Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help to remove unknown malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 Karakal

Karakal

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 12 October 2010 - 10:12 AM

Hi!
I am having problems with my Dell Inspiron N5010 (Intel Core i3, 3 GB RAM), running Windows 7 Home Premium (OS 64 Bits) in the last 3 days. At the beginning, it was very hard to connect to the internet (hardware: wireless 150 router Dlink DI 524 and Broadcom DW 1501 wireless-N WLan half-mini card driver). After some disable/enable and uninstall/reinstall procedures it was solved. After this, I ran McAfee and updated Malwarebytes Anti-Malware scans, which found nothing. Yesterday, McAfee started complaining that my computer might be at risk (due to disabled real time scans). Every attempt to re-enable it was all but unsuccessful, since it was “mysteriously” re-disabled seconds later. So, determined not to be beaten by this annoyance, I tried – quite hopelessly – to restore things to proper places using a saved restore point created 4 days before. As you can guess, it was useless, so I (still refusing to lose) made an attempt to update the AV software. This also didn’t work. The download stopped and restarted when 15% was reached. I was also unable to scan the computer with McAfee before and after the attempted update (“An unexpected problem occurred during scan” – said the error message). In face of this I started the measures required to ask for help here in BC (as cited in the topic “Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help”). Before running DDS I disabled both wireless card and Bluetooth. DDS logs are being sent along with this one message. With GMER, however it is another history. After extracting the file from the archive, I tried to run it and received an error message (“C:\Windowssystem32\config\system: The system was unable to find the file”). These are the events up to now, so I came to BC to ask for help to remove the parasite (MOF, I think the parasite is the human thief who wrote the code, not the code itself). 

DDS.txt:

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Dr Cesar at 3:09:07,69 on 12/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.2935.1720 [GMT -3:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\mcafee\virusscan\McVsShld.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dr Cesar\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101006021620.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\DRCESA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Baixar com o Download &Express - C:\Program Files (x86)\Download Express\Add_Url.htm
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\DRCESA~1\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 529000]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 283232]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-14 55280]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-1-5 75032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-9-15 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McMPFSvc;McAfee Serviço Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-30 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-30 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-30 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-9-14 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-9-14 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-9-14 149032]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-14 673088]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-14 2320920]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 62800]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-14 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-15 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-15 151936]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-15 271872]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 441072]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-14 35104]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-5 94736]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-15 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-15 325152]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-21 1255736]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-30 355440]

