Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hey Virus...


  • Please log in to reply
6 replies to this topic

#1 peachbacano

peachbacano

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 30 June 2010 - 10:44 AM

Hey everyone...

I think I'm infected with the Hey_you Virus. Maybe i got it by messenger or something!!

May mail keep sending mails for people that i dont know... and then i receive a lot of delivery status notification (failure) in my email box...

I run HiJackthis...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:31:38, on 30-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Exterminate It!\ExterminateIt.exe
C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filipe Duarte\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://radiobar.toolbarhome.com?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.med.up.pt:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219757428671
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: toolbarchrome - {718733BC-AD64-4E5F-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 9760 bytes

Can you help please to remove this virus...
My computer is getting slow and i think its by the same problem...
Thanks!!

Filipe

Edited by boopme, 30 June 2010 - 11:57 AM.


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:50 PM

Posted 04 July 2010 - 07:22 AM

Hello Filipe,

Advise me if you ran a full scan with NOD32 antivirus and what it found or removed.
Advise me if you yourself selected & specified the proxy server for internet access.

Start with the following so we can have some additional reports & logs.
Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

Step 4
Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Step 5
Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.
Step 6
Reply with copy of OTL.txt
Extras.txt
Checkup.txt
GMER log

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 peachbacano

peachbacano
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 06 July 2010 - 03:43 PM

Hello...

Thanks for the answer and the help...

First I have to tell you that I ran a few times my antivirus but I cant remember what i removed... In fact I had this problem since a couple of months...
The proxy I have is in firefox and it was me who selected thart proxy

Now the logs you ask for...

==OTL==
OTL logfile created on: 05-07-2010 18:54:36 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Filipe Duarte\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1.023,00 Mb Total Physical Memory | 409,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 1,79 Gb Free Space | 3,20% Space Free | Partition Type: FAT32
Drive D: | 37,25 Gb Total Space | 20,97 Gb Free Space | 56,31% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEACH
Current User Name: Filipe Duarte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-07-05 18:53:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Filipe Duarte\My Documents\Downloads\OTL.exe
PRC - [2010-06-17 01:39:40 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009-09-18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009-03-19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2009-02-06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008-04-14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-01 00:50:24 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2008-03-01 00:50:24 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2007-08-03 12:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007-08-03 12:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006-08-23 07:22:14 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006-08-10 07:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006-08-02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006-08-02 00:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006-08-02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006-08-02 00:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006-08-02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006-06-08 20:33:02 | 000,053,248 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\Asus\ATK Media\DMedia.exe
PRC - [2006-03-10 00:41:42 | 000,131,072 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2005-11-29 03:51:04 | 000,099,872 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
PRC - [2004-09-29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010-07-05 18:53:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Filipe Duarte\My Documents\Downloads\OTL.exe
MOD - [2008-04-14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009-09-18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008-03-01 00:50:24 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2006-08-02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006-08-02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006-08-02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005-11-29 03:51:04 | 000,099,872 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE -- (PersonalSecureDriveService)
SRV - [2004-09-29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - [2009-07-23 12:57:22 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009-07-23 12:57:22 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009-07-23 12:57:22 | 000,100,480 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008-04-13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-04-13 17:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-01 01:02:36 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-03-01 00:50:24 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2008-03-01 00:50:24 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2006-08-08 23:15:14 | 001,116,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)
DRV - [2006-08-08 23:15:14 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)
DRV - [2006-08-06 22:13:50 | 000,980,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006-08-02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006-07-26 10:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Controlador da placa Intel®
DRV - [2006-07-24 01:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-07-20 05:58:00 | 003,685,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-05-25 04:40:58 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006-01-24 10:45:56 | 000,034,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)
DRV - [2005-11-29 03:50:58 | 000,036,768 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005-11-16 01:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005-11-01 17:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005-10-20 20:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005-02-17 08:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2001-08-17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://radiobar.toolbarhome.com?hp=df
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.med.up.pt:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:\\\\www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.backup.ftp: "proxy.med.up.pt"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.med.up.pt"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.med.up.pt"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.med.up.pt"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.med.up.pt"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.med.up.pt"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.med.up.pt"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.med.up.pt"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.med.up.pt"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-03-01 01:00:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-03-01 01:00:56 | 000,000,000 | ---D | M]

