABDF6C-081F-4D75-BC00-92B40780A83B}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{04DC8800-C282-451F-9FEC-A701637483BF}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ABCEAE1D-9459-4DF6-92F6-5D6320D14CA8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CA3C2CB3-CB47-4D24-9CD7-21235544BA49}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F6369-FEB2-4911-B8EF-F86C2C2F045B}"= UDP:c:\windows\System32\wininit.exe:wininit
"{31BEE82B-623A-4FD6-810F-2BF4FC1FC226}"= TCP:c:\windows\System32\wininit.exe:wininit
"{A52613FC-8C13-4032-8F19-0D15642E47E9}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{47BA3F39-3B61-452F-A482-3C3A1C5E8D76}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{58F3643E-A491-4F8A-B1DE-90A9DB4DC485}"= UDP:c:\windows\System32\services.exe:services
"{3952E4EF-6AB9-42A1-B415-465D1B27B121}"= TCP:c:\windows\System32\services.exe:services
"{0BB51D01-E942-4411-9C21-2B6F40816568}"= UDP:c:\windows\System32\services.exe:services
"{40BB5D3C-C509-47B5-8E10-FAEA38C48533}"= TCP:c:\windows\System32\services.exe:services
"{46603B7B-3C9B-4923-8296-6112CBAEA290}"= UDP:c:\windows\System32\lsass.exe:lsass
"{8EEF70C8-D19C-41AA-829F-C171A939F596}"= TCP:c:\windows\System32\lsass.exe:lsass
"{FEEB1D79-EA81-4655-A2D8-1530C0CEAFE1}"= UDP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{8582C608-FE0E-42FE-BEB1-5BB16824FBEF}"= TCP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{964530BF-4818-4B67-BF13-DBEA850CEFEC}"= UDP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{2210A3C2-6B33-4685-B081-DCC8B7C9F35D}"= TCP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{7B3EDE70-0871-4EF1-B94A-AA1CC9F91439}"= UDP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{17AD1397-5975-494E-9355-94D789E7CA9A}"= TCP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{3214D0D9-C7CD-470D-A706-52431F048D2F}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{754847D7-B6E4-4351-84C7-3AEA97434079}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{36395B9A-C60C-48AB-B8C4-5726E6A9C719}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{064E850C-4682-465E-818F-D553E683E231}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{77F92F00-7B90-4623-B2E7-645727230791}"= UDP:c:\windows\explorer.exe:Explorer
"{F8063591-42AB-4143-8E5F-F2F0D6317663}"= TCP:c:\windows\explorer.exe:Explorer
"{A32F622D-25F0-477E-A5FF-B1B73CA84EA6}"= UDP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{E26E5B36-3E35-4C9B-98EC-F54F1A007E06}"= TCP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{BBBB5268-C05B-4BFE-BAEA-31536E76D7D8}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{5799FA8B-B384-483D-A66C-88C127FBAB20}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{C4606F59-A627-4BFB-98BA-731B30DB55F6}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{C97C069A-2F0D-4469-B5DF-1640115E54DD}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{A2A313F6-5C48-4345-98E0-69C0B217EF9F}"= UDP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{05A601D6-6206-4B59-A7ED-B6C219CEEA16}"= TCP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{64CCF949-895C-4D45-88FC-5F1A6F610B5F}"= UDP:c:\program files\BT Next Evolution\btnext.exe:BT Next Evolution
"{B40FFDC6-BA4E-413E-A9CE-4E13CE1A5762}"= TCP:c:\program files\BT Next Evolution\btnext.exe:BT Next Evolution
"{086310FB-61DE-46E4-B0E5-F3C0DF5CDBA4}"= UDP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{D3871CD2-FAD2-4813-9B4D-5E70B449FE72}"= TCP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{C9AC6928-D0E2-4433-AA9D-AD094396780F}"= UDP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{254BC55F-F37A-4FE0-938D-2C6D2DA77A7E}"= TCP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{E7D424AA-4FFD-473C-AE6A-13821DFBAC74}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{AC607783-0EEC-4710-A7C6-E5846050325F}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{19171C3B-E031-4834-A976-31A558B849EC}c:\\program files\\steam\\steamapps\\_ultima_\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\_ultima_\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F4C3C9D2-064F-4771-A8B9-3A4153BA796E}c:\\program files\\steam\\steamapps\\_ultima_\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\_ultima_\counter-strike\hl.exe:Half-Life Launcher

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [23-12-2008 22:01 48128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [23-12-2008 22:05 250880]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://ww.google.pt/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\DrWeb\drwebsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 12:15
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-08-06 12:18 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-08-06 11:18
ComboFix2.txt 2009-08-05 18:28

Pré-execução: 45.614.567.424 bytes livres
Pós execução: 45.455.855.616 bytes livres

288 --- E O F --- 2009-07-30 07:36

MalwareBytes Anti-Malware LOG

Malwarebytes' Anti-Malware 1.40
Versão do banco de dados: 2551
Windows 6.0.6001 Service Pack 1

09-08-2009 18:35:09
mbam-log-2009-08-09 (18-35-09).txt

Tipo de Verificação: Completa (C:\|E:\|)
Objetos verificados: 225471
Tempo decorrido: 30 minute(s), 54 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registo infectadas: 0
Valores do Registo infectados: 0
Ítens do Registo infectados: 0
Pastas infectadas: 0
Ficheiros infectados: 3

Processos da Memória infectados:
(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:
(Nenhum item malicioso foi detectado)

Valores do Registo infectados:
(Nenhum item malicioso foi detectado)

Ítens do Registo infectados:
(Nenhum item malicioso foi detectado)

Pastas infectadas:
(Nenhum item malicioso foi detectado)

Ficheiros infectados:
C:\Windows\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\Qoobox\Quarantine\C\Windows\System32\hjgruiqoecshck.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Windows\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.

#8 PropagandaPanda

Malware Response Team
10,433 posts
OFFLINE

Gender:Male
Local time:05:34 AM

Posted 10 August 2009 - 07:47 AM

Hello.

