PDA

View Full Version : Unknown problem.



Rosado
2008-11-08, 18:23
Well I have an unknown problem, my explorer.exe blocks and needs to be restarted (I use vista) I googled once and said the common problem was spyware so I did a check up with spybot and he found two files which were sucessful cleaned although the problem keeps going on and the connection seems to crash and then goes back online. Have problems keeping connecting to a game too.
Here is the HIjack log believe that all is needed yes?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:26, on 08-11-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.EXE
C:\Program Files\SecondLife\Nicholaz.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {3e4ac324-64f2-4bd4-8874-71ab026b0333} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {77550A9F-F035-4D5E-A748-995D0112581C} - (no file)
O2 - BHO: (no name) - {8CD034DD-E9AD-47D3-8689-51886345799C} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CA0B2BD9-42E6-4A84-BEC6-3E4EF215E928} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {fa5a366a-c36e-4fdb-a379-aba923cf72d6} - (no file)
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transferir com FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Transferir todos com FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Transferir vídeo com FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Transferência seleccionada pelo FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: eizkehbx - eizkehbx.dll (file missing)
O20 - Winlogon Notify: pijzalml - pijzalml.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe (file missing)
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe (file missing)
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe (file missing)
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe (file missing)
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Users\user\AppData\Local\Temp\{39EAB9AD-DAEA-4704-9FDA-8B6CC25F9A8C}\NMSAccessU.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 13196 bytes

Blade81
2008-11-09, 15:39
Hi

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).


Disable AD-AWARE AD-WATCH

* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called Active and Automatic.
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.
* (When done, you can re-enable it using the same steps but this time check both boxes.)


Generate an Uninstall List

* Open HijackThis
* Click on Open Misc Tools Section
* Click on Open Uninstall Manager
* Click on Save list
* Save it to your Desktop
* Post it on your next reply.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Rosado
2008-11-09, 18:45
Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).
When I do this step, I double click the ResetTeaTimer.bat file a cmd window opens with this text:
"Unsupported Version
Press any key to exit...."
what now? will it still work or not really? =\

Rosado
2008-11-09, 18:48
Doing the Unistall list step this is the list:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Age of Empires III
Age of Empires III - The Asian Dynasties
AGEIA PhysX v7.07.24
Apple Software Update
Arquivo do WinRAR
Assistente de Conexão do Windows Live
ASUS Data Security Manager
ASUS InstantFun
ASUS Splendid Video Enhancement Technology
Asus_Camera_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Attansic Ethernet Utility
Autodesk 3ds Max 2008 32-bit Help
avast! Antivirus
Backburner
Brother MFL-Pro Suite
BT Next Evolution
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Choice Guard
Contacts
Driver Genius Professional Edition
eJay Dance 7 Demo
ESET NOD32 Antivirus
FBX Plugin 2006.11.1 for Max 2008
Firebird 2.1.0.16780 (Win32)
FLV Player 2.0, build 23
Free Download Manager 2.5
FrostWire 4.17.0
HijackThis 2.0.2
Intel(R) PROSet/Wireless Software
IZArc 3.81
Java(TM) 6 Update 10
Java(TM) 6 Update 3
LifeFrame2
LimeWire 4.18.1
Magic ISO Maker v5.5 (build 0272)
MagicDisc 2.7.105
mCore
mDriver
Media Player Codec Pack 3.2.0
Messenger Plus! Live
mHelp
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
mMHouse
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.3)
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NB Probe
Nero 7 Essentials
NetAlyzer
No-IP.com DUC (remove only)
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia N73 highlights
Nokia Nseries Skin for Microsoft Windows Media Player
Nokia PC Suite
Nokia themes for your device
NVIDIA Drivers
OnRez (remove only)
OpenOffice.org Installer 1.0
Opera 9.62
Pacote de controladores do Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Pacote de controladores do Windows - Nokia Modem (02/15/2007 3.1)
Pacote de controladores do Windows - Nokia Modem (02/15/2007 3.1)
PaperPort Image Printer
PC Connectivity Solution
PDF Settings
Power4Gear eXtreme
PowerForPhone
Puma's Claw
QuickTime
Real Lives 2007
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SAM Broadcaster (remove only)
ScanSoft PaperPort 11
Screen Video Recorder 1.5
SecondLife (remove only)
SecondLifeFirstLookSLim (remove only)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
SHOUTcast DNAS (remove only)
Skype™ 3.6
Synaptics Pointing Device Driver
System Requirements Lab
Testes de Exame
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957258)
USB 2.0 1.3M UVC WebCam
Viewpoint Media Player
VistaFeaturePack
Windows Live Beta (todos os programas)
Windows Live Beta (todos os programas)
Windows Live Call
Windows Live Galeria de Fotos Beta
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Writer
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 2