=============== Created Last 30 ================

2010-10-10 18:29:30 -------- d-----w- C:\Program Files (x86)\MetaProducts Inquiry
2010-10-10 04:20:54 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Apple Computer
2010-10-10 02:39:02 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Apple
2010-10-09 23:42:01 -------- d-----w- C:\Users\Dr Cesar\.clipbak
2010-10-09 22:29:26 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Cooliris
2010-10-09 22:10:11 23512 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2010-10-09 22:10:11 138712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2010-10-09 22:10:10 17880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2010-10-09 12:04:15 -------- d-----w- C:\Program Files (x86)\PicLensIE
2010-10-09 01:38:32 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4973F51B-2407-4572-A675-68119457C931}\mpengine.dll
2010-10-07 02:16:45 -------- d--h--w- C:\Windows\AxInstSV
2010-10-06 05:16:20 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2010-10-05 02:16:05 423656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-04 01:30:40 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Macrovision
2010-10-03 00:26:25 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\IsolatedStorage
2010-10-03 00:03:26 -------- d-----w- C:\Program Files (x86)\Virtual Earth 3D
2010-10-02 03:37:30 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\MetaProducts
2010-10-02 03:37:27 -------- d-----w- C:\Program Files (x86)\Download Express
2010-10-02 01:31:01 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Adobe
2010-10-01 01:29:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-01 01:29:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-01 01:27:54 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-01 01:27:54 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-27 07:52:07 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2010-09-26 04:30:17 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Microsoft Help
2010-09-25 17:45:42 -------- d-----w- C:\Program Files (x86)\Positivo
2010-09-24 14:48:30 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\JAM Software
2010-09-24 14:48:29 -------- d-----w- C:\Program Files (x86)\JAM Software
2010-09-24 12:24:23 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-24 12:24:21 270208 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 18:21:42 -------- d-----w- C:\Users\Dr Cesar\Meu Arquivos Backup
2010-09-23 14:13:49 -------- d-----w- C:\Documentos Word
2010-09-23 14:13:31 -------- d-----w- C:\Fotos
2010-09-23 00:09:47 -------- d--h--w- C:\Windows\msdownld.tmp
2010-09-23 00:09:40 -------- d-----w- C:\Windows\SysWow64\directx
2010-09-22 21:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 15:55:04 244416 ----a-w- C:\Windows\SysWow64\msflxgrd.ocx
2010-09-22 15:55:04 1066176 ----a-w- C:\Windows\SysWow64\mscomctl.ocx
2010-09-22 15:20:27 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2010-09-22 15:02:47 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Malwarebytes
2010-09-22 14:43:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-09-22 14:43:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-09-22 14:43:51 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-09-22 14:43:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-09-22 14:35:13 -------- d-----w- C:\Program Files (x86)\Media Player Classic - Home Cinema
2010-09-22 13:42:56 314368 ----a-w- C:\Windows\IsUninst.exe
2010-09-22 13:34:53 224016 ----a-w- C:\Windows\SysWow64\tabctl32.ocx
2010-09-22 13:34:53 1355776 ----a-w- C:\Windows\SysWow64\MSVBVM50.dll
2010-09-22 13:34:53 109248 ----a-w- C:\Windows\SysWow64\mswinsck.ocx
2010-09-22 13:24:59 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Goodsol
2010-09-22 13:24:33 152848 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2010-09-22 13:23:01 -------- d-----w- C:\Users\Dr Cesar\.gnubg
2010-09-22 13:22:49 -------- d-----w- C:\Jogos
2010-09-22 13:16:29 -------- d-----w- C:\Program Files (x86)\Uconeer
2010-09-22 13:15:26 -------- d-----w- C:\Program Files\Uconeer
2010-09-22 13:11:45 -------- d-----w- C:\Program Files (x86)\WhatColor4
2010-09-22 01:15:00 -------- d-----w- C:\Program Files (x86)\CCleaner
2010-09-22 01:06:13 -------- d-----w- C:\Windows\SysWow64\Wat
2010-09-22 01:06:13 -------- d-----w- C:\Windows\System32\Wat
2010-09-22 01:02:22 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-09-22 01:02:22 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-09-22 01:02:22 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-09-22 01:02:22 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-09-22 01:02:22 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-09-22 01:02:22 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-09-22 01:02:22 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-09-22 01:02:22 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-09-22 01:02:22 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-09-22 01:02:22 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-09-22 00:51:02 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-22 00:51:02 404992 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-22 00:51:02 162304 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-09-22 00:51:00 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-09-22 00:50:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-09-22 00:50:59 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-09-22 00:50:59 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-09-22 00:48:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-09-22 00:48:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-09-22 00:48:58 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-09-22 00:48:58 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-09-22 00:45:52 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-21 19:46:10 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Dell Edoc Viewer
2010-09-21 15:05:59 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Diagnostics
2010-09-21 02:20:45 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Microsoft Games
2010-09-21 02:18:36 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\SoftGrid Client
2010-09-21 02:18:35 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\SoftGrid Client
2010-09-21 02:18:03 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2010-09-21 02:17:55 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\TP
2010-09-21 01:31:54 -------- d-sh--w- C:\System Recovery
2010-09-21 01:31:12 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Dell
2010-09-21 01:30:48 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Stardock_Corporation
2010-09-21 01:30:44 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\SupportSoft
2010-09-21 01:30:44 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Broadcom
2010-09-21 01:29:53 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\VirtualStore
2010-09-15 05:56:05 -------- d-----w- C:\Program Files\Synaptics
2010-09-15 05:53:56 91648 ----a-w- C:\Windows\System32\isoburn.exe
2010-09-15 05:15:49 -------- d-----w- C:\apps
2010-09-15 05:10:46 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2010-09-15 05:02:07 -------- d-----w- C:\Windows\System32\oem
2010-09-15 05:02:05 -------- d-----w- C:\Windows\Panther
2010-09-15 05:02:05 -------- d-----w- C:\Drivers
2010-09-15 04:36:27 -------- d-----w- C:\dell
2010-09-15 01:46:19 -------- d-----w- C:\Program Files (x86)\Dell
2010-09-15 01:41:24 -------- dc-h--w- C:\PROGRA~3\{D19C2D22-6043-47E7-B400-83A351841204}
2010-09-15 01:41:10 -------- d-----w- C:\Program Files (x86)\Absolute Software
2010-09-15 01:40:12 1822208 ----a-w- C:\PROGRA~3\Microsoft\OEMOffice14\Office14\Word.pt-br\WordMUI.msi
2010-09-15 01:38:21 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-09-15 01:38:10 -------- d-----w- C:\Program Files\mcafee.com
2010-09-15 01:38:10 -------- d-----w- C:\Program Files\mcafee
2010-09-15 01:38:10 -------- d-----w- C:\Program Files\Common Files\mcafee
2010-09-15 01:38:10 -------- d-----w- C:\Program Files (x86)\mcafee.com
2010-09-15 01:38:10 -------- d-----w- C:\Program Files (x86)\Common Files\mcafee
2010-09-15 01:38:09 -------- d-----w- C:\Program Files (x86)\McAfee
2010-09-15 01:38:03 -------- d-----w- C:\PROGRA~3\Uninstall
2010-09-15 01:37:52 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2010-09-15 01:37:52 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2010-09-15 01:37:52 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2010-09-15 01:37:51 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2010-09-15 01:37:51 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-09-15 01:37:50 -------- d-----w- C:\Program Files (x86)\Roxio
2010-09-15 01:36:07 74 --sh--r- C:\Windows\CT4CET.bin
2010-09-15 01:35:49 -------- d-----w- C:\Program Files (x86)\Common Files\Reallusion
2010-09-15 01:35:29 -------- d-----w- C:\Program Files (x86)\Creative
2010-09-15 01:35:09 -------- d-----w- C:\Program Files (x86)\Dell Webcam
2010-09-15 01:35:08 224768 ----a-w- C:\Windows\System32\drivers\CtAudDrv.sys
2010-09-15 01:35:08 172704 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys
2010-09-15 01:35:06 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam
2010-09-15 01:34:54 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-09-15 01:34:54 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-09-15 01:34:54 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-09-15 01:34:54 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-09-15 01:34:54 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-09-15 01:34:54 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-09-15 01:34:53 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-09-15 01:34:49 -------- d-----r- C:\Program Files (x86)\Skype
2010-09-15 01:32:54 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-09-15 01:32:54 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-09-15 01:32:39 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-09-15 01:31:32 -------- d-----w- C:\Program Files (x86)\Microsoft
2010-09-15 01:31:14 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2010-09-15 01:30:40 -------- d-----w- C:\Windows\PCHEALTH
2010-09-15 01:30:31 4927864 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\95d94eea1cb5475\Silverlight.2.0.exe
2010-09-15 01:30:13 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8b420f921cb5475\DSETUP.dll
2010-09-15 01:30:13 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8b420f921cb5475\DXSETUP.exe
2010-09-15 01:30:13 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8b420f921cb5475\dsetup32.dll
2010-09-15 01:28:40 142922064 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcCF4F.tmp
2010-09-15 01:28:34 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-09-15 01:26:37 -------- d-----w- C:\Temp
2010-09-15 01:26:35 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys
2010-09-15 01:26:21 -------- d-----w- C:\Program Files (x86)\Dell DataSafe Local Backup
2010-09-15 01:26:05 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-09-15 01:26:05 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-09-15 01:26:05 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-09-15 01:26:05 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-09-15 01:26:05 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-09-15 01:26:05 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-09-15 01:26:05 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-09-15 01:26:05 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-09-15 01:24:23 -------- d-----w- C:\Program Files (x86)\Citrix
2010-09-15 01:23:03 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2010-09-15 01:21:38 -------- d-----w- C:\Program Files (x86)\Cisco
2010-09-15 01:18:41 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2010-09-15 01:17:48 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-15 01:16:15 -------- d-----w- C:\Program Files\Dell Inc
2010-09-15 01:16:13 -------- d-sh--w- C:\Windows\Installer

==================== Find3M ====================

2010-09-15 05:53:56 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2010-08-24 17:57:38 94736 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-08-24 17:57:38 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-08-24 17:57:38 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-08-24 17:57:38 529000 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-08-24 17:57:38 441072 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-08-24 17:57:38 283232 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-08-24 17:57:38 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-08-24 17:57:38 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 3:09:44,01 ===============


Attach.txt - Sorry but I was unable to attach it!


