Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cycbot.b on vista laptop


  • This topic is locked This topic is locked
3 replies to this topic

#1 deSouza

deSouza

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 07 December 2010 - 01:31 PM

DDS (Ver_10-12-05.01) - NTFSx86
Run by hugo at 16:22:01,74 on 07/12/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1033.18.3070.1010 [GMT -2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\12Voip.com\12Voip\12Voip.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\msconfig.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
D:\Program Files\mIRC\mirc.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\regedit.exe
C:\Windows\System32\notepad.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hugo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\hugo\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.localstrike.com.ar/
uStart Page = hxxp://google.com/
mStart Page = hxxp://search.localstrike.com.ar/
mDefault_Page_URL = hxxp://search.localstrike.com.ar/
mDefault_Search_URL = hxxp://search.localstrike.com.ar/
mSearch Page = hxxp://search.localstrike.com.ar/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
TB: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Driver Updater]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [Google Update] "c:\users\hugo\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [MP3 Skype Recorder] c:\program files\mp3 skype recorder\MP3 Skype Recorder.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [eyeBeam SIP Client] "c:\program files\counterpath\x-lite\x-lite.exe"
uRun: [ICQ] "c:\program files\icq7.2\ICQ.exe" silent loginmode=4
uRun: [12Voip] "c:\program files\12voip.com\12voip\12Voip.exe" -nosplash -minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &SHOUTcast Search - c:\programdata\shoutcast radio toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://d:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {6D3BD3CA-E2A0-4052-98A6-C7B30641268B} = 208.67.220.220,208.67.222.222
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 255.255.255.255 easyanticheat.se # misleading site
Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

================= FIREFOX ===================

FF - ProfilePath - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forums.cybernations.net/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU3&o=15380&locale=pt_BR&apn_uid=FAE3DF1B-EE66-4B90-9439-16BEFFCBFDD2&apn_ptnrs=UJ&apn_sauid=2903A99C-366F-4780-A23E-EEF15330455D&apn_dtid=YYYYYYYYBR&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886d}\components\GbMzhCef.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - component: c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPNAVY.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\hugo\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\hugo\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\hugo\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: ResultBar: {34EFA911-B536-4C08-BECE-CD5E55C875B0} - c:\program files\mozilla firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}
FF - Extension: Módulo de Proteção - Banco ABN AMRO Real SA: {87F8774F-B485-47E2-A755-A40A8A5E8874} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
FF - Extension: Lazarus: Form Recovery: lazarus@interclue.com - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\lazarus@interclue.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Sage: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
FF - Extension: Charles Autoconfiguration: {3e9a3920-1b27-11da-8cd6-0800200c9a66} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Extension: SHOUTcast Radio Toolbar: {12e4c684-c03e-4e4d-85bc-0c065e7a9489} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
FF - Extension: aTube Toolbar: toolbar@ask.com - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\toolbar@ask.com
FF - Extension: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\fbdislike@doweb.fr
FF - Extension: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\DTToolbar@toolbarnet.com
FF - Extension: Babylon: ffxtlbr@babylon.com - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\ffxtlbr@babylon.com
FF - Extension: Adicional de Seguranca CAIXA®: {87F8774F-B485-47E2-A755-A40A8A5E886D} - c:\users\hugo\appdata\roaming\mozilla\firefox\profiles\6i6shvos.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: browser.sessionstore.resume_from_crash - false

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-25 11608]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\program files\avira\antivir desktop\sched.exe [2010-8-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-25 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-25 56816]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe [2010-7-5 81920]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\icecast2 win32\icecastService.exe [2010-7-22 417792]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2010-7-4 246520]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-4 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-10 47640]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-1-22 159744]
R2 NTPCI;NTPCI;c:\windows\system32\drivers\ntpci.sys [2009-1-22 5632]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe [2010-7-5 2736128]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-6-8 43040]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-4-8 43736]
S2 gupdate1c9ec9d2edc9370;Google Update Service (gupdate1c9ec9d2edc9370);c:\program files\google\update\GoogleUpdate.exe [2009-6-14 133104]
S2 ResultBar Service;ResultBar Service;"c:\programdata\resultbar\resultbar113.exe" "c:\program files\resultbar\resultbar.dll" casayuho --> c:\programdata\resultbar\resultbar113.exe [?]
S3 ddsxeiservice;ddsxeiservice2;d:\program files\steam\steamapps\desouzaa\counter-strike\cstrike\addons\sxei\ddsxei.sys [2010-8-15 91776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\vmcam323av.sys [2010-10-31 232448]
S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2010-10-31 475136]