Blade81
2008-11-09, 19:37
Hi

You may skip over TeaTimer resetting part for now :)

I'll get back to this when you've got other reports ready.

Rosado
2008-11-09, 21:37
Ok then, here is the two logs :D
Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:49, on 09-11-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\CF22946.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\ComboFix\handle.cfexe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transferir com FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Transferir todos com FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Transferir vídeo com FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Transferência seleccionada pelo FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe (file missing)
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe (file missing)
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe (file missing)
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe (file missing)
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Users\user\AppData\Local\Temp\{39EAB9AD-DAEA-4704-9FDA-8B6CC25F9A8C}\NMSAccessU.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 12103 bytes

///////////////////////////////////////////////////COMBOFIX///////////////////

ComboFix 08-11-07.01 - user 2008-11-09 18:48:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.2070.18.821 [GMT 0:00]
Executando de: c:\downloads\Software\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\cehjl.ini
c:\windows\System32\cehjl.ini2
c:\windows\system32\eizkehbx.dllbox
c:\windows\system32\ihiuwpjx.ini
c:\windows\system32\pijzalml.dllbox
c:\windows\system32\prpublvc.ini

.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))
.

2008-11-09 19:12 . 2008-11-09 19:14 348,945,554 --a------ c:\windows\MEMORY.DMP
2008-11-09 17:05 . 2008-11-09 18:07 <DIR> d-------- c:\program files\world
2008-11-08 16:31 . 2008-11-08 16:31 <DIR> d-------- c:\program files\Safer Networking
2008-11-08 16:16 . 2008-11-08 16:16 <DIR> d-------- c:\program files\Trend Micro
2008-11-08 15:48 . 2008-11-09 17:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-08 15:48 . 2008-11-08 15:48 1,409 --a------ c:\windows\QTFont.for
2008-11-08 14:20 . 2008-11-08 14:20 236 --a------ C:\sqmdata07.sqm
2008-11-08 14:20 . 2008-11-08 14:20 200 --a------ C:\sqmnoopt07.sqm
2008-11-08 02:40 . 2008-11-08 02:52 <DIR> d-------- c:\program files\SecondLifeFirstLookSLim
2008-11-08 01:56 . 2008-11-09 18:48 <DIR> d-------- c:\program files\SecondLife
2008-11-08 01:41 . 2008-11-08 01:41 <DIR> d-------- c:\program files\Opera
2008-11-07 10:40 . 2008-11-07 10:41 <DIR> d-------- c:\program files\OnRez
2008-11-06 10:25 . 2008-11-07 11:26 <DIR> d-------- c:\program files\Puma's Claw
2008-11-06 10:25 . 1997-01-20 11:08 65,536 --a------ c:\windows\System32\DLGOBJS.DLL
2008-11-06 10:25 . 1997-01-16 00:00 29,696 --a------ c:\windows\System32\VB5StKit.dll
2008-11-05 13:08 . 2008-11-07 10:02 <DIR> d-------- c:\users\Teste
2008-11-04 23:39 . 2008-11-04 23:39 200 --a------ C:\sqmnoopt06.sqm
2008-11-04 23:39 . 2008-11-04 23:39 200 --a------ C:\sqmdata06.sqm
2008-11-03 22:50 . 2008-11-03 22:50 <DIR> d-------- C:\programas
2008-11-01 23:32 . 2008-11-01 23:32 <DIR> d-------- c:\program files\Sun
2008-11-01 23:31 . 2008-11-01 23:30 410,976 --a------ c:\windows\System32\deploytk.dll
2008-10-28 22:47 . 2008-07-19 15:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-10-28 20:54 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 20:54 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 20:54 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-28 00:37 . 2008-08-05 09:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-28 00:37 . 2008-08-05 09:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-28 00:37 . 2008-08-05 09:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-28 00:37 . 2008-08-05 09:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-28 00:37 . 2008-08-05 09:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-27 23:40 . 2008-10-27 23:41 <DIR> d-------- c:\programdata\Yahoo! Companion
2008-10-20 21:19 . 2008-10-20 21:47 <DIR> d-------- c:\programdata\BitDefender
2008-10-20 21:17 . 2008-10-27 00:11 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-10-20 00:26 . 2008-05-07 13:20 71,592 --a------ c:\windows\System32\drivers\avfwot.sys
2008-10-20 00:26 . 2008-05-07 09:51 71,464 --a------ c:\windows\System32\drivers\avfwim.sys
2008-10-20 00:25 . 2008-10-21 10:14 <DIR> d-------- c:\programdata\Avira
2008-10-20 00:25 . 2008-10-21 10:14 <DIR> d-------- c:\program files\Avira
2008-10-15 22:41 . 2008-10-02 01:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-15 22:41 . 2008-10-02 03:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-14 22:10 . 2008-09-18 05:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-14 22:10 . 2008-09-18 05:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-14 22:10 . 2008-09-18 02:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-14 22:10 . 2008-09-03 03:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-10-14 22:10 . 2008-08-27 01:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-14 22:10 . 2008-09-03 03:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-10-11 14:27 . 2008-10-11 14:27 <DIR> d-------- c:\program files\Educational Simulations
2008-10-09 23:54 . 2008-10-09 23:54 <DIR> d-------- c:\program files\Publico
2008-10-09 09:19 . 2008-10-09 09:19 200 --a------ C:\sqmnoopt05.sqm
2008-10-09 09:19 . 2008-10-09 09:19 200 --a------ C:\sqmdata05.sqm