[2009-02-15 21:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\mozilla\Extensions
[2008-03-01 01:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\mozilla\Firefox\Profiles\doqtxroc.default\extensions
[2009-08-03 17:08:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Filipe Duarte\Application Data\mozilla\Firefox\Profiles\doqtxroc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-03-07 22:50:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Filipe Duarte\Application Data\mozilla\Firefox\Profiles\doqtxroc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008-03-01 01:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-05-17 23:40:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-12 17:29:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-04-05 22:40:34 | 000,001,525 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-04-05 22:40:34 | 000,001,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\priberam.xml
[2010-04-05 22:40:34 | 000,002,071 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\sapo.xml
[2010-04-05 22:40:34 | 000,000,942 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ptpt.xml
[2010-04-05 22:40:34 | 000,000,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2006-03-16 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O4 - HKLM..\Run: [ACMON] C:\Program Files\Asus\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\Asus\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1219757428671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O24 - Desktop WallPaper: C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-02-29 22:42:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{c67824a8-65f3-11df-987c-001a923effcc}\Shell - "" = AutoRun
O33 - MountPoints2\{c67824a8-65f3-11df-987c-001a923effcc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{c67824a9-65f3-11df-987c-001a923effcc}\Shell - "" = AutoRun
O33 - MountPoints2\{c67824a9-65f3-11df-987c-001a923effcc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-07-05 18:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-07-05 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-06-11 22:53:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Filipe Duarte\My Documents\My Videos
[2010-06-11 14:52:44 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-07-05 18:58:24 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Filipe Duarte\NTUSER.DAT
[2010-07-05 18:50:34 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{642A395E-0BFD-4D4B-B5FC-C0279CEE07AE}.job
[2010-07-05 18:45:24 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Filipe Duarte\Desktop\NTREGOPT.lnk
[2010-07-05 18:45:24 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\Filipe Duarte\Desktop\ERUNT.lnk
[2010-07-05 18:31:58 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-07-05 18:08:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-05 18:08:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-05 18:08:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-05 18:08:26 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2010-07-03 22:46:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Filipe Duarte\ntuser.ini
[2010-07-03 20:57:02 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3264015001-326508889-3026082057-1005Core1cac86f40f446da.job
[2010-07-03 20:22:02 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-30 15:37:44 | 000,002,248 | ---- | M] () -- C:\Documents and Settings\Filipe Duarte\Desktop\Google Chrome.lnk
[2010-06-30 15:37:44 | 000,002,226 | ---- | M] () -- C:\Documents and Settings\Filipe Duarte\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010-06-28 21:59:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-24 19:30:48 | 000,501,762 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-24 19:30:48 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-24 19:30:48 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-11 20:45:22 | 000,240,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-11 15:42:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-05 18:45:22 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Filipe Duarte\Desktop\NTREGOPT.lnk
[2010-07-05 18:45:22 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\Filipe Duarte\Desktop\ERUNT.lnk
[2009-03-14 02:25:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-01-11 21:30:57 | 000,000,045 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2008-08-05 16:00:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-08-05 16:00:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-08-05 16:00:24 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-08-05 16:00:24 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-08-05 16:00:15 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-08-05 16:00:15 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-03-01 22:59:48 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-03-01 01:02:34 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-03-01 00:50:57 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008-02-29 23:43:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-02-29 23:18:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-02-29 22:45:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008-02-29 22:24:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-02-29 22:24:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-02-29 22:24:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-02-29 22:24:31 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-02-29 22:24:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008-02-29 22:16:38 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynSam.sys
[2008-02-29 22:16:38 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynScan.sys
[2008-02-29 22:16:30 | 000,498,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynPin.sys
[2008-02-29 22:16:29 | 001,116,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynMini.sys
[2008-02-29 22:16:29 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynCamd.sys
[2008-02-29 22:14:19 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.INI
[2008-02-29 22:14:13 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2006-09-18 14:47:22 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2006-09-18 14:47:22 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005-08-05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005-04-02 06:30:00 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[1998-05-05 11:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2008-02-29 23:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2009-05-23 10:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010-02-18 23:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-05-23 11:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2008-02-29 23:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\Infineon
[2008-03-01 01:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\uTorrent
[2008-03-01 02:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\Thunderbird
[2008-03-01 14:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\VoipStunt
[2008-04-28 13:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\UseNeXT
[2008-11-01 01:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\XnView
[2008-11-01 01:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\iSilo
[2009-01-11 21:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\BoutellDotCom
[2009-09-29 17:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\Research In Motion
[2010-03-25 00:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\Facebook
[2010-04-11 03:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\RadioBar
[2010-05-22 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Filipe Duarte\Application Data\Vodafone
[2010-07-05 18:50:34 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{642A395E-0BFD-4D4B-B5FC-C0279CEE07AE}.job