Please refer to this page on restoring the Internet Connection after ComboFix has run.

Run MBAM a second time and post the log.

Please post the contents of this file:
C:\Qoobox\Add-Remove Programs.txt

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#9 fpnc

Topic Starter

Members
14 posts
OFFLINE

Local time:10:34 AM

Posted 12 August 2009 - 04:38 PM

Malwarebytes' Anti-Malware 1.40
Versão do banco de dados: 2613
Windows 6.0.6001 Service Pack 1

12-08-2009 22:33:28
mbam-log-2009-08-12 (22-33-28).txt

Tipo de Verificação: Completa (C:\|E:\|)
Objetos verificados: 226635
Tempo decorrido: 35 minute(s), 28 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registo infectadas: 0
Valores do Registo infectados: 0
Ítens do Registo infectados: 0
Pastas infectadas: 0
Ficheiros infectados: 2

Processos da Memória infectados:
(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:
(Nenhum item malicioso foi detectado)

Valores do Registo infectados:
(Nenhum item malicioso foi detectado)

Ítens do Registo infectados:
(Nenhum item malicioso foi detectado)

Pastas infectadas:
(Nenhum item malicioso foi detectado)

Ficheiros infectados:
C:\Windows\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\Windows\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.

contents of C:\Qoobox\Add-Remove Programs.txt

AC3Filter (remove only)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1.2
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
ASUS VGA Driver
ATI AVIVO Codecs
ATI Catalyst Install Manager
AudioLabel
AVI2ISO 2.10.00 - RC1
AviSynth 2.5
BT Next Evolution
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Portuguese
ccc-core-static
ccc-utility
CCC Help Portuguese
Cinema Craft Encoder SP2
CloneDVD2
Compressor WinRAR
Condition Zero
ContentSAFER for Wizmax
ConvertXtoDVD 3.5.1.135
Counter-Strike
Counter-Strike: Condition Zero
dBpowerAMP Music Converter
DEVIL MAY CRY 4
Dungeon Siege 2
DVD-lab PRO 2.5
DVD Decrypter (Remove Only)
DVD Shrink 3.2
eMule
Farm Frenzy 3
Ferramenta de Carregamento do Windows Live
Foxit Reader
Free YouTube to Mp3 Converter version 3.1
Hamachi 1.0.3.0
Heroes of Might and Magic V
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java™ 6 Update 13
K-Lite Codec Pack 4.3.4 (Standard)
LightScribe 1.6.43.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
Microsoft .NET Framework 3.5 SP1
Microsoft LifeCam
Microsoft Office Professional Edition 2003
Microsoft Picture It! Express 7.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
Nero 7 Essentials
neroxml
Norton Internet Security
NVIDIA PhysX
OpenMG Limited Patch 4.6-06-09-04-01
OpenMG Secure Module 4.6.00
Overlord II
PaperPort Image Printer
PDF Manual NW-S600/S700F Series
PDF Settings
Platform
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem Software
ScanSoft PaperPort 11
Skins
SonicStage 4.1
Steam
SubSync
SubSync (C:\Program Files\SubSync\)
System Requirements Lab
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Gestor de Dispositivo de Plataforma
VLC media player 0.9.8a
VobSub v2.23 (Remove Only)
Windows Live Messenger
XviD MPEG-4 Video Codec rev.1.2.0.

#10 PropagandaPanda

Malware Response Team
10,433 posts
OFFLINE

Gender:Male
Local time:05:34 AM

Posted 12 August 2009 - 05:37 PM

Hello.

Please download a new copy of ComboFix, run it, and post back the resulting log.
Link 1, Link 2, Link 3

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#11 fpnc

Topic Starter

Members
14 posts
OFFLINE

Local time:10:34 AM

Posted 12 August 2009 - 06:44 PM

ComboFix 09-08-10.06 - Paulo Machado 13-08-2009 0:26.6.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2571 [GMT 1:00]
Executando de: c:\users\Paulo Machado\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 72 bytes in 1 streams.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-12 to 2009-08-12 ))))))))))))))))))))))))))))
.