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20/09/2010 22:24:35
System Uptime: 10/12/2010 01:05:02 (-1414 hours ago)

Motherboard: Dell Inc. | | 08R0GW
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU 1 | 927/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 256,036 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP6: 21/09/2010 21:59:23 - antes atualização
RP7: 21/09/2010 22:00:34 - Windows Update
RP8: 23/09/2010 01:32:31 - Periódico
RP9: 23/09/2010 14:10:59 - DirectX instalado
RP10: 24/09/2010 09:24:11 - Windows Update
RP11: 24/09/2010 17:08:37 - Windows Update
RP12: 25/09/2010 14:45:26 - Instalado Novo Dicionário Aurélio
RP13: 01/10/2010 01:14:18 - Windows Update
RP14: 02/10/2010 17:47:29 - Removed Adobe Reader 9.1.3 - Português.
RP15: 02/10/2010 17:48:39 - Installed Adobe Reader 9.1 MUI.
RP16: 02/10/2010 17:50:32 - Installed Adobe Reader 9.1 MUI.
RP17: 02/10/2010 18:02:11 - Installed Adobe Reader 9.3 - Português.
RP18: 03/10/2010 22:06:57 - HJT
RP19: 04/10/2010 22:43:27 - Windows Update
RP20: 04/10/2010 23:15:02 - Installed Java™ 6 Update 21
RP21: 08/10/2010 22:38:14 - Windows Update
RP22: 09/10/2010 09:03:50 - Installed Cooliris for Internet Explorer
RP23: 09/10/2010 23:39:23 - Installed QuickTime
RP24: 10/10/2010 15:29:05 - Installed MetaProducts Inquiry Basic Edition 1.8 SR4
RP25: 11/10/2010 20:08:51 - Operação de restauração

==== Installed Programs ======================

3DFiBs Backgammon 4.0.79
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0 - Português
Advanced Audio FX Engine
Assistente de Conexão do Windows Live
Basic Card Set Pack 12.3
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Support Center (Software de Suporte)
Dell Webcam Central
Ferramenta de Carregamento do Windows Live
GNU Backgammon (MAIN branch, 20100816 code)
GoToAssist 8.0.0.514
Holiday Card Set Pack 12.3
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 21
JellyFish Light 3.5
Junk Mail filter update
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes' Anti-Malware
McAfee Security Center
Media Player Classic - Home Cinema v1.4.2499.0
MetaProducts Download Express
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office com Clique para Executar 2010
Microsoft Office Starter 2010 - Português (Brasil)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.10)
MSVCRT
Novo Dicionário Aurélio
PowerDVD DX
Pretty Good Solitaire - Invention Card Set
Pretty Good Solitaire version 12.3.0
Quality Card Set Pack 12.3
Roxio Burn
Skype Toolbars
Skype™ 4.1
The KMPlayer (remove only)
TreeSize Free V2.4
Uconeer 2.4
WhatColor4
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Toolbar
Windows Live Writer

==== End Of File ===========================


Thanks in advance for your help.

Edited by Karakal, 12 October 2010 - 11:23 AM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 20 October 2010 - 08:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 Karakal

Karakal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 21 October 2010 - 01:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Hi there!

My problem persists partially.
I've managed to uninstall and reinstall the McAfee AV (Security Center), but eventually it raiser some problems. The last one was that it was unabled to update
the signature. I still can't run GMER - same message ("C\:windows\system32\config\system: the system can't find the file.").

New DDS log:

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Dr Cesar at 21:52:42,29 on 20/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.2935.1991 [GMT -2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Positivo\Aurelio\pAurelio_.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Users\Dr Cesar\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
{5c255c8a-e604-49b4-9d64-90988571cecb}
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101014123833.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\DRCESA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Enviar para o OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Baixar com o Download &Express - C:\Program Files (x86)\Download Express\Add_Url.htm
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\DRCESA~1\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Dr Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\Dr Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll
FF - component: C:\Users\Dr Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll
FF - component: C:\Users\Dr Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-8-24 529000]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-14 283232]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-14 55280]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-10-14 75032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-9-15 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-14 355440]
R2 McMPFSvc;McAfee Serviço Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-14 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-14 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-14 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-10-14 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-10-14 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-14 149032]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-14 673088]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-14 2320920]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-14 62800]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-14 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-15 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-15 151936]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-15 271872]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-14 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-14 441072]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-14 35104]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-14 94736]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-15 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-15 325152]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-21 1255736]

=============== Created Last 30 ================

2010-10-18 14:28:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-10-15 01:01:38 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\OutWit
2010-10-14 15:37:35 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-14 15:28:39 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-14 15:28:39 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-14 15:27:12 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-14 15:27:11 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-14 15:13:12 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-14 15:13:12 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-14 15:13:11 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-14 15:13:11 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-14 15:10:31 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2010-10-14 15:07:27 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-14 15:07:27 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-14 15:04:42 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-14 15:04:42 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-14 15:04:42 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-14 15:04:42 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-14 15:04:42 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-12 21:30:22 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\McAfee
2010-10-10 18:29:30 -------- d-----w- C:\Program Files (x86)\MetaProducts Inquiry
2010-10-10 04:20:54 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Apple Computer
2010-10-10 02:39:02 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Apple
2010-10-09 23:42:01 -------- d-----w- C:\Users\Dr Cesar\.clipbak
2010-10-09 22:29:26 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Cooliris
2010-10-09 22:10:11 23512 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2010-10-09 22:10:11 138712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2010-10-09 22:10:10 17880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2010-10-09 12:04:15 -------- d-----w- C:\Program Files (x86)\PicLensIE
2010-10-09 01:38:32 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4973F51B-2407-4572-A675-68119457C931}\mpengine.dll
2010-10-07 02:16:45 -------- d--h--w- C:\Windows\AxInstSV
2010-10-05 02:16:05 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-04 01:30:40 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Macrovision
2010-10-03 00:26:25 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\IsolatedStorage
2010-10-03 00:03:26 -------- d-----w- C:\Program Files (x86)\Virtual Earth 3D
2010-10-02 03:37:30 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\MetaProducts
2010-10-02 03:37:27 -------- d-----w- C:\Program Files (x86)\Download Express
2010-10-02 01:31:01 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Adobe
2010-10-01 01:29:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-01 01:29:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-01 01:27:54 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-01 01:27:54 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-27 07:52:07 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2010-09-26 04:30:17 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Microsoft Help
2010-09-25 17:45:42 -------- d-----w- C:\Program Files (x86)\Positivo
2010-09-24 14:48:30 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\JAM Software
2010-09-24 14:48:29 -------- d-----w- C:\Program Files (x86)\JAM Software
2010-09-24 12:24:23 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-24 12:24:21 270208 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 18:21:42 -------- d-----w- C:\Users\Dr Cesar\Meu Arquivos Backup
2010-09-23 14:13:49 -------- d-----w- C:\Documentos Word
2010-09-23 14:13:31 -------- d-----w- C:\Fotos
2010-09-23 00:09:47 -------- d--h--w- C:\Windows\msdownld.tmp
2010-09-23 00:09:40 -------- d-----w- C:\Windows\SysWow64\directx
2010-09-22 21:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 15:55:04 244416 ----a-w- C:\Windows\SysWow64\msflxgrd.ocx
2010-09-22 15:20:27 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2010-09-22 15:02:47 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Malwarebytes
2010-09-22 14:43:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-09-22 14:43:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-09-22 14:43:51 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-09-22 14:43:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-09-22 14:35:13 -------- d-----w- C:\Program Files (x86)\Media Player Classic - Home Cinema
2010-09-22 13:42:56 314368 ----a-w- C:\Windows\IsUninst.exe
2010-09-22 13:34:53 224016 ----a-w- C:\Windows\SysWow64\tabctl32.ocx
2010-09-22 13:34:53 1355776 ----a-w- C:\Windows\SysWow64\MSVBVM50.dll
2010-09-22 13:34:53 109248 ----a-w- C:\Windows\SysWow64\mswinsck.ocx
2010-09-22 13:24:59 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Goodsol
2010-09-22 13:24:33 152848 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2010-09-22 13:23:01 -------- d-----w- C:\Users\Dr Cesar\.gnubg
2010-09-22 13:22:49 -------- d-----w- C:\Jogos
2010-09-22 13:16:29 -------- d-----w- C:\Program Files (x86)\Uconeer
2010-09-22 13:15:26 -------- d-----w- C:\Program Files\Uconeer
2010-09-22 13:11:45 -------- d-----w- C:\Program Files (x86)\WhatColor4
2010-09-22 01:15:00 -------- d-----w- C:\Program Files (x86)\CCleaner
2010-09-22 01:06:13 -------- d-----w- C:\Windows\SysWow64\Wat
2010-09-22 01:06:13 -------- d-----w- C:\Windows\System32\Wat
2010-09-22 01:02:22 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-09-22 01:02:22 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-09-22 01:02:22 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-09-22 01:02:22 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-09-22 01:02:22 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-09-22 01:02:22 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-09-22 01:02:22 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-09-22 01:02:22 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-09-22 01:02:22 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-09-22 01:02:22 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-09-22 00:51:00 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-09-22 00:50:59 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-09-22 00:49:38 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-09-22 00:49:32 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-09-22 00:49:31 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-09-22 00:49:31 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-09-22 00:48:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-09-22 00:48:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-09-22 00:48:58 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-09-22 00:48:58 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-09-22 00:45:52 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-22 00:40:51 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-09-22 00:40:51 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2010-09-22 00:40:50 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-09-22 00:40:48 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-09-22 00:40:48 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-09-22 00:40:48 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-09-22 00:40:48 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-09-22 00:40:48 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-09-22 00:40:47 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-09-22 00:40:47 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-09-22 00:40:20 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-09-22 00:40:20 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-09-21 19:46:10 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Dell Edoc Viewer
2010-09-21 15:05:59 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Diagnostics
2010-09-21 02:20:45 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Microsoft Games
2010-09-21 02:18:36 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\SoftGrid Client
2010-09-21 02:18:35 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\SoftGrid Client
2010-09-21 02:18:03 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2010-09-21 02:17:55 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\TP
2010-09-21 01:31:54 -------- d-sh--w- C:\System Recovery
2010-09-21 01:31:12 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Dell
2010-09-21 01:30:48 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Stardock_Corporation
2010-09-21 01:30:44 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\SupportSoft
2010-09-21 01:30:44 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Broadcom
2010-09-21 01:29:53 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\VirtualStore