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 19:17 --------- d-----w c:\users\user\AppData\Roaming\Free Download Manager
2008-11-09 19:12 348,945,554 ----a-w c:\windows\DUMP5b29.tmp
2008-11-09 14:56 --------- d-----w c:\users\user\AppData\Roaming\Skype
2008-11-09 14:54 --------- d-----w c:\users\user\AppData\Roaming\skypePM
2008-11-09 13:30 --------- d-----w c:\users\user\AppData\Roaming\SystemRequirementsLab
2008-11-09 13:30 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-08 16:37 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-08 14:10 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-07 11:41 --------- d-----w c:\programdata\FLEXnet
2008-11-07 11:41 --------- d-----w c:\program files\VHCleaner
2008-11-07 11:41 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-07 11:41 --------- d-----w c:\program files\Lavasoft
2008-11-07 11:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-07 11:41 --------- d-----w c:\program files\CCleaner
2008-11-05 13:01 --------- d-----w c:\users\user\AppData\Roaming\SecondLife
2008-11-01 23:30 --------- d-----w c:\program files\Java
2008-10-26 22:48 39,836 ----a-w c:\users\user\AppData\Roaming\nvModes.dat
2008-10-24 17:46 --------- d-----w c:\program files\Yahoo!
2008-10-15 10:19 --------- d-----w c:\program files\Windows Mail
2008-10-15 00:16 --------- d-----w c:\programdata\Microsoft Help
2008-10-12 19:39 --------- d-----w c:\programdata\ScanSoft
2008-10-08 10:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-08 10:00 --------- d-----w c:\program files\MindArk
2008-10-08 09:59 --------- d-----w c:\program files\SlySoft
2008-10-06 21:45 --------- d-----w c:\program files\Brother
2008-10-06 21:37 --------- d-----w c:\program files\Nuance
2008-10-06 21:35 --------- d-----w c:\program files\ScanSoft
2008-10-06 21:35 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-10-06 21:27 --------- d-----w c:\programdata\Brother
2008-10-04 19:09 --------- d-----w c:\users\user\AppData\Roaming\FrostWire
2008-10-04 06:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-02 22:17 --------- d-----w c:\programdata\Age of Empires 3
2008-10-02 22:16 --------- d-----w c:\program files\Common Files\Microsoft Games
2008-10-02 22:03 --------- d-----w c:\program files\MagicDisc
2008-10-02 22:00 --------- d-----w c:\program files\MagicISO
2008-10-02 21:41 --------- d-----w c:\program files\Alcohol Soft
2008-10-02 21:35 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-24 22:58 --------- d-----w c:\program files\Common Files\Adobe
2008-09-24 14:40 --------- d-----w c:\program files\Bonjour
2008-09-24 13:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-09-24 13:17 --------- d-----w c:\program files\Driver-Soft
2008-09-24 01:45 --------- d-----w c:\users\user\AppData\Roaming\yahoo!
2008-09-24 01:45 --------- d-----w c:\programdata\Yahoo!
2008-09-24 01:37 --------- d-----w c:\program files\Metaboli Player
2008-09-24 01:10 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-09-24 01:08 --------- d-----w c:\program files\Windows Live
2008-09-24 01:02 --------- d-----w c:\program files\Microsoft
2008-09-24 00:57 --------- d-----w c:\program files\Common Files\Windows Live
2008-09-23 14:22 --------- d-----w c:\program files\ASUS
2008-09-23 01:39 --------- d-----w c:\program files\Autodesk
2008-09-22 22:44 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-09-20 03:30 --------- d-----w c:\program files\Microsoft Games
2008-09-16 19:44 --------- d-----w c:\programdata\WindowsSearch
2008-09-16 18:03 --------- d-----w c:\program files\IZArc
2008-09-16 17:46 --------- d-----w c:\programdata\eMule
2008-09-16 17:41 --------- d-----w c:\program files\Workspace Macro 4.6
2008-09-16 17:40 --------- d-----w c:\program files\VideoLAN
2008-09-11 22:16 --------- d-----w c:\program files\SpacialAudio
2008-09-11 20:48 --------- d-----w c:\program files\BT Next Evolution
2008-09-11 04:36 --------- d-----w c:\users\user\AppData\Roaming\OnRez
2008-09-05 15:04 288,768 ----a-w c:\windows\WLXPGSS.SCR
2008-06-18 07:11 174 --sha-w c:\program files\desktop.ini
2008-02-17 05:12 32 ----a-w c:\programdata\ezsid.dat
2008-01-25 23:44 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-25 23:44 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-25 23:44 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