2009-08-12 23:31 . 2009-08-12 23:31 -------- d-----w- c:\users\Paulo Machado\AppData\Local\temp
2009-08-12 23:31 . 2009-08-12 23:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-12 23:31 . 2009-08-12 23:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 15:36 . 2009-08-12 15:36 -------- d-----w- c:\programdata\Geek Squad
2009-08-06 12:52 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 12:52 . 2009-08-06 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 12:52 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 11:47 . 2009-08-06 11:47 -------- d-----w- c:\program files\Huawei technologies
2009-08-05 14:09 . 2009-08-05 16:01 -------- d-----w- c:\programdata\FarmFrenzy3
2009-08-05 14:08 . 2009-08-05 14:08 -------- d-----w- c:\program files\Alawar
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\ipinip.sys
2009-07-27 19:54 . 2009-07-27 19:54 8416 ----a-w- c:\windows\system32\drivers\blbdrive.sys
2009-07-24 10:29 . 2009-07-24 10:29 -------- d-----w- C:\00000082
2009-07-24 02:56 . 2009-07-24 02:56 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\Malwarebytes
2009-07-24 02:56 . 2009-07-24 02:56 -------- d-----w- c:\programdata\Malwarebytes
2009-07-24 02:34 . 2009-07-24 02:34 -------- d-----w- c:\windows\system32\EventProviders
2009-07-24 01:00 . 2009-07-24 02:00 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty
2009-07-24 00:35 . 2009-07-24 00:35 -------- d-----w- c:\users\Paulo Machado\AppData\Local\Symantec
2009-07-21 11:29 . 2009-07-21 11:30 -------- d-----w- c:\programdata\Symantec
2009-07-21 11:28 . 2009-07-24 10:27 -------- d-----w- c:\programdata\Norton
2009-07-21 11:27 . 2009-07-21 11:27 -------- d-----w- c:\programdata\NortonInstaller
2009-07-15 17:09 . 2009-07-21 11:00 -------- d-----w- c:\program files\BT Next Evolution
2009-07-15 09:46 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 09:46 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 09:46 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 09:46 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 21:39 . 2007-01-18 04:49 814824 ----a-w- c:\windows\system32\prfh0816.dat
2009-08-12 21:39 . 2007-01-18 04:49 281168 ----a-w- c:\windows\system32\prfc0816.dat
2009-08-12 19:35 . 2008-12-23 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 13:35 . 2009-01-03 21:33 -------- d-----w- c:\program files\Steam
2009-07-27 19:54 . 2008-12-28 15:33 8416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-27 17:50 . 2009-01-26 00:58 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\dvdcss
2009-07-24 10:14 . 2009-04-03 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-24 09:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-24 02:26 . 2009-06-25 19:28 -------- d-----w- c:\program files\Google
2009-07-21 21:52 . 2009-07-29 08:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 13:10 . 2008-12-26 22:09 -------- d-----w- c:\programdata\McAfee
2009-07-20 12:22 . 2006-07-11 18:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-15 14:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-03 23:53 . 2009-01-03 21:33 -------- d-----w- c:\program files\Common Files\Steam
2009-06-27 12:58 . 2009-06-27 12:55 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\DataCast
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\program files\MarkAny
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\program files\Samsung
2009-06-26 01:47 . 2009-06-26 01:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-26 01:46 . 2009-06-26 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-26 01:40 . 2009-04-05 21:45 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Lite
2009-06-25 21:45 . 2009-06-25 21:45 -------- d-----w- c:\program files\Codemasters
2009-06-20 21:14 . 2009-02-11 12:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 15:03 . 2008-12-23 20:42 85600 ----a-w- c:\users\Paulo Machado\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 12:05 . 2008-12-24 11:12 1 ----a-w- c:\users\Paulo Machado\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 16:29 . 2009-05-21 16:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-03-19 20:12 . 2009-01-12 20:22 48 --sh--w- c:\windows\SBE112F39.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-08-05_18.24.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-25 18:20 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll
+ 2008-12-25 18:20 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll
+ 2009-07-24 02:33 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\tsgqec.dll
+ 2008-12-25 18:22 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll
+ 2008-12-23 21:09 . 2009-08-12 21:36 52038 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 20:43 . 2009-08-12 21:36 10724 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1130331581-1154666309-3599531796-1000_UserData.bin
+ 2009-08-06 11:47 . 2007-07-05 15:58 23424 c:\windows\System32\DriverStore\FileRepository\ewdcsc.inf_5bf1fcc0\ewdcsc.sys
+ 2008-12-23 21:01 . 2008-03-11 11:38 48128 c:\windows\System32\drivers\L1E60x86.sys
- 2008-09-23 16:15 . 2008-09-23 16:15 48128 c:\windows\System32\drivers\L1E60x86.sys
+ 2008-12-25 18:19 . 2008-01-19 05:49 15872 c:\windows\System32\drivers\kbdhid.sys
- 2006-11-02 08:51 . 2006-11-02 08:51 15872 c:\windows\System32\drivers\kbdhid.sys
- 2006-11-02 13:02 . 2009-08-05 18:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-08-12 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-08-05 18:16 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-12 21:36 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-12 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-05 18:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-17 18:06 . 2009-08-05 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-17 18:06 . 2009-08-05 17:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-17 18:06 . 2009-08-05 17:48 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-17 18:06 . 2009-08-05 21:57 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-17 18:06 . 2009-08-05 21:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-17 18:06 . 2009-08-05 17:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-07-24 10:27 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-08-06 11:48 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-08-06 11:48 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-08-04 18:08 51200 c:\windows\inf\infpub.dat
+ 2008-12-26 23:33 . 2009-08-06 15:20 2566 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-08-10 18:29 . 2009-08-10 18:29 9560 c:\windows\System32\networklist\icons\{E346B770-1E80-430A-9F57-70DB11C30C9F}_48.bin
+ 2009-08-10 18:29 . 2009-08-10 18:29 4280 c:\windows\System32\networklist\icons\{E346B770-1E80-430A-9F57-70DB11C30C9F}_32.bin
+ 2009-08-10 18:29 . 2009-08-10 18:29 2456 c:\windows\System32\networklist\icons\{E346B770-1E80-430A-9F57-70DB11C30C9F}_24.bin
+ 2009-08-12 15:25 . 2009-08-12 15:25 9560 c:\windows\System32\networklist\icons\{9262AFB6-35DF-4F2E-BB45-548DF6C1121C}_48.bin
+ 2009-08-12 15:25 . 2009-08-12 15:25 4280 c:\windows\System32\networklist\icons\{9262AFB6-35DF-4F2E-BB45-548DF6C1121C}_32.bin
+ 2009-08-12 15:25 . 2009-08-12 15:25 2456 c:\windows\System32\networklist\icons\{9262AFB6-35DF-4F2E-BB45-548DF6C1121C}_24.bin
+ 2009-08-12 21:34 . 2009-08-12 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-12 21:34 . 2009-08-12 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-25 18:20 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll
+ 2008-12-25 18:20 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll
+ 2009-07-24 02:33 . 2009-04-11 06:28 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\aaclient.dll