==================== Find3M ====================

2010-09-15 07:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-15 05:53:56 91648 ----a-w- C:\Windows\System32\isoburn.exe
2010-09-15 01:36:07 74 --sh--r- C:\Windows\CT4CET.bin
2010-09-15 01:18:38 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-24 17:57:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-08-24 17:57:38 94736 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-08-24 17:57:38 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-08-24 17:57:38 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-08-24 17:57:38 529000 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-08-24 17:57:38 441072 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-08-24 17:57:38 283232 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-08-24 17:57:38 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-08-24 17:57:38 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

============= FINISH: 21:53:29,45 ===============

The attach.txt could be attached this time.


Thanks for the help.

Karakal

Attached Files



#4 Karakal

Karakal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 21 October 2010 - 01:32 PM

Hi there!

My problem persists partially.
I've managed to uninstall and reinstall the McAfee AV (Security Center), but eventually it raiser some problems. The last one was that it was unabled to update
the signature. I still can't run GMER - same message ("C\:windows\system32\config\system: the system can't find the file.").

New DDS log:

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Dr Cesar at 21:52:42,29 on 20/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.2935.1991 [GMT -2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Positivo\Aurelio\pAurelio_.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Users\Dr Cesar\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
{5c255c8a-e604-49b4-9d64-90988571cecb}
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101014123833.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\DRCESA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Enviar para o OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Baixar com o Download &Express - C:\Program Files (x86)\Download Express\Add_Url.htm
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - C:\PROGRA~2\DOWNLO~1\mdpph.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\DRCESA~1\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Dr Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\Dr Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll
FF - component: C:\Users\Dr Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll
FF - component: C:\Users\Dr Cesar\AppData\Roaming\Mozilla\Firefox\Profiles\d9saipsa.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-8-24 529000]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-14 283232]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-14 55280]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-10-14 75032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-9-15 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-14 355440]
R2 McMPFSvc;McAfee Serviço Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-14 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-14 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-14 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-10-14 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-10-14 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-14 149032]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-14 673088]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-14 2320920]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-14 62800]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-14 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-15 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-15 151936]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-15 271872]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-14 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-14 441072]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-14 35104]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-14 94736]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-15 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-15 325152]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-21 1255736]

