Bifrose.LA

[dorian_BR]

Hello!

Please, I'd really appreciate if someone could help me, here's my problem:

I've run a scan with Spybot S&D which found Bifrose.LA, which I removed and did nothing, I restarted the computer and the registry enters which it deleted came back.

I've also searched my computer for Bifrost files, but found nothing.

I've searched the registry for Bifrost entries and deleted the ones I found but I think they were the same ones Spybot found, so they just keep coming back after restarts.

Here's the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:25, on 18/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Avast4\ashServ.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Arquivos de programas\Bonjour\mDNSResponder.exe
E:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Avast4\ashWebSv.exe
E:\WINDOWS\System32\alg.exe
E:\ARQUIV~1\Avast4\ashDisp.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Arquivos de programas\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe
E:\Meus Downloads\Nova pasta (4)\HijackThis.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Arquivos de programas\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (disabled by BHODemon)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "E:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Gbieh.2] gbiehdst.dll gbppsv.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight - E:\Arquivos de programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - E:\Arquivos de programas\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228931293562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - E:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9cc0bcccba718) (gupdate1c9cc0bcccba718) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

--
End of file - 7950 bytes

[Shaba]

Hi dorian_BR

Please post next spybot report

[dorian_BR]

Hi Shaba! Thanks for your help. Kiitos.

Here's my spybot report:


--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Bifrose.LA: [SBI $D9EB7AA3] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-746137067-73586283-682003330-1003\Software\Bifrost

Bifrose.LA: [SBI $B9E7EB8B] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-08-22 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-03-25 Includes\Adware.sbi (*)
2009-05-12 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-05-12 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-04-21 Includes\Hijackers.sbi (*)
2009-05-12 Includes\HijackersC.sbi (*)
2009-05-06 Includes\Keyloggers.sbi (*)
2009-05-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-05-12 Includes\Malware.sbi (*)
2009-05-13 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-05-12 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-05-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-05-12 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-05-12 Includes\Trojans.sbi (*)
2009-05-13 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Atualização de Segurança para o Windows Media Player (KB952069)
/ Windows Media Player 11: Atualização de Segurança para o Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix para o Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Atualização de Segurança para o Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Atualização Crítica para o Windows Media Player 11 (KB959772)
/ Windows XP: Atualização de Segurança para Windows XP (KB923689)
/ Windows XP: Atualização de Segurança para Windows XP (KB941569)
/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Atualização para Windows Internet Explorer 8 (KB968220)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB923561)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB938464)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB938464-v2)
/ Windows XP / SP4: Hotfix para Windows XP (KB942288-v3)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB946648)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB950762)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB950974)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB951066)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB951376-v2)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB951698)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB951748)
/ Windows XP / SP4: Atualização para Windows XP (KB951978)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB952004)
/ Windows XP / SP4: Hotfix para Windows XP (KB952287)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB952954)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB954211)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB954600)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB955069)
/ Windows XP / SP4: Atualização para Windows XP (KB955839)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956391)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956572)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956802)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956803)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956841)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB957095)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB957097)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB958215)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB958644)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB958687)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB958690)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB959426)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB960225)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB960715)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB960803)
/ Windows XP / SP4: Hotfix para Windows XP (KB961118)
/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB961373)
/ Windows XP / SP4: Atualização para Windows XP (KB967715)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, avast!
command: E:\ARQUIV~1\Avast4\ashDisp.exe
file: E:\ARQUIV~1\Avast4\ashDisp.exe
size: 81000
MD5: 55EBFBAB39BFAB5E62358C093F297641

Located: HK_LM:Run, GEST
command: =
file: =
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, iTunesHelper
command: "E:\Arquivos de programas\iTunes\iTunesHelper.exe"
file: E:\Arquivos de programas\iTunes\iTunesHelper.exe
size: 342312
MD5: 6B0E8DEE62C0C9695C77F14482DDF178

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: E:\WINDOWS\RTHDCPL.EXE
size: 18082304
MD5: F4A847AAFD31959A0A355FC927C38A56

Located: HK_LM:Run, C-Media Mixer (DISABLED)
command: Mixer.exe /startup
file: E:\WINDOWS\Mixer.exe
size: 1216512
MD5: 2CF73C525241824679A62DCCF25C8832

Located: HK_LM:Run, C-Media Speaker Configuration (DISABLED)
command: E:\Meus Downloads\Nova pasta (3)\WinXP\Setup.exe /SPEAKER
file: E:\Meus Downloads\Nova pasta (3)\WinXP\Setup.exe
size: 491520
MD5: 236CF4B7F2C6083A586DB62382A1BD96

Located: HK_LM:Run, iTunesHelper (DISABLED)
command: "E:\Arquivos de programas\iTunes\iTunesHelper.exe"
file: E:\Arquivos de programas\iTunes\iTunesHelper.exe
size: 342312
MD5: 6B0E8DEE62C0C9695C77F14482DDF178

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "E:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
file: E:\Arquivos de programas\QuickTime\QTTask.exe
size: 413696
MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9

Located: HK_LM:Run, VirtualCloneDrive (DISABLED)
command: "E:\Arquivos de programas\VirtualCloneDrive\VCDDaemon.exe" /s
file: E:\Arquivos de programas\VirtualCloneDrive\VCDDaemon.exe
size: 52168
MD5: 9F3287A1CAF6E365ED2B39BB8D44B0EA