========== Purity Check ==========


< End of report >

==Extras==
OTL Extras logfile created on: 05-07-2010 18:54:36 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Filipe Duarte\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1.023,00 Mb Total Physical Memory | 409,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 1,79 Gb Free Space | 3,20% Space Free | Partition Type: FAT32
Drive D: | 37,25 Gb Total Space | 20,97 Gb Free Space | 56,31% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEACH
Current User Name: Filipe Duarte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Filipe Duarte\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Navegar com o XnView] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt -- (VoipStunt)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found
"C:\Program Files\SopCast\ADV\SopAdver.exe" = C:\Program Files\SopCast\ADV\SopAdver.exe:*:Enabled:SopCast Adver -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0800E395-4DD7-3A93-BB96-08596C0D725F}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG
"{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}" = Microsoft .NET Framework 1.1 Portuguese Language Pack
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20B05668-C9F0-4469-AEF4-14DF41D6ACB6}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{2A8CF485-5A4D-4C7D-8ACF-4AB98914D529}" = Infineon TPM Professional Package
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{418001D0-F48E-4910-966C-0DCCC996A87A}" = Windows Live Call
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CEA963-2745-46A8-BE71-767F2B36FEF2}" = Windows Live Essentials
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptg
"{7BA57438-E0E4-46D1-9161-480FFB76FB62}" = Windows Live Writer
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84F1B62A-E6F6-458E-BC19-51DBB14055EA}" = BlackBerry Desktop Software 4.7
"{88528F28-E04A-3A93-B3C0-14651148FE82}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF2070}" = Nero 8
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0816-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Portugal)) 12
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_ENTERPRISE_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
"{90120000-0044-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_ENTERPRISE_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
"{90120000-00BA-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis 3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF0BEF15-A82E-40C5-A051-DE0B7F009895}" = Microsoft SAPI 5.1- DO NOT REMOVE
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5B86403-C054-400B-86F5-7F1D66FBDDC6}" = Windows Live Mail
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCD71FFD-0825-42DD-8BEC-CE8F97823B36}" = Localization Pack for Microsoft Windows XP Media Center Edition
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{84F1B62A-E6F6-458E-BC19-51DBB14055EA}" = BlackBerry Desktop Software 4.7
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.0.0
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptg" = Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 antivirus system
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Software do Intel® PROSet/Wireless
"RadioBar" = RadioBar Toolbar
"RealAlt_is1" = Real Alternative 1.8.0
"Registry Mechanic_is1" = Registry Mechanic 7.0
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"uTorrent" = µTorrent
"VoipStunt_is1" = VoipStunt
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compressor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24-06-2010 12:33:13 | Computer Name = PEACH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 25-06-2010 14:41:08 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 27-06-2010 18:17:41 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28-06-2010 15:56:18 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 30-06-2010 10:36:22 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 30-06-2010 15:40:38 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 01-07-2010 13:57:35 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 02-07-2010 14:54:52 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 03-07-2010 12:15:10 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 05-07-2010 13:09:05 | Computer Name = PEACH | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ OSession Events ]
Error - 01-06-2009 7:49:01 | Computer Name = PEACH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 6431 seconds with 3660 seconds of active time. This session ended with a
crash.

Error - 01-06-2009 14:51:27 | Computer Name = PEACH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 25228 seconds with 3060 seconds of active time. This session ended with
a crash.