=============== Created Last 30 ================

2010-10-18 14:28:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-10-15 01:01:38 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\OutWit
2010-10-14 15:37:35 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-14 15:28:39 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-14 15:28:39 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-14 15:27:12 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-14 15:27:11 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-14 15:13:12 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-14 15:13:12 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-14 15:13:11 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-14 15:13:11 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-14 15:10:31 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2010-10-14 15:07:27 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-14 15:07:27 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-14 15:04:42 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-14 15:04:42 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-14 15:04:42 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-14 15:04:42 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-14 15:04:42 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-12 21:30:22 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\McAfee
2010-10-10 18:29:30 -------- d-----w- C:\Program Files (x86)\MetaProducts Inquiry
2010-10-10 04:20:54 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Apple Computer
2010-10-10 02:39:02 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Apple
2010-10-09 23:42:01 -------- d-----w- C:\Users\Dr Cesar\.clipbak
2010-10-09 22:29:26 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Cooliris
2010-10-09 22:10:11 23512 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2010-10-09 22:10:11 138712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2010-10-09 22:10:10 17880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2010-10-09 12:04:15 -------- d-----w- C:\Program Files (x86)\PicLensIE
2010-10-09 01:38:32 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4973F51B-2407-4572-A675-68119457C931}\mpengine.dll
2010-10-07 02:16:45 -------- d--h--w- C:\Windows\AxInstSV
2010-10-05 02:16:05 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-04 01:30:40 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Macrovision
2010-10-03 00:26:25 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\IsolatedStorage
2010-10-03 00:03:26 -------- d-----w- C:\Program Files (x86)\Virtual Earth 3D
2010-10-02 03:37:30 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\MetaProducts
2010-10-02 03:37:27 -------- d-----w- C:\Program Files (x86)\Download Express
2010-10-02 01:31:01 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Adobe
2010-10-01 01:29:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-01 01:29:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-01 01:27:54 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-01 01:27:54 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-27 07:52:07 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2010-09-26 04:30:17 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Microsoft Help
2010-09-25 17:45:42 -------- d-----w- C:\Program Files (x86)\Positivo
2010-09-24 14:48:30 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\JAM Software
2010-09-24 14:48:29 -------- d-----w- C:\Program Files (x86)\JAM Software
2010-09-24 12:24:23 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-24 12:24:21 270208 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 18:21:42 -------- d-----w- C:\Users\Dr Cesar\Meu Arquivos Backup
2010-09-23 14:13:49 -------- d-----w- C:\Documentos Word
2010-09-23 14:13:31 -------- d-----w- C:\Fotos
2010-09-23 00:09:47 -------- d--h--w- C:\Windows\msdownld.tmp
2010-09-23 00:09:40 -------- d-----w- C:\Windows\SysWow64\directx
2010-09-22 21:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 15:55:04 244416 ----a-w- C:\Windows\SysWow64\msflxgrd.ocx
2010-09-22 15:20:27 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2010-09-22 15:02:47 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Malwarebytes
2010-09-22 14:43:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-09-22 14:43:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-09-22 14:43:51 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-09-22 14:43:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-09-22 14:35:13 -------- d-----w- C:\Program Files (x86)\Media Player Classic - Home Cinema
2010-09-22 13:42:56 314368 ----a-w- C:\Windows\IsUninst.exe
2010-09-22 13:34:53 224016 ----a-w- C:\Windows\SysWow64\tabctl32.ocx
2010-09-22 13:34:53 1355776 ----a-w- C:\Windows\SysWow64\MSVBVM50.dll
2010-09-22 13:34:53 109248 ----a-w- C:\Windows\SysWow64\mswinsck.ocx
2010-09-22 13:24:59 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Goodsol
2010-09-22 13:24:33 152848 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2010-09-22 13:23:01 -------- d-----w- C:\Users\Dr Cesar\.gnubg
2010-09-22 13:22:49 -------- d-----w- C:\Jogos
2010-09-22 13:16:29 -------- d-----w- C:\Program Files (x86)\Uconeer
2010-09-22 13:15:26 -------- d-----w- C:\Program Files\Uconeer
2010-09-22 13:11:45 -------- d-----w- C:\Program Files (x86)\WhatColor4
2010-09-22 01:15:00 -------- d-----w- C:\Program Files (x86)\CCleaner
2010-09-22 01:06:13 -------- d-----w- C:\Windows\SysWow64\Wat
2010-09-22 01:06:13 -------- d-----w- C:\Windows\System32\Wat
2010-09-22 01:02:22 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-09-22 01:02:22 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-09-22 01:02:22 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-09-22 01:02:22 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-09-22 01:02:22 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-09-22 01:02:22 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-09-22 01:02:22 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-09-22 01:02:22 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-09-22 01:02:22 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-09-22 01:02:22 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-09-22 00:51:00 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-09-22 00:50:59 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-09-22 00:49:38 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-09-22 00:49:32 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-09-22 00:49:31 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-09-22 00:49:31 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-09-22 00:48:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-09-22 00:48:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-09-22 00:48:58 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-09-22 00:48:58 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-09-22 00:45:52 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-22 00:40:51 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-09-22 00:40:51 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2010-09-22 00:40:50 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-09-22 00:40:48 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-09-22 00:40:48 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-09-22 00:40:48 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-09-22 00:40:48 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-09-22 00:40:48 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-09-22 00:40:47 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-09-22 00:40:47 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-09-22 00:40:20 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-09-22 00:40:20 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-09-21 19:46:10 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Dell Edoc Viewer
2010-09-21 15:05:59 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Diagnostics
2010-09-21 02:20:45 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Microsoft Games
2010-09-21 02:18:36 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\SoftGrid Client
2010-09-21 02:18:35 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\SoftGrid Client
2010-09-21 02:18:03 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2010-09-21 02:17:55 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\TP
2010-09-21 01:31:54 -------- d-sh--w- C:\System Recovery
2010-09-21 01:31:12 -------- d-----w- C:\Users\DRCESA~1\AppData\Roaming\Dell
2010-09-21 01:30:48 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Stardock_Corporation
2010-09-21 01:30:44 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\SupportSoft
2010-09-21 01:30:44 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\Broadcom
2010-09-21 01:29:53 -------- d-----w- C:\Users\DRCESA~1\AppData\Local\VirtualStore

==================== Find3M ====================

2010-09-15 07:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-15 05:53:56 91648 ----a-w- C:\Windows\System32\isoburn.exe
2010-09-15 01:36:07 74 --sh--r- C:\Windows\CT4CET.bin
2010-09-15 01:18:38 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-24 17:57:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-08-24 17:57:38 94736 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-08-24 17:57:38 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-08-24 17:57:38 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-08-24 17:57:38 529000 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-08-24 17:57:38 441072 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-08-24 17:57:38 283232 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-08-24 17:57:38 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-08-24 17:57:38 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

============= FINISH: 21:53:29,45 ===============

The attach.txt could be attached this time.


Thanks for the help.

Karakal

#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:57 PM

Posted 22 October 2010 - 06:01 PM

Hi Karakal,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.

I still can't run GMER - same message ("C\:windows\system32\config\system: the system can't find the file.").

Since you're running 64 bit OS, the Gmer is unable to run on 64-bit machines. The message is normal for your scenario.


Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.

Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:

    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.

In your next reply, please post back:

1.TDSSKiller.txt
2.OTListIt.txt and Extra.txt Thanks

#6 Karakal

Karakal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 24 October 2010 - 06:48 PM

Hi sundavis.

First of all thank you for your help.

TDSSKiller did not find anything neither created any log.

OTL did not create OTListIt.txt but did create a OTL.txt which I paste here:

OTL logfile created on: 24/10/2010 21:33:28 - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Dr Cesar\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,13 Gb Total Space | 251,89 Gb Free Space | 87,42% Space Free | Partition Type: NTFS
Drive D: | 7,87 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: DRCESAR-PC | User Name: Dr Cesar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 21:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Cesar\Desktop\OTL.exe
PRC - [2010/05/21 13:00:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/05/21 12:59:12 | 001,760,064 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/05/21 12:58:30 | 000,673,088 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/04 14:39:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/10/15 04:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Arquivos de Programas\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/10/24 21:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Cesar\Desktop\OTL.exe
MOD - [2010/08/21 03:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/04/01 10:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/24 15:57:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/08/24 15:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/08/24 15:57:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 10:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/01/21 10:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/17 03:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/03/03 08:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV - [2010/09/14 23:24:22 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/21 12:58:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/11/04 14:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Arquivos de Programas\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/24 15:57:38 | 000,529,000 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/24 15:57:38 | 000,441,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/08/24 15:57:38 | 000,283,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/08/24 15:57:38 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/24 15:57:38 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/24 15:57:38 | 000,094,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/24 15:57:38 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/08/24 15:57:38 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/06/09 07:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/31 21:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/03 12:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Áudio do vídeo Intel®
DRV:64bit: - [2010/01/21 10:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/12 20:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/23 20:14:02 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/17 03:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/17 03:16:12 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/11 21:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/10/27 02:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/18 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/21 17:42:26 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/21 17:42:26 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/21 17:42:26 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/21 17:42:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/13 23:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 23:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 18:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3705381281-2273829063-762275918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/5
IE - HKU\S-1-5-21-3705381281-2273829063-762275918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-3705381281-2273829063-762275918-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3705381281-2273829063-762275918-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/10/22 23:06:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/14 13:38:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/12 00:53:53 | 000,000,000 | ---D | M]