+ 2008-12-25 18:22 . 2008-01-19 07:33 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll
+ 2006-11-02 13:05 . 2009-08-12 21:36 100080 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-08-12 21:39 750836 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-12 21:39 253638 c:\windows\System32\perfc009.dat
+ 2009-08-06 11:47 . 2007-07-05 15:58 101376 c:\windows\System32\DriverStore\FileRepository\ewser2k.inf_19746981\ewusbmdm.sys
+ 2009-08-06 11:47 . 2007-07-05 15:58 101376 c:\windows\System32\DriverStore\FileRepository\ewmdm2k.inf_a352e3ee\ewusbmdm.sys
+ 2009-06-06 15:26 . 2009-08-12 21:36 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-06 15:26 . 2009-08-05 18:16 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 10:25 . 2009-08-06 11:48 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-24 10:27 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:22 . 2009-08-12 20:40 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-07-31 00:57 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-05-30 10:02 . 2009-08-12 20:30 150615210 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-03-25 14131200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Paulo Machado^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Paulo Machado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130331581-1154666309-3599531796-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{67A44428-8E3C-4E2F-8096-8A7FEFD888AF}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"UDP Query User{BB953416-7053-4397-ACA3-6848F4C66C5D}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"{E39BE721-5CDA-4037-949C-D8255BF12F55}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41F518AF-6619-475C-9571-7AE32D503553}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7E0F28FE-3BAA-482C-8717-E03CE31FEFAA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{345CB6E6-67E2-4D04-9620-74D5D486F9F3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8A60D238-6FC9-45F6-842E-762E1C4F25C3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{EE506C63-7222-4C03-9AA3-0CBC5C9AB3A2}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8B10CCD6-0E15-4DA6-9686-2ABEF2833063}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C959D744-95CC-4AAB-912D-019D22837FEB}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2FF38F3F-A204-4A70-8C4A-C05773FE5AE4}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B79FE053-1C6F-4452-9A91-1B621D7E859F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{F29318F3-57B0-40E5-B1C1-CDB4D879558D}"= UDP:c:\windows\explorer.exe:Explorer
"{3A8387B3-5E21-403A-B01E-377F3079396F}"= TCP:c:\windows\explorer.exe:Explorer
"{5DE32FDB-C968-4EB8-9CBE-7D14623AB039}"= UDP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4CD3435D-AAD7-41AD-A68D-E8525291A5CF}"= TCP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4AF792AE-81E1-4C2F-AD59-42204C3DA3FE}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{FFABDF6C-081F-4D75-BC00-92B40780A83B}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{04DC8800-C282-451F-9FEC-A701637483BF}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ABCEAE1D-9459-4DF6-92F6-5D6320D14CA8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CA3C2CB3-CB47-4D24-9CD7-21235544BA49}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F6369-FEB2-4911-B8EF-F86C2C2F045B}"= UDP:c:\windows\System32\wininit.exe:wininit
"{31BEE82B-623A-4FD6-810F-2BF4FC1FC226}"= TCP:c:\windows\System32\wininit.exe:wininit
"{A52613FC-8C13-4032-8F19-0D15642E47E9}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{47BA3F39-3B61-452F-A482-3C3A1C5E8D76}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{58F3643E-A491-4F8A-B1DE-90A9DB4DC485}"= UDP:c:\windows\System32\services.exe:services
"{3952E4EF-6AB9-42A1-B415-465D1B27B121}"= TCP:c:\windows\System32\services.exe:services
"{0BB51D01-E942-4411-9C21-2B6F40816568}"= UDP:c:\windows\System32\services.exe:services
"{40BB5D3C-C509-47B5-8E10-FAEA38C48533}"= TCP:c:\windows\System32\services.exe:services
"{46603B7B-3C9B-4923-8296-6112CBAEA290}"= UDP:c:\windows\System32\lsass.exe:lsass
"{8EEF70C8-D19C-41AA-829F-C171A939F596}"= TCP:c:\windows\System32\lsass.exe:lsass
"{FEEB1D79-EA81-4655-A2D8-1530C0CEAFE1}"= UDP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{8582C608-FE0E-42FE-BEB1-5BB16824FBEF}"= TCP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{964530BF-4818-4B67-BF13-DBEA850CEFEC}"= UDP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{2210A3C2-6B33-4685-B081-DCC8B7C9F35D}"= TCP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{7B3EDE70-0871-4EF1-B94A-AA1CC9F91439}"= UDP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{17AD1397-5975-494E-9355-94D789E7CA9A}"= TCP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{3214D0D9-C7CD-470D-A706-52431F048D2F}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{754847D7-B6E4-4351-84C7-3AEA97434079}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{36395B9A-C60C-48AB-B8C4-5726E6A9C719}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{064E850C-4682-465E-818F-D553E683E231}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{77F92F00-7B90-4623-B2E7-645727230791}"= UDP:c:\windows\explorer.exe:Explorer
"{F8063591-42AB-4143-8E5F-F2F0D6317663}"= TCP:c:\windows\explorer.exe:Explorer
"{A32F622D-25F0-477E-A5FF-B1B73CA84EA6}"= UDP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{E26E5B36-3E35-4C9B-98EC-F54F1A007E06}"= TCP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{BBBB5268-C05B-4BFE-BAEA-31536E76D7D8}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{5799FA8B-B384-483D-A66C-88C127FBAB20}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{C4606F59-A627-4BFB-98BA-731B30DB55F6}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{C97C069A-2F0D-4469-B5DF-1640115E54DD}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{A2A313F6-5C48-4345-98E0-69C0B217EF9F}"= UDP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{05A601D6-6206-4B59-A7ED-B6C219CEEA16}"= TCP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{64CCF949-895C-4D45-88FC-5F1A6F610B5F}"= UDP:c:\program files\BT Next Evolution\btnext.exe:BT Next Evolution
"{B40FFDC6-BA4E-413E-A9CE-4E13CE1A5762}"= TCP:c:\program files\BT Next Evolution\btnext.exe:BT Next Evolution
"{086310FB-61DE-46E4-B0E5-F3C0DF5CDBA4}"= UDP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{D3871CD2-FAD2-4813-9B4D-5E70B449FE72}"= TCP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{C9AC6928-D0E2-4433-AA9D-AD094396780F}"= UDP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{254BC55F-F37A-4FE0-938D-2C6D2DA77A7E}"= TCP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{E7D424AA-4FFD-473C-AE6A-13821DFBAC74}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{AC607783-0EEC-4710-A7C6-E5846050325F}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{19171C3B-E031-4834-A976-31A558B849EC}c:\\program files\\steam\\steamapps\\_ultima_\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\_ultima_\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F4C3C9D2-064F-4771-A8B9-3A4153BA796E}c:\\program files\\steam\\steamapps\\_ultima_\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\_ultima_\counter-strike\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [23-12-2008 22:01 48128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [23-12-2008 22:05 250880]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-Locked - (no file)
HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.pt/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 00:31
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2009-08-12 0:33
ComboFix-quarantined-files.txt 2009-08-12 23:32
ComboFix2.txt 2009-08-06 11:18
ComboFix3.txt 2009-08-05 18:28