<pre>
----a-w 39,792 2008-02-02 17:19:19 c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 61,440 2008-02-02 17:19:09 c:\program files\ASUS\ATK Media\DMEDIA .EXE
----a-w 161,328 2008-01-24 16:05:46 c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w 1,410,304 2008-02-02 17:19:19 c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
----a-w 132,496 2008-02-02 17:19:20 c:\program files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 31,016 2008-02-02 17:19:15 c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w 630,784 2008-02-02 17:19:07 c:\program files\Motorola\SMSERIAL\sm56hlpr .exe
----a-w 1,057,328 2008-02-02 17:19:07 c:\program files\Nero\Nero 7\InCD\InCD .exe
----a-w 778,240 2008-02-02 17:19:16 c:\program files\PowerForPhone\PowerForPhone .exe
----a-w 857,648 2008-02-02 17:19:09 c:\program files\Synaptics\SynTP\SynTPEnh .exe
----a-w 5,724,184 2008-02-01 21:19:28 c:\program files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-02-02 17:19:24 c:\program files\Windows Live\Messenger\msnmsgr .exe
----a-w 33,136 2008-01-26 12:30:19 c:\windows\ASScrPro .exe
----a-w 37,232 2008-02-02 17:19:15 c:\windows\ASScrProlog .exe
----a-w 4,444,160 2008-02-02 17:19:12 c:\windows\RtHDVCpl .exe
----a-w 1,822,720 2008-02-02 17:19:07 c:\windows\Skytel .exe
</pre>