[2010/10/09 20:10:30 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Extensions
[2010/10/22 23:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions
[2010/10/14 15:34:08 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/10/14 14:57:45 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/14 15:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{0AC54906-5413-4C81-B446-07929BC39C25}
[2010/10/14 15:58:32 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{15AC13A9-4AE2-40bf-8003-731F881B2646}
[2010/10/14 16:34:22 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/10/14 16:34:22 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{3f0da09b-c1ab-40c5-8d7f-53f475ac3fe8}
[2010/10/15 21:59:25 | 000,000,000 | ---D | M] (Firefox ImageGrabber) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{546d2a00-2bbf-11dc-8314-0800200c9a66}
[2010/10/18 23:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
[2010/10/14 16:34:23 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/10/12 00:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{6ba00d3b-3a96-402a-ad28-d7281f781f93}
[2010/10/12 00:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
[2010/10/19 22:57:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/12 00:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
[2010/10/15 21:59:24 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2010/10/14 21:05:24 | 000,000,000 | ---D | M] (mid) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{9ef1e09b-d4b2-4a55-ac3e-1cb330546bec}
[2010/10/12 00:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{a5e2af92-ffa6-4dbb-8f4a-f7cdb5de936a}
[2010/10/12 00:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2010/10/12 00:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}
[2010/10/12 00:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{b68dfae5-1903-4a03-8094-c973bf7e483e}
[2010/10/14 15:58:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/14 21:05:24 | 000,000,000 | ---D | M] (QuickNote) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2010/10/12 00:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{c4d02900-9f84-11df-981c-0800200c9a66}
[2010/10/14 19:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/10/14 14:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/10/14 14:57:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/12 00:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
[2010/10/14 14:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/10/12 00:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/10/12 00:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/10/17 11:44:14 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/10/14 20:07:39 | 000,000,000 | ---D | M] (Thumbnail Zoom) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}
[2010/10/12 00:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/10/12 00:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2010/10/12 00:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418}
[2010/10/14 14:57:45 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/10/14 20:07:39 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2010/10/14 21:31:09 | 000,000,000 | ---D | M] (Zoom toolbar) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
[2010/10/15 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\bartap@philikon.de
[2010/10/15 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\clickclean@hotcleaner.com
[2010/10/12 00:53:54 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\Extended@spanglerco.com
[2010/10/14 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\extension@openitonline.com
[2010/10/14 14:57:44 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\firefox@ghostery.com
[2010/10/15 21:59:24 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\firefoxsecrets@Max91
[2010/10/12 00:53:54 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\floatnotes@felix-kling.de
[2010/10/15 21:59:24 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\ilab@intuit
[2010/10/14 21:05:24 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\info@bab.la
[2010/10/14 16:13:11 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\isreaditlater@ideashower.com
[2010/10/15 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\LDSI_plashcor@gmail.com
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\librarydetector@paulbakaus.com
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\openinbrowser@www.spasche.net
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\openinie@wittersworld.com
[2010/10/18 23:53:42 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\outwit-docs@outwit.com
[2010/10/18 23:55:09 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\outwit-images@outwit.com
[2010/10/15 21:59:24 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\pasteemailplus@guid.customsoftwareconsult.com
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010/10/12 00:53:55 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\reloadplus@blackwind
[2010/10/14 21:31:09 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\savesession@noasobi.net
[2010/10/14 14:57:44 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\service@touchpdf.com
[2010/10/15 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\unplug@compunach
[2010/10/14 21:05:24 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\wikilook@testpilot
[2010/10/14 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\extension@openitonline.com\chrome
[2010/10/14 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\extension@openitonline.com\components
[2010/10/14 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\extension@openitonline.com\defaults
[2010/10/14 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\d9saipsa.default\extensions\extension@openitonline.com\META-INF
[2010/10/10 04:39:19 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/10/09 21:41:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/10/09 21:41:51 | 000,000,000 | ---D | M] (SmartPager) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{15AC13A9-4AE2-40bf-8003-731F881B2646}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (Flash Game Maximizer) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}
[2010/10/09 21:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/10/11 21:10:15 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{6ba00d3b-3a96-402a-ad28-d7281f781f93}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (Hide/Show Google left-hand menu) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{a5e2af92-ffa6-4dbb-8f4a-f7cdb5de936a}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (Open Profile Folder) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{a756d17a-5a4c-4417-813c-c8cd0151e486}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (QuickNote) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (WhiteSmoke Dictionary Utilities) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{c4d02900-9f84-11df-981c-0800200c9a66}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/11 21:10:15 | 000,000,000 | ---D | M] (MetaProducts Integration) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\clipple@mooz.github.com
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\colorxtractor@s.hochwarter
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\Extended@spanglerco.com
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\extension@openitonline.com
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\firefox@ghostery.com
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\floatnotes@felix-kling.de
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\ilab@intuit
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\isreaditlater@ideashower.com
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\pasteemailplus@guid.customsoftwareconsult.com
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\piclens@cooliris.com
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\pt-BR@dellalibera.sf.net
[2010/10/12 00:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010/10/09 21:41:52 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\service@touchpdf.com
[2010/10/11 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\wikilook@testpilot
[2010/10/11 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/10/09 21:41:52 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\extension@openitonline.com\chrome
[2010/10/09 21:41:52 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\extension@openitonline.com\defaults
[2010/10/09 21:41:52 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\mozilla\Firefox\Profiles\rvctvm3r.default\extensions\extension@openitonline.com\META-INF
[2010/10/09 21:34:42 | 000,000,705 | ---- | M] () -- C:\Users\Dr Cesar\AppData\Roaming\Mozilla\FireFox\Profiles\rvctvm3r.default\searchplugins\webster.xml
[2010/10/15 20:05:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/10/05 00:16:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 20:05:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/24 15:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 19:40:25 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2010/10/17 11:44:26 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/09/14 19:40:25 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2010/09/14 19:40:25 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/09/14 19:40:25 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2009/06/10 19:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Arquivos de Programas\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de Programas\Common Files\McAfee\SystemCore\ScriptSn.20101014123833.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Arquivos de Programas\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101014123833.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Arquivos de Programas\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Arquivos de Programas\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Arquivos de Programas\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Baixar com o Download &Express - C:\Program Files (x86)\Download Express\Add_Url.htm ()
O8:64bit: - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Baixar com o Download &Express - C:\Program Files (x86)\Download Express\Add_Url.htm ()
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3705381281-2273829063-762275918-1000\..Trusted Domains: internet ([]about in Sites confiáveis)
O15 - HKU\S-1-5-21-3705381281-2273829063-762275918-1000\..Trusted Domains: mcafee.com ([]http in Sites confiáveis)
O15 - HKU\S-1-5-21-3705381281-2273829063-762275918-1000\..Trusted Domains: mcafee.com ([]https in Sites confiáveis)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.23 201.17.128.14 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 21:09:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dr Cesar\Desktop\OTL.exe
[2010/10/21 19:56:34 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\Documents\Arquivos do Outlook
[2010/10/21 19:51:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/19 00:19:07 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\Skype
[2010/10/18 12:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/18 12:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/10/18 12:27:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/10/17 15:47:24 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\Documents\Blocos de Anotações do OneNote
[2010/10/14 23:01:38 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\OutWit
[2010/10/14 13:38:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2010/10/14 13:38:32 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2010/10/14 13:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2010/10/14 13:38:26 | 000,441,072 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2010/10/14 13:38:26 | 000,283,232 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2010/10/14 13:38:26 | 000,190,136 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/10/14 13:38:26 | 000,094,736 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2010/10/14 13:38:26 | 000,075,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2010/10/14 13:38:26 | 000,062,800 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2010/10/14 13:38:23 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\McAfee.com