=============== Created Last 30 ================

2010-12-07 03:18:57 -------- d-----w- c:\users\hugo\appdata\roaming\Malwarebytes
2010-12-07 03:17:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 03:17:02 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-07 03:16:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 03:16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 23:43:55 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{51c2854a-117e-4a0b-9b47-02cfb60e838a}\mpengine.dll
2010-12-06 23:43:30 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-06 23:41:59 45568 ----a-w- c:\windows\system32\mshta.exe
2010-12-03 15:16:16 -------- d-----w- c:\users\hugo\appdata\roaming\12Voip
2010-12-03 15:14:42 -------- d-----w- c:\program files\12Voip.com
2010-12-02 02:26:31 -------- d-----w- c:\users\hugo\appdata\roaming\AccurateRip
2010-12-02 02:26:25 6814952 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-12-02 02:26:19 -------- d-----w- c:\program files\Illustrate
2010-11-28 15:20:50 -------- d-----w- C:\Poker
2010-11-27 19:52:29 -------- d-----w- c:\program files\Total Video Converter
2010-11-27 19:43:13 -------- d-----w- c:\users\hugo\appdata\roaming\AnvSoft
2010-11-27 19:43:10 -------- d-----w- c:\program files\AnvSoft
2010-11-23 14:07:40 -------- d-----w- c:\program files\SpyNoMore
2010-11-23 14:07:03 -------- d-----w- c:\users\hugo\appdata\roaming\GetRightToGo
2010-11-21 00:36:19 -------- d-----w- c:\users\hugo\appdata\roaming\ClickPotatoLite
2010-11-21 00:32:05 -------- d-----w- c:\program files\ResultBar
2010-11-21 00:32:05 -------- d-----w- c:\progra~2\ResultBar
2010-11-15 12:01:17 -------- d-----w- c:\users\hugo\appdata\roaming\PacificPoker
2010-11-15 12:01:10 -------- d-----w- c:\program files\PacificPoker
2010-11-15 08:21:52 -------- d-----w- c:\users\hugo\appdata\roaming\Mozilla-Cache
2010-11-15 08:20:42 -------- d-----w- C:\Programs
2010-11-15 08:18:04 -------- d-----w- c:\users\hugo\appdata\local\PokerStars
2010-11-15 08:17:14 -------- d-----w- c:\program files\PokerStars
2010-11-10 15:16:15 6146896 ------w- c:\progra~2\microsoft\windows defender\definition updates\updates\mpengine.dll
2010-11-08 21:22:56 -------- d-----w- c:\progra~2\GbPlugin
2010-11-08 04:28:39 -------- d-----w- c:\program files\Babylon

==================== Find3M ====================

2010-10-21 13:16:02 4 ----a-w- c:\windows\system32\proc-1037709799.bin
2010-10-19 12:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-29 17:56:41 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-29 17:56:41 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-09-29 17:56:40 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-29 17:56:40 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-11 07:57:07 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-11 07:57:07 249856 ------w- c:\windows\Setup1.exe
2010-09-10 16:37:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL

============= FINISH: 16:23:12,24 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 22/01/2009 11:57:34
System Uptime: 07/12/2010 15:32:11 (1 hours ago)

Motherboard: MSI | | MS-1722
Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz | CPU 1 | 2257/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 15,831 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 22,429 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