Pré-execução: 35.852.976.128 bytes livres
Pós execução: 35.650.551.808 bytes livres

267 --- E O F --- 2009-07-30 07:36

#12 PropagandaPanda

Malware Response Team
10,433 posts
OFFLINE

Gender:Male
Local time:05:34 AM

Posted 13 August 2009 - 08:06 AM

Hello.

Run ComboFix with CFScript
We will run ComboFix again with a script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
```
http://www.bleepingcomputer.com/forums/t/244060/virus-cant-even-activate-vista/

Collect::[59]
C:\Windows\system32\drivers\mrxdavv.sys
C:\Windows\system32\kwave.sys
```
Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

Refering to the picture above, drag CFScript into ComboFix.exe.

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#13 fpnc

Topic Starter

Members
14 posts
OFFLINE

Local time:10:34 AM

Posted 13 August 2009 - 05:29 PM

Hello

COMBOFIXLOG

ComboFix 09-08-10.06 - Paulo Machado 13-08-2009 22:44.7.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2655 [GMT 1:00]
Executando de: c:\users\Paulo Machado\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Paulo Machado\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))
.

2009-08-13 21:48 . 2009-08-13 21:48 -------- d-----w- c:\users\Paulo Machado\AppData\Local\temp
2009-08-13 21:48 . 2009-08-13 21:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-13 21:48 . 2009-08-13 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 20:30 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 20:30 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 20:30 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 20:30 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 20:30 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 20:30 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 20:30 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 20:30 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 15:36 . 2009-08-12 15:36 -------- d-----w- c:\programdata\Geek Squad
2009-08-06 12:52 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 12:52 . 2009-08-06 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 12:52 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 11:47 . 2009-08-06 11:47 -------- d-----w- c:\program files\Huawei technologies
2009-08-05 14:09 . 2009-08-05 16:01 -------- d-----w- c:\programdata\FarmFrenzy3
2009-08-05 14:08 . 2009-08-05 14:08 -------- d-----w- c:\program files\Alawar
2009-07-24 10:29 . 2009-07-24 10:29 -------- d-----w- C:\00000082
2009-07-24 02:56 . 2009-07-24 02:56 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\Malwarebytes
2009-07-24 02:56 . 2009-07-24 02:56 -------- d-----w- c:\programdata\Malwarebytes
2009-07-24 02:34 . 2009-07-24 02:34 -------- d-----w- c:\windows\system32\EventProviders
2009-07-24 01:00 . 2009-07-24 02:00 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty
2009-07-24 00:35 . 2009-07-24 00:35 -------- d-----w- c:\users\Paulo Machado\AppData\Local\Symantec
2009-07-21 11:29 . 2009-07-21 11:30 -------- d-----w- c:\programdata\Symantec
2009-07-21 11:28 . 2009-07-24 10:27 -------- d-----w- c:\programdata\Norton
2009-07-21 11:27 . 2009-07-21 11:27 -------- d-----w- c:\programdata\NortonInstaller
2009-07-15 17:09 . 2009-07-21 11:00 -------- d-----w- c:\program files\BT Next Evolution
2009-07-15 09:46 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 09:46 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 09:46 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 09:46 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 19:35 . 2009-04-14 21:29 -------- d-----w- c:\programdata\DVD Shrink
2009-08-13 19:22 . 2007-01-18 04:49 828864 ----a-w- c:\windows\system32\prfh0816.dat
2009-08-13 19:22 . 2007-01-18 04:49 294632 ----a-w- c:\windows\system32\prfc0816.dat
2009-08-13 02:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-13 01:14 . 2009-01-03 21:33 -------- d-----w- c:\program files\Steam
2009-08-12 19:35 . 2008-12-23 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 17:50 . 2009-01-26 00:58 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\dvdcss
2009-07-24 10:14 . 2009-04-03 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-24 09:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-24 02:26 . 2009-06-25 19:28 -------- d-----w- c:\program files\Google
2009-07-21 21:52 . 2009-07-29 08:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 13:10 . 2008-12-26 22:09 -------- d-----w- c:\programdata\McAfee
2009-07-20 12:22 . 2006-07-11 18:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-03 23:53 . 2009-01-03 21:33 -------- d-----w- c:\program files\Common Files\Steam
2009-06-27 12:58 . 2009-06-27 12:55 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\DataCast
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\program files\MarkAny
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\program files\Samsung
2009-06-26 01:47 . 2009-06-26 01:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-26 01:46 . 2009-06-26 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-26 01:40 . 2009-04-05 21:45 -------- d-----w- c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Lite
2009-06-25 21:45 . 2009-06-25 21:45 -------- d-----w- c:\program files\Codemasters
2009-06-20 21:14 . 2009-02-11 12:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 15:03 . 2008-12-23 20:42 85600 ----a-w- c:\users\Paulo Machado\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 12:05 . 2008-12-24 11:12 1 ----a-w- c:\users\Paulo Machado\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 16:29 . 2009-05-21 16:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-03-19 20:12 . 2009-01-12 20:22 48 --sh--w- c:\windows\SBE112F39.tmp
.