(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-09-08 3513344]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-02-25 2465839]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-11-01 2468200]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2008-07-28 1172992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 07:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-05-22 21:35 8433664 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-05-22 21:35 86016 c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-03-01 13:24 857648 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1267906643-260180226-994702913-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E61C24B3-B5B8-4650-B3DD-B44E9B90D907}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6984EC2-9EB5-4019-A4B7-76D65493C3A2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9BA3962B-AFC7-4D14-92FC-8EC2C50A8064}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9B7D7FE5-69D9-4800-A704-8EEFFC0D6AD9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4AC89AB5-4286-44E4-A29F-DEED7C4587C7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B6886F21-4D7C-4EA3-90A4-7285B2577D09}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C809627-68B9-41E7-8895-24A76E882510}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4FE3E58D-DAF1-4039-A94C-7FDE0D5B2E62}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C10BD3B9-0EB1-43CC-AFA4-FB5BBCCE75F8}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{300A77E3-EF10-4486-9790-30276D0A7A3D}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{5404496B-DF8B-466E-BAD0-CD8380B163F7}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{DCD753CD-5C4E-4D15-ABB4-A3FDCC207A52}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"{11841890-1F68-4E15-A228-2DA4F86262CE}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{AF50B9F3-1C33-4A3E-B5D4-87682D149278}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{F0C3A4BB-0C6A-4460-896B-D592CE47AE5A}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{17377549-4904-4D12-9CB6-E58A3466B8E1}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{49F026E2-7F19-4790-A3B6-5387847A6F21}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{7A11A771-6573-49A2-8BDE-124B87AA5B85}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"TCP Query User{E0D32FF9-C6D4-4E86-986D-61DF94AB7CC5}c:\\program files\\windows live\\messenger\\msnmsgr .exe"= UDP:c:\program files\windows live\messenger\msnmsgr .exe:Windows Live Messenger
"UDP Query User{22DD63E0-87C6-4ED0-9203-38EE09AC2566}c:\\program files\\windows live\\messenger\\msnmsgr .exe"= TCP:c:\program files\windows live\messenger\msnmsgr .exe:Windows Live Messenger
"TCP Query User{E849BF52-8364-4C11-A271-D410B6056B3B}c:\\program files\\windows live\\messenger\\msnmsgr .exe"= UDP:c:\program files\windows live\messenger\msnmsgr .exe:Windows Live Messenger
"UDP Query User{1657D389-750B-4656-BF98-5F94F7353B60}c:\\program files\\windows live\\messenger\\msnmsgr .exe"= TCP:c:\program files\windows live\messenger\msnmsgr .exe:Windows Live Messenger
"{1699240F-2716-47AC-9D59-EF754FD89840}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6C57DBD1-CFD6-45E7-BD64-07A1877BD289}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{E8F86AD8-CF9D-458A-8CB5-1D3399DD1A9E}c:\\program files\\secondlifereleasecandidate\\slvoice.exe"= UDP:c:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"UDP Query User{334C1D68-D6B9-46BA-9CBB-D9A570DE4908}c:\\program files\\secondlifereleasecandidate\\slvoice.exe"= TCP:c:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"TCP Query User{B827E0E4-6ECE-4AAC-8523-0ACB56540E4C}c:\\program files\\secondlifereleasecandidate\\secondlifereleasecandidate.exe"= UDP:c:\program files\secondlifereleasecandidate\secondlifereleasecandidate.exe:Second Life