[ System Events ]
Error - 24-06-2010 10:42:49 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 25-06-2010 14:41:21 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 27-06-2010 18:17:42 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 28-06-2010 15:56:18 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 30-06-2010 10:36:22 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 30-06-2010 15:40:40 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 01-07-2010 13:57:36 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 02-07-2010 14:54:57 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 03-07-2010 12:15:11 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.

Error - 05-07-2010 13:09:05 | Computer Name = PEACH | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Roxio Hard Drive Watcher 9.


< End of report >

==Checkup==
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

NOD32 antivirus system
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Eset nod32krn.exe
Eset nod32kui.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

==GMER==
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 21:22:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\FILIPE~1\LOCALS~1\Temp\fxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF72B20D0]
SSDT sptd.sys ZwEnumerateKey [0xF72B7FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF72B8340]
SSDT sptd.sys ZwOpenKey [0xF72B20B0]
SSDT sptd.sys ZwQueryKey [0xF72B8418]
SSDT sptd.sys ZwQueryValueKey [0xF72B8298]
SSDT sptd.sys ZwSetValueKey [0xF72B84AA]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6D54360, 0x2255BD, 0xE8000020]
.text USBPORT.SYS!DllUnload F6B2F8AC 5 Bytes JMP 86E0F770
.text a50oq2mp.SYS F6A49384 1 Byte [20]
.text a50oq2mp.SYS F6A49384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a50oq2mp.SYS F6A493AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a50oq2mp.SYS F6A493C4 3 Bytes [00, 00, 00]
.text a50oq2mp.SYS F6A493C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72B2AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72B2C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72B2B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72B3748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72B361E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72C829A] sptd.sys
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!KfAcquireSpinLock] 00000034
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!KeGetCurrentIrql] 00000043
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!KfRaiseIrql] 00000044
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!KfLowerIrql] 000000C4
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!HalGetInterruptVector] 000000DE
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!HalTranslateBusAddress] 000000E9
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!KfReleaseSpinLock] 00000054
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!READ_PORT_USHORT] 00000094
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[WMILIB.SYS!WmiSystemControl] 00000023
IAT \SystemRoot\System32\Drivers\a50oq2mp.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom 86FD01E8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{0D1E7763-1E8C-4C5A-B83A-F5654F61BA32} 85E7A1E8
Device \Driver\PCI_NTPNP5172 \Device\00000050 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-0 86E461E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F611E8
Device \Driver\dmio \Device\DmControl\DmConfig 86F611E8
Device \Driver\dmio \Device\DmControl\DmPnP 86F611E8
Device \Driver\dmio \Device\DmControl\DmInfo 86F611E8
Device \Driver\usbuhci \Device\USBPDO-1 86E461E8
Device \Driver\usbuhci \Device\USBPDO-2 86E461E8
Device \Driver\usbuhci \Device\USBPDO-3 86E461E8
Device \Driver\usbehci \Device\USBPDO-4 86E401E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD21E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD21E8
Device \Driver\Cdrom \Device\CdRom0 86D8B1E8
Device \Driver\Cdrom \Device\CdRom1 86D8B1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 85E7A1E8
Device \Driver\NetBT \Device\NetbiosSmb 85E7A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D50DFC69-D331-481C-BBFC-9ECBF2F83171} 85E7A1E8
Device \Driver\usbuhci \Device\USBFDO-0 86E461E8
Device \Driver\usbuhci \Device\USBFDO-1 86E461E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85E661E8
Device \Driver\usbuhci \Device\USBFDO-2 86E461E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85E661E8
Device \Driver\usbuhci \Device\USBFDO-3 86E461E8
Device \Driver\usbehci \Device\USBFDO-4 86E401E8
Device \Driver\Ftdisk \Device\FtControl 86FD21E8
Device \Driver\a50oq2mp \Device\Scsi\a50oq2mp1Port2Path0Target0Lun0 86D81790
Device \Driver\a50oq2mp \Device\Scsi\a50oq2mp1 86D81790
Device \FileSystem\Fastfat \Fat 86FD01E8

AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

Device \FileSystem\Cdfs \Cdfs 85E5D790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x6A 0x3F 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x73 0xFD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x77 0x2F 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x6A 0x3F 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x73 0xFD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x77 0x2F 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x6A 0x3F 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x73 0xFD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x77 0x2F 0x05 ...