12Voip
50 FREE MP3s +1 Free Audiobook!
888poker
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
Age of Empires III
AIM 7
AMIP (remove only)
Any Video Converter 3.1.2
Apple Application Support
Apple Software Update
Arquivo do WinRAR
Ask Toolbar
Assistente de Conexão do Windows Live
Atlantica Online
µTorrent
aTube Catcher
aTube Catcher 1.0
Auto Macro Recorder V5.5 (Pro V5.2) Trial Version
AutoHotkey 1.0.48.05
Avira AntiVir Personal - Free Antivirus
BisonCam
BitComet 1.15
Bluetooth Stack for Windows by Toshiba
Cain & Abel v4.9.36
Camera Recorder
CD Audio Reader Filter (remove only)
Charles
Cheat Engine 5.6
Combined Community Codec Pack 2009-09-09
Connect
ConvertXtoDVD 3.8.0.193f
Counter-Strike
DAEMON Tools Toolbar
dBpoweramp Music Converter
DCoder Image Source (remove only)
Despertador
DjVuLibre+DjView
Download Updater (AOL LLC)
Driver Updater
DScaler 5 Mpeg Decoders
DVD Solution
Easy Macro Recorder 3.75
eBook Library by Sony
eMule
ESET Online Scanner v3
Fallout 3
Ferramenta de Carregamento do Windows Live
Fiddler2
Firebird 2.1.3.18185 (Win32)
FM Screen Capture Codec (Remove Only)
Full Tilt Poker
Garena
GIMP 2.6.7
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GTA San Andreas
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Icecast 2.3.2
ICQ Toolbar
ICQ7.2
Intel PROSet Wireless
Intel® Matrix Storage Manager
Intel® PROSet/Wireless WiFi Software
Java Auto Updater
Java DB 10.4.2.1
Java™ 6 Update 19
Java™ SE Development Kit 6 Update 14
JavaFX™ 1.2 SDK
Jitbit Macro Recorder LITE
Junk Mail filter update
Keylogger Detector
kuler
LogMeIn
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
Microsoft Office Language Pack 2007 - Portuguese/Português
Microsoft Office Language Pack 2007 - Portuguese/Português (Brasil)
Microsoft Office Live Add-in 1.3
Microsoft Office O MUI (Portuguese (Brazil)) 2007
Microsoft Office O MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2007
Microsoft Office SharePoint Designer MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office X MUI (Portuguese (Brazil)) 2007
Microsoft Office X MUI (Portuguese (Portugal)) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Miranda IM 0.9.1
mIRC
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6.12)
MP3 Skype Recorder
MSI to redistribute MS VS2005 CRT libraries
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NNScript
Norton Security Scan
NSV Encoder (remove only)
NVIDIA Drivers
NVIDIA PhysX v8.10.29
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
OpenSource DTS/AC3/DD+ Source Filter (remove only)
Pando Media Booster
Pcsx2 0.9.1 Watermoose
PDF Settings CS4
PhotoNow! 1.0
Photoshop Camera Raw
PokerStars
PopfaxPrinter 3.0.1
Power2Go 5.0
PowerDirector Express
PowerDVD
PowerProducer
PRS-500 USB driver
QuickTime
RealMedia (remove only)
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Recorder
ResultBar 1.0 build 113
SAM Broadcaster (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SHOUTcast Radio Toolbar
SHOUTcast Source DSP 1.9.1 (remove only)
Skype Toolbars
Skype™ 4.2
SoulSeek 157 NS 13e
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpyNoMore 2.98
Steam
Suite Shared Configuration CS4
sXe Injected
System Control Manager
TeamSpeak 2 RC2
Total Video Converter 3.71 100812
Tropico 3 1.00
UltraISO Premium V9.36
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Urban Terror 4.1
VDownloader 1.1
Veetle TV 0.9.18
Ventrilo Client
Vimicro USB2.0 PC Camera(VC0323)
VLC media player 1.0.1
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Player Firefox Plugin
WinPcap 4.1.1
X-Lite 3.0
Xfire (remove only)
Yahoo! Messenger
Yahoo! Software Update

==== End Of File ===========================


Gmer report incomingAttached File  Attach.txt   10.11KB   0 downloads

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-07 17:38:39
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\Users\hugo\AppData\Local\Temp\pgtdipob.sys


---- System - GMER 1.0.15 ----

SSDT 9F25D3D4 ZwCreateThread
SSDT 9F25D3C0 ZwOpenProcess
SSDT 9F25D3C5 ZwOpenThread
SSDT 9F25D3CF ZwTerminateProcess