[2010/10/14 13:38:23 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\McAfee
[2010/10/14 13:38:23 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\McAfee
[2010/10/14 13:10:31 | 000,149,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2010/10/12 19:30:22 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\McAfee
[2010/10/12 09:56:55 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\Desktop\Issue
[2010/10/11 13:43:18 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\Documents\Dell WebCam Central
[2010/10/11 13:43:17 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\Creative
[2010/10/11 13:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/10/10 16:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaProducts Inquiry
[2010/10/10 02:20:54 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Local\Apple Computer
[2010/10/10 00:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/10 00:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/10/10 00:39:02 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Local\Apple
[2010/10/10 00:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/10/10 00:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/10/09 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\.clipbak
[2010/10/09 20:29:26 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Local\Cooliris
[2010/10/09 10:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicLensIE
[2010/10/07 00:16:45 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010/10/06 02:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/05 00:20:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/04 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\Mozilla
[2010/10/04 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Local\Mozilla
[2010/10/04 11:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dr Cesar\Desktop\TDSSKiller.exe
[2010/10/03 23:30:40 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\Macrovision
[2010/10/02 22:26:25 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Local\IsolatedStorage
[2010/10/02 22:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D
[2010/10/02 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\Macromedia
[2010/10/02 18:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/10/02 01:37:30 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\MetaProducts
[2010/10/02 01:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Download Express
[2010/10/01 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Roaming\Adobe
[2010/10/01 23:31:01 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Local\Adobe
[2010/09/27 05:53:12 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\Documents\The KMPlayer
[2010/09/27 05:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010/09/26 02:30:17 | 000,000,000 | ---D | C] -- C:\Users\Dr Cesar\AppData\Local\Microsoft Help
[2010/09/26 02:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/09/25 15:47:21 | 000,000,000 | RH-D | C] -- C:\Users\Dr Cesar\AppData\Roaming\SecuROM
[2010/09/25 15:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Positivo
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 21:12:12 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dr Cesar\Desktop\TDSSKiller.exe
[2010/10/24 21:12:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 21:12:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 21:10:22 | 000,398,736 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Help to remove unknown malware - BleepingComputer.com.pdf
[2010/10/24 21:09:57 | 001,491,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/24 21:09:57 | 000,654,470 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2010/10/24 21:09:57 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/24 21:09:57 | 000,124,922 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2010/10/24 21:09:57 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/24 21:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dr Cesar\Desktop\OTL.exe
[2010/10/24 21:04:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/24 21:04:50 | 2307,932,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 19:01:45 | 000,001,296 | ---- | M] () -- C:\Users\Dr Cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/10/22 23:50:03 | 001,863,822 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Registro do Windows - Linha Defensiva.pdf
[2010/10/22 23:48:59 | 002,755,315 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Layered Service Providers - Linha Defensiva.pdf
[2010/10/22 23:47:31 | 002,922,936 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Additional Data Streams - Linha Defensiva.pdf
[2010/10/22 23:45:06 | 001,649,693 | ---- | M] () -- C:\Users\Dr Cesar\Documents\O Processo svchost.exe - Linha Defensiva.pdf
[2010/10/22 23:43:47 | 002,925,392 | ---- | M] () -- C:\Users\Dr Cesar\Documents\O arquivo HOSTS - Linha Defensiva.pdf
[2010/10/22 23:42:47 | 001,823,684 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Sistema de Nomes de Domínio - Linha Defensiva.pdf
[2010/10/22 23:42:05 | 002,001,033 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Tipos Mime - Linha Defensiva.pdf
[2010/10/22 23:41:01 | 002,476,164 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Pocket KillBox - Linha Defensiva.pdf
[2010/10/22 23:40:06 | 002,215,602 | ---- | M] () -- C:\Users\Dr Cesar\Documents\HijackThis Completo - Linha Defensiva.pdf
[2010/10/22 23:39:32 | 001,873,192 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Como funcionam as infecções por applets Java - Linha Defensiva.pdf
[2010/10/21 02:22:42 | 1683,153,716 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\Tropa.de.Elite.2.TS.XviD.AC3-TMX.avi
[2010/10/18 13:36:14 | 000,426,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/17 15:46:22 | 000,747,626 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Microsoft Office Online2.pdf
[2010/10/17 13:21:13 | 001,372,272 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Microsoft Office Online1.pdf
[2010/10/17 13:11:19 | 000,480,302 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Microsoft Office Online.pdf
[2010/10/12 21:22:46 | 000,007,640 | ---- | M] () -- C:\Users\Dr Cesar\AppData\Local\Resmon.ResmonCfg
[2010/10/12 10:10:45 | 000,293,376 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\gmer.exe
[2010/10/11 19:26:24 | 010,559,862 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.pdf
[2010/10/11 19:26:03 | 003,863,727 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Configuring the Windows XP Internet Connection Firewall.pdf
[2010/10/11 18:48:05 | 020,624,100 | ---- | M] () -- C:\Users\Dr Cesar\Documents\Hijackthis Tutorial.pdf
[2010/10/11 13:09:08 | 000,000,218 | ---- | M] () -- C:\Users\Dr Cesar\.recently-used.xbel
[2010/10/10 05:16:05 | 000,015,083 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\Glicemia capilar outubro.xlsx
[2010/10/09 21:46:05 | 007,640,737 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\BetterPrivacy Help.pdf
[2010/10/09 21:42:01 | 000,000,458 | ---- | M] () -- C:\Users\Dr Cesar\clipdat2.rdf
[2010/10/06 22:21:45 | 000,002,041 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\Projetos Download Express.lnk
[2010/10/04 11:56:45 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/03 22:44:19 | 000,001,157 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\HiJackThis.exe - Atalho.lnk
[2010/10/02 22:26:04 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk
[2010/09/27 05:52:11 | 000,001,037 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\KMPlayer.lnk
[2010/09/27 05:13:36 | 000,001,109 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\Windows Explorer.lnk
[2010/09/25 15:47:01 | 000,001,066 | ---- | M] () -- C:\Users\Dr Cesar\Desktop\Dicionário Aurélio.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 21:10:22 | 000,398,736 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Help to remove unknown malware - BleepingComputer.com.pdf
[2010/10/22 23:50:03 | 001,863,822 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Registro do Windows - Linha Defensiva.pdf
[2010/10/22 23:48:59 | 002,755,315 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Layered Service Providers - Linha Defensiva.pdf
[2010/10/22 23:47:31 | 002,922,936 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Additional Data Streams - Linha Defensiva.pdf
[2010/10/22 23:45:06 | 001,649,693 | ---- | C] () -- C:\Users\Dr Cesar\Documents\O Processo svchost.exe - Linha Defensiva.pdf
[2010/10/22 23:43:47 | 002,925,392 | ---- | C] () -- C:\Users\Dr Cesar\Documents\O arquivo HOSTS - Linha Defensiva.pdf
[2010/10/22 23:42:47 | 001,823,684 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Sistema de Nomes de Domínio - Linha Defensiva.pdf
[2010/10/22 23:42:05 | 002,001,033 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Tipos Mime - Linha Defensiva.pdf
[2010/10/22 23:41:01 | 002,476,164 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Pocket KillBox - Linha Defensiva.pdf
[2010/10/22 23:40:06 | 002,215,602 | ---- | C] () -- C:\Users\Dr Cesar\Documents\HijackThis Completo - Linha Defensiva.pdf
[2010/10/22 23:39:32 | 001,873,192 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Como funcionam as infecções por applets Java - Linha Defensiva.pdf
[2010/10/21 22:57:18 | 1683,153,716 | ---- | C] () -- C:\Users\Dr Cesar\Desktop\Tropa.de.Elite.2.TS.XviD.AC3-TMX.avi
[2010/10/18 12:35:31 | 000,001,296 | ---- | C] () -- C:\Users\Dr Cesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/10/17 15:46:22 | 000,747,626 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Microsoft Office Online2.pdf
[2010/10/17 13:21:13 | 001,372,272 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Microsoft Office Online1.pdf
[2010/10/17 13:11:19 | 000,480,302 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Microsoft Office Online.pdf
[2010/10/12 03:39:56 | 000,007,640 | ---- | C] () -- C:\Users\Dr Cesar\AppData\Local\Resmon.ResmonCfg
[2010/10/11 19:26:24 | 010,559,862 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.pdf
[2010/10/11 19:26:03 | 003,863,727 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Configuring the Windows XP Internet Connection Firewall.pdf
[2010/10/11 18:48:04 | 020,624,100 | ---- | C] () -- C:\Users\Dr Cesar\Documents\Hijackthis Tutorial.pdf
[2010/10/11 13:09:08 | 000,000,218 | ---- | C] () -- C:\Users\Dr Cesar\.recently-used.xbel
[2010/10/09 21:46:04 | 007,640,737 | ---- | C] () -- C:\Users\Dr Cesar\Desktop\BetterPrivacy Help.pdf
[2010/10/09 21:42:01 | 000,000,458 | ---- | C] () -- C:\Users\Dr Cesar\clipdat2.rdf
[2010/10/09 19:23:04 | 000,015,083 | ---- | C] () -- C:\Users\Dr Cesar\Desktop\Glicemia capilar outubro.xlsx
[2010/10/04 11:56:45 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/03 22:43:28 | 000,001,157 | ---- | C] () -- C:\Users\Dr Cesar\Desktop\HiJackThis.exe - Atalho.lnk
[2010/10/02 22:26:04 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk
[2010/10/02 01:37:31 | 000,002,041 | ---- | C] () -- C:\Users\Dr Cesar\Desktop\Projetos Download Express.lnk
[2010/09/27 05:52:11 | 000,001,037 | ---- | C] () -- C:\Users\Dr Cesar\Desktop\KMPlayer.lnk
[2010/09/27 05:09:50 | 000,001,109 | ---- | C] () -- C:\Users\Dr Cesar\Desktop\Windows Explorer.lnk
[2010/09/25 15:47:01 | 000,001,066 | ---- | C] () -- C:\Users\Dr Cesar\Desktop\Dicionário Aurélio.lnk
[2010/09/21 00:18:09 | 001,509,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/15 03:11:29 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/09/15 03:11:29 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/22 11:24:59 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\Goodsol
[2010/09/24 12:48:30 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\JAM Software
[2010/10/12 00:53:54 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\MetaProducts
[2010/10/14 23:01:38 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\OutWit
[2010/10/21 19:51:30 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\SoftGrid Client
[2010/10/17 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\Dr Cesar\AppData\Roaming\TP
[2009/07/14 03:08:49 | 000,026,686 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< End of report >