---- EOF - GMER 1.0.15 ----


#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:50 PM

Posted 07 July 2010 - 06:23 AM

Please proceed with the following:
Step 1
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :processes

    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c67824a8-65f3-11df-987c-001a923effcc}]

    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3







* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Step 3
Reply with copy of the OTL MovedFiles log
and copy of contents of C:\Combofix.txt
and tell me, How is the system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 peachbacano

peachbacano
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 07 July 2010 - 09:52 AM

Hi....

Here are the logs...

==OTL==

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c67824a8-65f3-11df-987c-001a923effcc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c67824a8-65f3-11df-987c-001a923effcc}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Filipe Duarte
->Temp folder emptied: 6235675739 bytes
->Temporary Internet Files folder emptied: 428928146 bytes
->Java cache emptied: 109201558 bytes
->FireFox cache emptied: 51417593 bytes
->Google Chrome cache emptied: 244769317 bytes
->Flash cache emptied: 632962 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5786472 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64673498 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 252425853 bytes

Total Files Cleaned = 7.051,00 mb

Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.7.1 log created on 07072010_152520

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

==Combo-fix==

ComboFix 10-07-06.03 - Filipe Duarte 07-07-2010 15:41:50.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.1023.557 [GMT 1:00]
Executando de: c:\documents and settings\Filipe Duarte\My Documents\Downloads\Combo-Fix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-07 to 2010-07-07 ))))))))))))))))))))))))))))
.

2010-07-07 14:25 . 2010-07-07 14:25 -------- d-----w- C:\_OTL
2010-07-05 17:45 . 2010-07-05 17:45 -------- d-----w- c:\program files\ERUNT
2010-06-11 13:52 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 14:13 . 2010-05-22 14:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-23 10:14 . 2010-05-23 10:13 -------- d-----w- c:\documents and settings\Filipe Duarte\Application Data\FLEXnet
2010-05-23 10:07 . 2010-05-23 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2010-05-23 10:07 . 2010-05-23 10:07 -------- d-----w- c:\program files\Vodafone
2010-05-22 22:47 . 2010-05-22 22:47 -------- d-----w- c:\documents and settings\Filipe Duarte\Application Data\Vodafone
2010-05-22 22:46 . 2010-05-22 22:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
2010-05-22 22:46 . 2010-05-22 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-05-22 14:13 . 2010-05-22 14:13 503808 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-222b965b-n\msvcp71.dll
2010-05-22 14:13 . 2010-05-22 14:13 499712 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-222b965b-n\jmc.dll
2010-05-22 14:13 . 2010-05-22 14:13 348160 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-222b965b-n\msvcr71.dll
2010-05-22 14:13 . 2010-05-22 14:13 61440 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3927e0b8-n\decora-sse.dll
2010-05-22 14:13 . 2010-05-22 14:13 12800 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3927e0b8-n\decora-d3d.dll
2010-05-17 22:40 . 2010-05-17 22:40 -------- d-----w- c:\program files\Common Files\Java
2010-05-17 22:40 . 2010-05-17 22:40 503808 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cc215e8-n\msvcp71.dll
2010-05-17 22:40 . 2010-05-17 22:40 499712 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cc215e8-n\jmc.dll
2010-05-17 22:40 . 2010-05-17 22:40 348160 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cc215e8-n\msvcr71.dll
2010-05-17 22:40 . 2010-05-17 22:40 61440 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ccda1f8-n\decora-sse.dll
2010-05-17 22:40 . 2010-05-17 22:40 12800 ----a-w- c:\documents and settings\Filipe Duarte\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ccda1f8-n\decora-d3d.dll
2010-05-06 10:41 . 2006-09-18 13:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-09-18 13:45 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-09-18 13:44 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 16:29 . 2010-05-17 22:40 411368 ----a-w- c:\windows\system32\deployJava1.dll
2003-02-23 03:54 . 2003-02-23 03:54 107 ----a-w- c:\program files\zMarker.txt
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 11:18 451808 ----a-w- c:\program files\RadioBar\toolbar.ni.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Filipe Duarte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-16 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-11-15 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-29 949376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-09 23:20 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABLKSR]
2006-01-02 18:14 61440 ----a-w- c:\windows\ABLKSR\ABLKSR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2006-02-21 14:20 180224 ----a-w- c:\program files\Asus\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-09-21 19:30 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-08-01 23:32 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 17:48 2412032 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-07-20 04:58 7581696 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-07-20 04:58 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-20 04:58 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-19 09:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-21 00:56 16261632 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-16 17:47 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 02:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-06 21:11 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
2005-10-17 16:09 987136 ----a-w- c:\program files\Wireless Console 2\wcourier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [01-03-2008 0:50 15424]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29-11-2005 3:50 36768]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18-09-2009 18:48 9216]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [29-02-2008 22:23 36352]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [29-02-2008 22:16 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [29-02-2008 22:16 7808]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [22-05-2010 23:47 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [22-05-2010 23:54 100480]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [29-02-2008 23:25 34944]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01-03-2008 1:02 685816]
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-07-07 c:\windows\Tasks\User_Feed_Synchronization-{642A395E-0BFD-4D4B-B5FC-C0279CEE07AE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264015001-326508889-3026082057-1005Core1cac86f40f446da.job
- c:\documents and settings\Filipe Duarte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-16 21:43]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://radiobar.toolbarhome.com?hp=df
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyServer = proxy.med.up.pt:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Filipe Duarte\Application Data\Mozilla\Firefox\Profiles\doqtxroc.default\
FF - prefs.js: browser.startup.homepage - http:\\\\www.google.com
FF - prefs.js: network.proxy.ftp - proxy.med.up.pt
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.med.up.pt
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.med.up.pt
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.med.up.pt
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.med.up.pt
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\Filipe Duarte\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Filipe Duarte\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 15:45
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3172)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-07-07 15:46:19
ComboFix-quarantined-files.txt 2010-07-07 14:46