((((((((((((((((((((((((((((( SnapShot_2009-08-12_23.31.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-12 20:30 . 2009-06-10 11:44 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvidc32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:44 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msrle32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:44 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\mciavi32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:42 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avifil32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:42 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avicap32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avifil32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:58 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvidc32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:57 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msrle32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:56 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\mciavi32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:52 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avifil32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:52 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avicap32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:07 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avifil32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:03 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvidc32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:03 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msrle32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:00 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\mciavi32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:57 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avifil32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:57 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avicap32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:10 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvidc32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:09 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msrle32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:07 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\mciavi32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:04 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avifil32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:04 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avicap32.dll
+ 2009-08-12 20:30 . 2009-06-04 10:52 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\tsgqec.dll
+ 2009-08-12 20:30 . 2009-06-04 12:35 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\tsgqec.dll
+ 2009-08-12 20:30 . 2009-06-04 12:34 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\tsgqec.dll
+ 2009-08-12 20:30 . 2009-06-04 12:47 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\tsgqec.dll
+ 2009-08-12 20:30 . 2009-07-17 14:15 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\atl.dll
+ 2009-08-12 20:30 . 2009-07-17 13:54 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\atl.dll
+ 2009-08-12 20:30 . 2009-07-17 14:24 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\atl.dll
+ 2009-08-12 20:30 . 2009-07-17 14:35 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\atl.dll
+ 2009-08-12 20:30 . 2009-07-17 14:39 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\atl.dll
+ 2009-08-12 20:30 . 2009-07-17 14:52 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\atl.dll
+ 2008-12-23 21:09 . 2009-08-13 19:16 52354 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-23 20:43 . 2009-08-13 19:16 10866 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1130331581-1154666309-3599531796-1000_UserData.bin
+ 2006-11-02 13:02 . 2009-08-13 21:41 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-08-12 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-08-13 21:41 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-12 21:36 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-12 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-13 21:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-01 12:17 . 2009-07-15 14:29 23040 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 23040 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 61440 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 61440 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 27136 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 27136 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 11264 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 11264 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 86016 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 86016 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 12288 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 12288 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-12 20:30 . 2009-07-15 12:46 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll
+ 2009-08-12 20:30 . 2009-07-15 12:46 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll
+ 2009-08-12 20:30 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll
+ 2009-08-12 20:30 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll
+ 2009-08-12 20:30 . 2009-07-15 14:51 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll
+ 2009-08-12 20:30 . 2009-07-15 14:51 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll
+ 2009-08-12 20:30 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll
+ 2009-08-12 20:30 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll
+ 2009-08-12 20:30 . 2009-07-15 14:42 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll
+ 2009-08-12 20:30 . 2009-07-15 14:43 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll
+ 2009-08-12 20:30 . 2009-07-14 13:00 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll
+ 2009-08-12 20:30 . 2009-07-14 13:01 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll
+ 2009-08-13 19:14 . 2009-08-13 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-12 21:34 . 2009-08-12 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-13 19:14 . 2009-08-13 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-12 21:34 . 2009-08-12 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-01 12:17 . 2009-07-15 14:29 4096 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 4096 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-12 20:30 . 2009-06-10 11:46 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c\wkssvc.dll
+ 2009-08-12 20:30 . 2009-06-10 11:42 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0\wkssvc.dll
+ 2009-08-12 20:30 . 2009-06-10 12:00 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8\wkssvc.dll
+ 2009-08-12 20:30 . 2009-06-10 12:12 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\wkssvc.dll
+ 2009-08-12 20:30 . 2009-06-10 12:06 158208 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436\wkssvc.dll
+ 2009-08-12 20:30 . 2009-06-10 12:16 156160 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f\wkssvc.dll
+ 2009-08-12 20:30 . 2009-06-10 11:44 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvfw32.dll
+ 2009-08-12 20:30 . 2009-06-10 11:58 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvfw32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:03 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvfw32.dll
+ 2009-08-12 20:30 . 2009-06-10 12:10 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvfw32.dll
+ 2009-08-12 20:30 . 2009-06-04 12:54 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\aaclient.dll
+ 2009-08-12 20:30 . 2009-06-04 12:29 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\aaclient.dll
+ 2009-08-12 20:30 . 2009-06-04 12:25 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\aaclient.dll
+ 2009-08-12 20:30 . 2009-06-04 12:36 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\aaclient.dll
+ 2009-08-12 20:30 . 2009-07-15 12:46 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll
+ 2009-08-12 20:30 . 2009-07-15 12:39 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll
+ 2009-08-12 20:30 . 2009-07-15 14:52 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll
+ 2009-08-12 20:30 . 2009-07-14 13:00 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll
+ 2009-08-12 20:30 . 2009-07-15 14:44 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll
+ 2009-08-12 20:30 . 2009-07-14 13:02 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll
+ 2009-08-12 20:30 . 2009-07-15 12:45 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe
+ 2009-08-12 20:30 . 2009-07-15 12:46 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe
+ 2009-08-12 20:30 . 2009-07-15 12:46 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe
+ 2009-08-12 20:30 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe
+ 2009-08-12 20:30 . 2009-07-15 12:39 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe
+ 2009-08-12 20:30 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe
+ 2009-08-12 20:30 . 2009-07-15 13:05 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe
+ 2009-08-12 20:30 . 2009-07-15 13:06 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe
+ 2009-08-12 20:30 . 2009-07-15 13:06 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe
+ 2009-08-12 20:30 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe
+ 2009-08-12 20:30 . 2009-07-14 10:59 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe
+ 2009-08-12 20:30 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe
+ 2009-08-12 20:30 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe
+ 2009-08-12 20:30 . 2009-07-15 12:53 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe
+ 2009-08-12 20:30 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe
+ 2009-08-12 20:30 . 2009-07-14 11:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe
+ 2009-08-12 20:30 . 2009-07-14 11:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe
+ 2009-08-12 20:30 . 2009-07-14 11:11 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe
+ 2006-11-02 13:05 . 2009-08-13 19:16 100096 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-08-13 19:22 764876 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-13 19:22 267102 c:\windows\System32\perfc009.dat