"UDP Query User{6FCBF8F0-4EA0-4716-8FB6-5204D698DEC8}c:\\program files\\secondlifereleasecandidate\\secondlifereleasecandidate.exe"= TCP:c:\program files\secondlifereleasecandidate\secondlifereleasecandidate.exe:Second Life
"{3CB10FED-9536-4959-968A-EF427462DEDA}"= UDP:14644:BitCometLite 14644 TCP
"{CA4D2513-51DE-4EB6-80FC-A479032EA421}"= TCP:14644:BitCometLite 14644 UDP
"TCP Query User{A3DAE33F-9BC4-467C-891F-B241F06576B5}c:\\program files\\softnyx\\rakionis\\bdrs\\rakion\\bin\\rakion.bin"= UDP:c:\program files\softnyx\rakionis\bdrs\rakion\bin\rakion.bin:rakion
"UDP Query User{EC6B88F0-42B2-40C6-8EFB-56D3635D7E89}c:\\program files\\softnyx\\rakionis\\bdrs\\rakion\\bin\\rakion.bin"= TCP:c:\program files\softnyx\rakionis\bdrs\rakion\bin\rakion.bin:rakion
"TCP Query User{4B3CC9A4-C58B-4EE5-A97F-78F6C70AE692}c:\\program files\\metin2_portugal\\metin2.bin"= UDP:c:\program files\metin2_portugal\metin2.bin:metin2
"UDP Query User{3F87F6EA-4ADE-422D-96A5-E6F9F201D085}c:\\program files\\metin2_portugal\\metin2.bin"= TCP:c:\program files\metin2_portugal\metin2.bin:metin2
"TCP Query User{7E55C633-8B92-4F2C-9DFF-7D5B46A02F67}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E7FBD814-7D89-4120-9F6C-ADD4E5989638}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{895C8670-2669-48FD-BE09-5FACE597D594}x:\\program files\\codemasters\\worms 4 mayhem\\worms 4 mayhem.exe"= UDP:x:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{244439EE-16D7-45B0-9B40-3D5FC0821B92}x:\\program files\\codemasters\\worms 4 mayhem\\worms 4 mayhem.exe"= TCP:x:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
"{3609B4BC-1DB8-407B-B776-00712F87AA72}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9CA29B96-2F7F-46C6-A20B-71DDF7EE36F3}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3CE6C5DA-8A07-4788-AF48-56F186ACF1A3}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2EC36E5E-B6C4-4A1F-B992-A9242E9D4718}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{94076A9C-69EF-4986-B842-F61D80626E63}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{00501FDF-69A1-41CF-8FE8-291ADD32F4AD}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"TCP Query User{6F89AAEC-5CB6-4516-B22D-3BB018D1B54E}c:\\program files\\shoutcast\\sc_serv.exe"= UDP:c:\program files\shoutcast\sc_serv.exe:sc_serv
"UDP Query User{25932424-D255-40A8-B2F6-9491216378DE}c:\\program files\\shoutcast\\sc_serv.exe"= TCP:c:\program files\shoutcast\sc_serv.exe:sc_serv
"{7A7D152E-88E8-47D8-9135-E6BDC8B35843}"= UDP:41536:limewire
"{6941937D-3822-44C0-9101-E590C013FED7}"= TCP:41536:limewire1
"{8EBDA7FD-5CF8-4978-AF2F-BE0B09965803}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A61BA5C9-18A2-4204-B5B2-C341482D3218}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{86A028F6-F835-4A80-9E46-FAFDDFF208BA}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire 4.17.0
"{6D760F05-8CD0-4D69-BD79-6B7B754D8506}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire 4.17.0
"TCP Query User{3BE6333E-5D0B-463B-956D-B4187E2F7CFD}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{A638B9D1-3047-4434-BACD-15A7C1B816D9}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{C8F3C5F4-BA7F-40F5-AE69-63BA7AA0C9BD}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{BBEB8345-2588-4699-AEC6-5C583BFA9997}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{444D2F47-74F0-4D25-BEE6-91A9F4B79B35}c:\\program files\\secondlifebeta\\slvoice.exe"= UDP:c:\program files\secondlifebeta\slvoice.exe:SLVoice
"UDP Query User{01E3C6DF-C8E1-479E-A058-7DEFC0539B0E}c:\\program files\\secondlifebeta\\slvoice.exe"= TCP:c:\program files\secondlifebeta\slvoice.exe:SLVoice