OTL did not create any extra.txt.

Best regards and thank you again for the help.

Karakal

PS: The first time I ran OTL full scan and the second I didn't check "Scan All Users". That's why it shows "Run 3"

Edited by Karakal, 24 October 2010 - 06:52 PM.


#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:57 PM

Posted 24 October 2010 - 08:23 PM

Hi Karakal,




From your log, i don't see any outstanding objects popping up in my eyes. and if the only symptom you are experiencing for now is the one you report, then the problem seems not likely to be malware-related. Lets take a closer look and check a little bit deeper.

Download MCPR.exe on your desktop from Here . After that, uninstall McAfee via programs and features and run MCPR to clean the leftovers afterwards. Reboot normally. You can reinstall it after peforming the following steps.


Step1

I notice you have MBAM installed in your system, Please rerun it as instructed in the following. Update your virus definitions before proceeding. If you can't update the program, you can download the virus definitions from Here and install manually.

  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step2

1. Click the Microsoft Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:

ipconfig /flushdns

7. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.


Please dwonload the winsock.bat on your desktp, right-click on winsockfix.bat and click on “Run as administrator” to run it, and perform chkdsk as instructed in this thread if you don't know how.


After that, What I'd like you to do is a hard reset with your router (in your case, it's a wireless 150 router Dlink DI 524). Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

Then start your IE > Tools > Internet Options > Advanced> In Reset Internet Explorer settings > Click reset button >Click reset when the prompt window appears. Close your IE and restart it.

If your Firefox can't work properly, you're well advised to uninstall FF completely and do a clean reinstall. You may backup Bookmark before proceeding. Please go to Here and Here for your reference.

If everything goes smoothly, reinstall McAfee and update your virus definitions as usual.



In your next reply, please post back:

1.MBAM log

Let me know how things are going now.

Edited by sundavis, 24 October 2010 - 10:33 PM.


#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:57 PM

Posted 27 October 2010 - 12:01 PM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Malware Removal forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users