- 2009-06-06 15:26 . 2009-08-12 21:36 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-06 15:26 . 2009-08-13 20:54 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-01 12:17 . 2009-08-13 02:02 409600 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 409600 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 286720 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 286720 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 249856 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 249856 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 794624 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 794624 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 135168 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 135168 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-06-01 12:17 . 2009-08-13 02:02 593920 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-06-01 12:17 . 2009-07-15 14:29 593920 c:\windows\Installer\{90110816-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\6180110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-08-12 20:30 . 2009-06-04 12:56 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\mstscax.dll
+ 2009-08-12 20:30 . 2009-06-04 12:07 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\mstscax.dll
+ 2009-08-12 20:30 . 2009-06-04 12:33 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\mstscax.dll
+ 2009-08-12 20:30 . 2009-06-04 12:34 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\mstscax.dll
+ 2009-08-12 20:30 . 2009-06-04 12:31 1874432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\mstscax.dll
+ 2009-08-12 20:30 . 2009-06-04 12:43 1871872 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\mstscax.dll
+ 2009-08-12 20:30 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22179_none_f4b581af81eee730\OESpamFilter.dat
+ 2009-08-12 20:30 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18070_none_f422e24a68d96357\OESpamFilter.dat
+ 2009-08-12 20:30 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22474_none_f2ca0e5584cd1359\OESpamFilter.dat
+ 2009-08-12 20:30 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18293_none_f229cf826bc094f3\OESpamFilter.dat
+ 2009-08-12 20:30 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21088_none_f0dcd72787ab39d0\OESpamFilter.dat
+ 2009-08-12 20:30 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16889_none_f05462846e8c801b\OESpamFilter.dat
+ 2009-08-12 20:30 . 2009-07-15 12:47 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL
+ 2009-08-12 20:30 . 2009-07-15 12:40 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL
+ 2009-08-12 20:30 . 2009-07-15 13:07 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL
+ 2009-08-12 20:30 . 2009-07-14 10:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL
+ 2009-08-12 20:30 . 2009-07-15 12:53 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL
+ 2009-08-12 20:30 . 2009-07-14 11:11 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL
- 2006-11-02 10:22 . 2009-08-12 20:40 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-08-13 03:02 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:47 . 2009-08-13 02:09 2683032 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2006-11-02 12:47 . 2009-07-24 02:15 2683032 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-08-05 01:11 . 2009-08-05 01:11 5518848 c:\windows\Installer\f4f846.msp
+ 2009-07-01 12:21 . 2009-07-01 12:21 8891904 c:\windows\Installer\f4f82f.msp
+ 2007-05-10 12:45 . 2007-05-10 12:45 8069464 c:\windows\Installer\$PatchCache$\Managed\6180110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 12:10 . 2007-03-14 12:10 7255384 c:\windows\Installer\$PatchCache$\Managed\6180110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2009-08-12 20:30 . 2009-07-15 14:36 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll
+ 2009-08-12 20:30 . 2009-07-15 14:30 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll
+ 2009-08-12 20:30 . 2009-07-15 14:52 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll
+ 2009-08-12 20:30 . 2009-07-14 13:00 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll
+ 2009-08-12 20:30 . 2009-07-15 14:44 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll
+ 2009-08-12 20:30 . 2009-07-14 13:02 10621952 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll
+ 2009-08-12 20:30 . 2009-07-14 13:00 10626048 c:\windows\System32\wmp.dll
+ 2009-04-16 10:44 . 2009-07-30 00:49 24281536 c:\windows\System32\MRT.exe
+ 2009-07-01 12:19 . 2009-07-01 12:19 10607104 c:\windows\Installer\f4f830.msp
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-03-25 14131200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Paulo Machado^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Paulo Machado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130331581-1154666309-3599531796-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{67A44428-8E3C-4E2F-8096-8A7FEFD888AF}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"UDP Query User{BB953416-7053-4397-ACA3-6848F4C66C5D}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"{E39BE721-5CDA-4037-949C-D8255BF12F55}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41F518AF-6619-475C-9571-7AE32D503553}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7E0F28FE-3BAA-482C-8717-E03CE31FEFAA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{345CB6E6-67E2-4D04-9620-74D5D486F9F3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8A60D238-6FC9-45F6-842E-762E1C4F25C3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{EE506C63-7222-4C03-9AA3-0CBC5C9AB3A2}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8B10CCD6-0E15-4DA6-9686-2ABEF2833063}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C959D744-95CC-4AAB-912D-019D22837FEB}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2FF38F3F-A204-4A70-8C4A-C05773FE5AE4}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B79FE053-1C6F-4452-9A91-1B621D7E859F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{F29318F3-57B0-40E5-B1C1-CDB4D879558D}"= UDP:c:\windows\explorer.exe:Explorer
"{3A8387B3-5E21-403A-B01E-377F3079396F}"= TCP:c:\windows\explorer.exe:Explorer
"{5DE32FDB-C968-4EB8-9CBE-7D14623AB039}"= UDP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4CD3435D-AAD7-41AD-A68D-E8525291A5CF}"= TCP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4AF792AE-81E1-4C2F-AD59-42204C3DA3FE}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{FFABDF6C-081F-4D75-BC00-92B40780A83B}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{04DC8800-C282-451F-9FEC-A701637483BF}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ABCEAE1D-9459-4DF6-92F6-5D6320D14CA8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CA3C2CB3-CB47-4D24-9CD7-21235544BA49}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F6369-FEB2-4911-B8EF-F86C2C2F045B}"= UDP:c:\windows\System32\wininit.exe:wininit
"{31BEE82B-623A-4FD6-810F-2BF4FC1FC226}"= TCP:c:\windows\System32\wininit.exe:wininit
"{A52613FC-8C13-4032-8F19-0D15642E47E9}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{47BA3F39-3B61-452F-A482-3C3A1C5E8D76}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{58F3643E-A491-4F8A-B1DE-90A9DB4DC485}"= UDP:c:\windows\System32\services.exe:services
"{3952E4EF-6AB9-42A1-B415-465D1B27B121}"= TCP:c:\windows\System32\services.exe:services
"{0BB51D01-E942-4411-9C21-2B6F40816568}"= UDP:c:\windows\System32\services.exe:services
"{40BB5D3C-C509-47B5-8E10-FAEA38C48533}"= TCP:c:\windows\System32\services.exe:services
"{46603B7B-3C9B-4923-8296-6112CBAEA290}"= UDP:c:\windows\System32\lsass.exe:lsass
"{8EEF70C8-D19C-41AA-829F-C171A939F596}"= TCP:c:\windows\System32\lsass.exe:lsass
"{FEEB1D79-EA81-4655-A2D8-1530C0CEAFE1}"= UDP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{8582C608-FE0E-42FE-BEB1-5BB16824FBEF}"= TCP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{964530BF-4818-4B67-BF13-DBEA850CEFEC}"= UDP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{2210A3C2-6B33-4685-B081-DCC8B7C9F35D}"= TCP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{7B3EDE70-0871-4EF1-B94A-AA1CC9F91439}"= UDP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{17AD1397-5975-494E-9355-94D789E7CA9A}"= TCP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{3214D0D9-C7CD-470D-A706-52431F048D2F}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{754847D7-B6E4-4351-84C7-3AEA97434079}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{36395B9A-C60C-48AB-B8C4-5726E6A9C719}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{064E850C-4682-465E-818F-D553E683E231}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{77F92F00-7B90-4623-B2E7-645727230791}"= UDP:c:\windows\explorer.exe:Explorer
"{F8063591-42AB-4143-8E5F-F2F0D6317663}"= TCP:c:\windows\explorer.exe:Explorer
"{A32F622D-25F0-477E-A5FF-B1B73CA84EA6}"= UDP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{E26E5B36-3E35-4C9B-98EC-F54F1A007E06}"= TCP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{BBBB5268-C05B-4BFE-BAEA-31536E76D7D8}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{5799FA8B-B384-483D-A66C-88C127FBAB20}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{C4606F59-A627-4BFB-98BA-731B30DB55F6}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{C97C069A-2F0D-4469-B5DF-1640115E54DD}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{A2A313F6-5C48-4345-98E0-69C0B217EF9F}"= UDP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{05A601D6-6206-4B59-A7ED-B6C219CEEA16}"= TCP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{64CCF949-895C-4D45-88FC-5F1A6F610B5F}"= UDP:c:\program files\BT Next Evolution\btnext.exe:BT Next Evolution
"{B40FFDC6-BA4E-413E-A9CE-4E13CE1A5762}"= TCP:c:\program files\BT Next Evolution\btnext.exe:BT Next Evolution
"{086310FB-61DE-46E4-B0E5-F3C0DF5CDBA4}"= UDP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{D3871CD2-FAD2-4813-9B4D-5E70B449FE72}"= TCP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{C9AC6928-D0E2-4433-AA9D-AD094396780F}"= UDP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{254BC55F-F37A-4FE0-938D-2C6D2DA77A7E}"= TCP:c:\program files\Codemasters\Overlord II\Overlord2.exe:Overlord II
"{E7D424AA-4FFD-473C-AE6A-13821DFBAC74}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{AC607783-0EEC-4710-A7C6-E5846050325F}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{19171C3B-E031-4834-A976-31A558B849EC}c:\\program files\\steam\\steamapps\\_ultima_\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\_ultima_\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F4C3C9D2-064F-4771-A8B9-3A4153BA796E}c:\\program files\\steam\\steamapps\\_ultima_\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\_ultima_\counter-strike\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [23-12-2008 22:01 48128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [23-12-2008 22:05 250880]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.pt/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 22:48
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2009-08-13 22:49
ComboFix-quarantined-files.txt 2009-08-13 21:49
ComboFix2.txt 2009-08-12 23:33
ComboFix3.txt 2009-08-06 11:18
ComboFix4.txt 2009-08-05 18:28