Pré-execução: 9.764.536.320 bytes free
Pós execução: 9.722.789.888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

- - End Of File - - 3E7CAAA9C68E56E9F6839019ABC6DDC4


Thanks for the help... I'll tell you how my system works...
But now I have to leave...... smile.gif)))

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:50 PM

Posted 08 July 2010 - 06:15 AM

Step 1
Let's have you create a restore point (at this time).
1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. If there is a check mark next to "Turn off System Restore on all drives", then click on the line to clear it.
4. If C is your system drive (as it is in most cases) and you see other drives monitored in the list (like D, E, etc) click on the other drives, press Settings button, and get the other drives turned off.
5. we only want to monitor the drive with Windows o.s.
If you are unable to activate System Restore or if the service is disabled, then.....
from the Start button > RUN option .... type in
CODE
services.msc


look for System Restore service
If it is listed as off or inactive, press on the link at top left to Start it.

Next, See and do as outlined here http://bertk.mvps.org/html/createrp.html

Step 2
Place your USB flash (thumb) drives in-place so that some of these programs will be able to find them.

I'm going to have you get and run two utilities.
The first stops automatic use of the AutoRun feature of XP. The second will write to any connected devices a Read-only, System protected Autorun.inf file on all of your hard drives, and all connected removable storage devices.

Download and Install Microsoft's TweakUI:
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
Obtain and install TweakUI (part of the PowerToys for Windows XP package), and then start TweakUI.
Expand the My Computer branch, then the AutoPlay branch, and then select Drives.
Turn off the checkbox next to every drive letter to disable AutoPlay -- except your CD/DVD drive letters.

Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
http://download.bleepingcomputer.com/sUBs/...Disinfector.exe
There is no GUI interface or log file produced.

Step 3
Please download >> DrWeb-CureIt << and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)

  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Reply with copy of the DrWeb log
and tell me, How is your system now ?

Edited by Maurice Naggar, 08 July 2010 - 06:17 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 peachbacano

peachbacano
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 14 July 2010 - 08:46 AM

Hi,

First I want to apologyse for the long time to post.... I've been out for a few days and i couldn't respond to you...

I did everything you say...

I run express check and full sacn of Drweb, but no report or virus was found...

I'm nor receiving mails of "delivery failure notice" for a while now.... I think my computer is now clean... smile.gif and i saw that you give more a lot of Gb of free space!!! so thank you very much!!!

I have a question... can I use regulary some of this software to clean my computer to have more space??

Thank you so much for the help...

Filipe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users