"TCP Query User{F7E3F615-D6CB-4241-A9E6-905EF7F69C2E}c:\\program files\\bt next evolution\\btnext.exe"= UDP:c:\program files\bt next evolution\btnext.exe:btnext
"UDP Query User{036EF460-A1C8-478D-834A-0D7B88D4F055}c:\\program files\\bt next evolution\\btnext.exe"= TCP:c:\program files\bt next evolution\btnext.exe:btnext
"TCP Query User{A7928C72-9762-41D7-ACC4-A4B46EE86A30}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8E9A5029-2BE9-4BBC-99CB-D39FED2AB7F9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{ACCBBB3D-9371-4564-B036-4D5E20C0A9E1}"= UDP:c:\program files\ASUS\ASUS Live Update\ALU.exe:ASUS Live Update
"{EC2F1761-6F40-4DB6-9605-CCDF71D1B666}"= TCP:c:\program files\ASUS\ASUS Live Update\ALU.exe:ASUS Live Update
"TCP Query User{9C938732-25EF-4C01-AEB5-43B0F92EFA0C}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{5731AED6-771D-48A4-96B7-83C4F5B1872F}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{3303C121-FFA7-435E-8568-5720DE255397}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{1B4D03B4-C2EC-48A7-A8E9-2392FC0EB01C}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{9DE26141-A3EE-4F04-AD1C-27087B2867D9}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{A1339964-6388-4BF7-83BF-22A1F56F0C22}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FA6DFFCE-AA9D-47CA-8D47-C766FB4D0994}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{468FE778-42F9-4AB2-9921-77D3E490A780}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{813AB4E7-8F1E-4B9C-B94E-CCDC2C57E00B}c:\\program files\\secondlife\\secondlife.exe"= UDP:c:\program files\secondlife\secondlife.exe:Second Life
"UDP Query User{9C988EB6-FC12-49C6-BD27-F5EFC01D3462}c:\\program files\\secondlife\\secondlife.exe"= TCP:c:\program files\secondlife\secondlife.exe:Second Life
"TCP Query User{1C0D901F-0207-4F20-B83D-05312FFB9A3D}c:\\program files\\onrez\\onrez.exe"= UDP:c:\program files\onrez\onrez.exe:Second Life
"UDP Query User{4068BD4A-7656-485A-9B3A-1E0858C614C7}c:\\program files\\onrez\\onrez.exe"= TCP:c:\program files\onrez\onrez.exe:Second Life
"TCP Query User{AD6345AF-0A79-4FD6-AE4B-3308E9540417}c:\\program files\\onrez\\slvoice.exe"= UDP:c:\program files\onrez\slvoice.exe:SLVoice
"UDP Query User{CAE306D1-928E-475B-A2B1-3D0B490255EB}c:\\program files\\onrez\\slvoice.exe"= TCP:c:\program files\onrez\slvoice.exe:SLVoice
"TCP Query User{F6ADEF00-24AE-453F-98F4-3722D79B9927}c:\\program files\\secondlife\\nicholaz.exe"= UDP:c:\program files\secondlife\nicholaz.exe:Second Life
"UDP Query User{C15EF2B2-27D7-4F58-BF83-6DB0F7FDC994}c:\\program files\\secondlife\\nicholaz.exe"= TCP:c:\program files\secondlife\nicholaz.exe:Second Life
"TCP Query User{B436B5F5-31CD-46ED-AFA6-6DB5BBD7B01E}c:\\program files\\secondlifefirstlookslim\\slvoice.exe"= UDP:c:\program files\secondlifefirstlookslim\slvoice.exe:SLVoice
"UDP Query User{B7D12879-4FBA-4078-B2AE-4851FD303ABC}c:\\program files\\secondlifefirstlookslim\\slvoice.exe"= TCP:c:\program files\secondlifefirstlookslim\slvoice.exe:SLVoice
"{7EE8E1D9-DDB7-4F33-8760-0962DD3CFF7A}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{954E9EA3-93D4-42C8-853A-73FD5C0E79E9}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-05-07 71592]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-10-25 30728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 41217]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-05-07 71464]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [ ]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [ ]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [ ]
S2 NMSAccessU;NMSAccessU;c:\users\user\AppData\Local\Temp\{39EAB9AD-DAEA-4704-9FDA-8B6CC25F9A8C}\NMSAccessU.exe [ ]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1366fac-0fb0-11dd-ae4a-001d60d2ea44}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe

*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{3e4ac324-64f2-4bd4-8874-71ab026b0333} - (no file)
BHO-{77550A9F-F035-4D5E-A748-995D0112581C} - (no file)
BHO-{CA0B2BD9-42E6-4A84-BEC6-3E4EF215E928} - (no file)
BHO-{fa5a366a-c36e-4fdb-a379-aba923cf72d6} - (no file)
Notify-eizkehbx - eizkehbx.dll
Notify-pijzalml - pijzalml.dll


.
------- Scan Suplementar -------
.
FireFox -: Profile - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fp9e2mtl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pt/ig?hl=pt-PT
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:14:33
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...


c:\windows\TEMP\00001.tmp 1945600 bytes
C:\ADSM_PData_0150

Varredura completada com sucesso
arquivos/ficheiros ocultos: 2

**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\WerFault.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Tempo para conclusão: 2008-11-09 19:33:40 - Máquina reiniciou
ComboFix-quarantined-files.txt 2008-11-09 19:33:29

Pré-execução: 41.404.731.392 bytes livres
Pós execução: 40,345,849,856 bytes livres

408 --- E O F --- 2008-11-07 17:48:41

Blade81
2008-11-09, 22:39
Hi

You seem to have multiple antivirus programs (avast! Antivirus, ESET NOD32 Antivirus at least) installed. It's recommended to have only one installed in same system. Decide which one to keep and uninstall the other ones. There're signs of Antivir but I'm not sure if those are just leftovers or if you still have it installed. Please let me know if those are leftovers so we can clean them.


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

FrostWire
LimeWire


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

c:\users\user\AppData\Roaming\FrostWire
c:\program files\FrostWire
c:\program files\LimeWire
c:\programdata\eMule
c:\program files\emule

Empty Recycle Bin.

After that:

Uninstall vulnerable Java(TM) 6 Update 3.


Start hjt (by right clicking HijackThis.exe and selecting 'run as administrator'), do a system scan, check (if found):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)

Close browsers and fix checked.



Open notepad and copy/paste the text in the quotebox below into it:



Folder::
c:\users\user\AppData\Roaming\FrostWire
c:\program files\FrostWire
c:\program files\LimeWire
c:\programdata\eMule
c:\program files\emule

DirLook::
c:\program files\world

RENV::
c:\program files\ASUS\ATK Media\DMEDIA .EXE
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Motorola\SMSERIAL\sm56hlpr .exe
c:\program files\Nero\Nero 7\InCD\InCD .exe
c:\program files\PowerForPhone\PowerForPhone .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\windows\ASScrPro .exe
c:\windows\ASScrProlog .exe
c:\windows\RtHDVCpl .exe
c:\windows\Skytel .exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3C809627-68B9-41E7-8895-24A76E882510}"=-
"{4FE3E58D-DAF1-4039-A94C-7FDE0D5B2E62}"=-
"{3CB10FED-9536-4959-968A-EF427462DEDA}"=-
"{CA4D2513-51DE-4EB6-80FC-A479032EA421}"=-
"TCP Query User{7E55C633-8B92-4F2C-9DFF-7D5B46A02F67}c:\\program files\\emule\\emule.exe"=-
"UDP Query User{E7FBD814-7D89-4120-9F6C-ADD4E5989638}c:\\program files\\emule\\emule.exe"=-
"{7A7D152E-88E8-47D8-9135-E6BDC8B35843}"=-
"{6941937D-3822-44C0-9101-E590C013FED7}"=-
"{8EBDA7FD-5CF8-4978-AF2F-BE0B09965803}"=-
"{A61BA5C9-18A2-4204-B5B2-C341482D3218}"=-
"{86A028F6-F835-4A80-9E46-FAFDDFF208BA}"=-
"{6D760F05-8CD0-4D69-BD79-6B7B754D8506}"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1366fac-0fb0-11dd-ae4a-001d60d2ea44}]



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm).


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

Rosado
2008-11-09, 22:59
yeah those are leftovers. I only use Avast now :)

Blade81
2008-11-09, 23:53
Ok. Let's clean the leftovers a bit later. Please post back when you have the reports ready :)

Blade81
2008-11-16, 11:25
What's the status here, Rosado?

Rosado
2008-11-16, 22:54
What's the status here, Rosado?

Really sorry blade, my life been really troubled last week and so I didn't finished the kaspersky scan going to do it tomorrow only, hope that's alright with you :)

Blade81
2008-11-17, 07:37
Yes, that's ok :)

Rosado
2008-11-19, 02:08
Yes, that's ok :)

just my luck... I had kaspersky running for 12hours, it was on 50% then power goes down and I lost the scan it was doing...had found 2files too... today aint my day:sad:

Blade81
2008-11-19, 08:06
Hi

Sorry to hear that :sad: To improve scanning speed have hard drive(s) defragmented and antivirus program disabled during the scan.

Blade81
2008-11-26, 20:06
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.