INT 0x52 ? 86F4CF00
INT 0x82 ? 86F4CF00
INT 0x92 ? 86F4CF00
INT 0xA2 ? 86F4CF00
INT 0xA2 ? 86F4CF00
INT 0xB2 ? 8552DBF8
INT 0xB2 ? 86F4CF00
INT 0xB2 ? 86F4CF00
INT 0xB2 ? 8552DBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 82307B18 4 Bytes [D4, D3, 25, 9F]
.text ntkrnlpa.exe!KeSetTimerEx + 624 82307CE8 4 Bytes [C0, D3, 25, 9F] {RCL BL, 0x25; LAHF }
.text ntkrnlpa.exe!KeSetTimerEx + 640 82307D04 4 Bytes [C5, D3, 25, 9F]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82307F18 4 Bytes [CF, D3, 25, 9F]
? System32\Drivers\spkt.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F408340, 0x3E9407, 0xE8000020]
.text USBPORT.SYS!DllUnload 8A3DD46F 5 Bytes JMP 86F4C4E0
.text acmkju83.SYS 8EA58000 22 Bytes [26, 32, 22, 82, 10, 31, 22, ...]
.text acmkju83.SYS 8EA58017 181 Bytes [00, 32, 77, 78, 80, 3D, 75, ...]
.text acmkju83.SYS 8EA580CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text acmkju83.SYS 8EA580DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text acmkju83.SYS 8EA580E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855301F8
Device \Driver\sptd \Device\748631718 spkt.sys
Device \Driver\volmgr \Device\VolMgrControl 8476D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{3AC2C81C-D358-42FC-B435-E7DD8ABD8055} 91569500
Device \Driver\usbuhci \Device\USBPDO-0 84BA21F8
Device \Driver\usbuhci \Device\USBPDO-1 84BA21F8
Device \Driver\PCI_PNP5707 \Device\00000052 spkt.sys
Device \Driver\usbuhci \Device\USBPDO-2 84BA21F8
Device \Driver\usbehci \Device\USBPDO-3 84BA11F8
Device \Driver\usbuhci \Device\USBPDO-4 84BA21F8
Device \Driver\usbuhci \Device\USBPDO-5 84BA21F8
Device \Driver\usbuhci \Device\USBPDO-6 84BA21F8
Device \Driver\volmgr \Device\HarddiskVolume1 8476D1F8
Device \Driver\usbehci \Device\USBPDO-7 84BA11F8
Device \Driver\volmgr \Device\HarddiskVolume2 8476D1F8
Device \Driver\cdrom \Device\CdRom0 86FE31F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8A2A4EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A2A4EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A2A4EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 86FE31F8
Device \Driver\netbt \Device\NetBT_Tcpip_{6D3BD3CA-E2A0-4052-98A6-C7B30641268B} 91569500
Device \Driver\netbt \Device\NetBt_Wins_Export 91569500
Device \Driver\Smb \Device\NetbiosSmb 916531F8
Device \Driver\iScsiPrt \Device\RaidPort0 870E31F8
Device \Driver\usbuhci \Device\USBFDO-0 84BA21F8
Device \Driver\usbuhci \Device\USBFDO-1 84BA21F8
Device \Driver\usbuhci \Device\USBFDO-2 84BA21F8
Device \Driver\usbehci \Device\USBFDO-3 84BA11F8
Device \Driver\usbuhci \Device\USBFDO-4 84BA21F8
Device \Driver\usbuhci \Device\USBFDO-5 84BA21F8
Device \Driver\usbuhci \Device\USBFDO-6 84BA21F8
Device \Driver\usbehci \Device\USBFDO-7 84BA11F8
Device \Driver\acmkju83 \Device\Scsi\acmkju831 870161F8
Device \Driver\acmkju83 \Device\Scsi\acmkju831Port4Path0Target0Lun0 870161F8
Device \FileSystem\cdfs \Cdfs 9E2A41F8

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 00400000-85AEA188 (-2056347256 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0xCC 0x79 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x06 0x12 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x4D 0x33 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0x14 0xB2 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x06 0x12 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x4D 0x33 0xDD ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{377E1ED7-84A1-6B42-36C5-EA915313419B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{377E1ED7-84A1-6B42-36C5-EA915313419B}@naobjipcdpnpbkcelepgaceodjpo 0x6A 0x61 0x63 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{377E1ED7-84A1-6B42-36C5-EA915313419B}@maebhjlnjhmkbpopjnmobgbckh 0x6A 0x61 0x63 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DCCA0AB-27C7-E967-EDB4-4DA98920265A}

---- EOF - GMER 1.0.15 ----

GMER says that noname hidden = modified by rootkit

EDIT: Posts merged ~BP

Edited by Budapest, 07 December 2010 - 03:59 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 14 December 2010 - 11:25 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 17 December 2010 - 11:26 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 PM

Posted 21 December 2010 - 12:33 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users