Pré-execução: 36.967.444.480 bytes livres
Pós execução: 37.008.334.848 bytes livres

372 --- E O F --- 2009-08-13 02:02

MBAM LOG

Malwarebytes' Anti-Malware 1.40
Versão do banco de dados: 2617
Windows 6.0.6001 Service Pack 1

13-08-2009 23:28:31
mbam-log-2009-08-13 (23-28-31).txt

Tipo de Verificação: Completa (C:\|E:\|)
Objetos verificados: 224159
Tempo decorrido: 32 minute(s), 48 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registo infectadas: 0
Valores do Registo infectados: 0
Ítens do Registo infectados: 0
Pastas infectadas: 0
Ficheiros infectados: 0

Processos da Memória infectados:
(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:
(Nenhum item malicioso foi detectado)

Valores do Registo infectados:
(Nenhum item malicioso foi detectado)

Ítens do Registo infectados:
(Nenhum item malicioso foi detectado)

Pastas infectadas:
(Nenhum item malicioso foi detectado)

Ficheiros infectados:
(Nenhum item malicioso foi detectado)

Edited by fpnc, 13 August 2009 - 05:31 PM.

#14 PropagandaPanda

Malware Response Team
10,433 posts
OFFLINE

Gender:Male
Local time:05:34 AM

Posted 13 August 2009 - 06:08 PM

Looks like that was taken care of.

Update Java to Version 6 Update 16
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer here. Choose "Windows".

Delete the installer after use.

Run ESET Online Scan

Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
Please go to ESET OnlineScan (NOD32)
You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
Click Start. The online scanner will now prepare itself for running on your pc.
To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
Click Start, then Run.... The the box that appears type with the quotes:
"C:\Program Files\EsetOnlineScanner\log.txt"
The scan results will now open in Notepad
Click into the text area, right-click and chose select all. Right-click again and chose Copy.
Post back with the log.txt in your next reply.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Please take a new DDS.txt log after. Any issues at the moment?

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

#15 PropagandaPanda

Malware Response Team
10,433 posts
OFFLINE

Gender:Male
Local time:05:34 AM

Posted 20 August 2009 - 12:27 PM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda

If I have been helping you (including trainees) and do not reply within 48 hours, please send me a message.

Back to Virus, Trojan, Spyware, and Malware Removal Help