Located: HK_LM:Run, VTTimer (DISABLED)
command: VTTimer.exe
file: E:\WINDOWS\system32\VTTimer.exe
size: 53248
MD5: AB973644B5CD45173915715782BBA273

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: E:\WINDOWS\system32\CTFMON.EXE
file: E:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, CTFMON.EXE
where: PE_E_ADMINISTRADOR...
command: E:\WINDOWS\system32\ctfmon.exe
file: E:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: E:\WINDOWS\system32\CTFMON.EXE
file: E:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: E:\WINDOWS\system32\CTFMON.EXE
file: E:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-746137067-73586283-682003330-1003...
command: E:\WINDOWS\system32\ctfmon.exe
file: E:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:RunOnce, FlashPlayerUpdate (DISABLED)
where: S-1-5-21-746137067-73586283-682003330-1003...
command: E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
file: E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
size: 235936
MD5: 0AE72A6CF7DA6440320BCF7241CE9ED4

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: E:\WINDOWS\system32\CTFMON.EXE
file: E:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{000123B4-9B42-4900-B3F7-F4B073EFC214} (btorbit.com)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: btorbit.com
CLSID name: Octh Class
Path: E:\Arquivos de programas\Orbitdownloader\
Long name: orbitcth.dll
Short name:
Date (created): 2/2/2009 17:46:24
Date (last access): 19/5/2009 17:34:06
Date (last write): 27/2/2009 10:01:04
Filesize: 134344
Attributes: archive
MD5: 720D9D57F404802915B3081A231BA141
CRC32: E641F45C
Version: 2.4.0.2

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Facilitador de Leitor de Link Adobe PDF)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Facilitador de Leitor de Link Adobe PDF
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 23:08:42
Date (last access): 19/5/2009 17:34:06
Date (last write): 22/10/2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: bho2gr Class
description: GetRight
classification: Legitimate
known filename: msie2gr.dll
info link: http://www.getright.com/
info source: TonyKlein
Path: E:\Arquivos de programas\GetRight\
Long name: xx2gr.dll
Short name:
Date (created): 14/6/2008 09:51:46
Date (last access): 19/5/2009 17:34:06
Date (last write): 14/2/2005 12:08:50
Filesize: 233472
Attributes: archive
MD5: 06EE81C0ABBCFCD09ED3B3A9798871D3
CRC32: 752B81F8
Version: 5.2.0.3

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: E:\ARQUIV~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 18/3/2008 21:47:14
Date (last access): 19/5/2009 17:34:04
Date (last write): 15/9/2008 14:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path:
Long name: __BHODemonDisabled

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll__BHODemonDisabled

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 4/5/2009 15:20:36
Date (last access): 19/5/2009 17:32:44
Date (last write): 4/5/2009 15:20:36
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572



--- ActiveX list ---
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: E:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsof...?1228931293562
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: E:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 16/10/2008 14:07:48
Date (last access): 19/5/2009 17:34:06
Date (last write): 16/10/2008 14:07:48
Filesize: 208744
Attributes: archive
MD5: 90058C2AD9FC43A3B3D59F82FFC6AEA7
CRC32: 7D5F90FA
Version: 7.2.6001.788

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: E:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/s...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: E:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 24/3/2008 23:32:42
Date (last access): 19/5/2009 17:34:06
Date (last write): 24/3/2008 23:32:42
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 728 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 776 ( 728) \??\E:\WINDOWS\system32\csrss.exe
size: 6144
PID: 808 ( 728) \??\E:\WINDOWS\system32\winlogon.exe
size: 509952
PID: 852 ( 808) E:\WINDOWS\system32\services.exe
size: 111104
MD5: C52DEB6D8CD4B096BF1A9EC001F36507
PID: 864 ( 808) E:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9607142710D3B64AB7FCCE4BE4E30D37
PID: 1040 ( 852) E:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: ECA673779ECD27D674953D692FE070F6
PID: 1064 ( 852) E:\WINDOWS\system32\svchost.exe
size: 14336
MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F
PID: 1132 ( 852) E:\WINDOWS\system32\svchost.exe
size: 14336
MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F
PID: 1232 ( 852) E:\WINDOWS\System32\svchost.exe
size: 14336
MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F
PID: 1356 ( 852) E:\WINDOWS\system32\svchost.exe
size: 14336
MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F
PID: 1432 ( 852) E:\WINDOWS\system32\svchost.exe
size: 14336
MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F
PID: 1476 ( 852) E:\Arquivos de programas\Avast4\aswUpdSv.exe
size: 18752
MD5: 118F964817982E771B8953DF2E99E3AB
PID: 1524 ( 852) E:\Arquivos de programas\Avast4\ashServ.exe
size: 155160
MD5: E1D075B489A5E6E294E968501184C5F6
PID: 1588 ( 808) E:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: ECA673779ECD27D674953D692FE070F6
PID: 1908 ( 852) E:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: AF1D9AE15C11163F576DF6ED6194B53C
PID: 424 (1232) E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
PID: 516 ( 276) E:\WINDOWS\Explorer.EXE
size: 1035776
MD5: 064EC7FF5F58B928C3E119402977FA6D
PID: 636 ( 852) E:\WINDOWS\system32\svchost.exe
size: 14336
MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F
PID: 720 ( 852) E:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 132424
MD5: 367592EFCA7FF8B4CE11AB6B0744E1E2
PID: 124 ( 852) E:\Arquivos de programas\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 1328 ( 852) E:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
size: 61440
MD5: 559C9B7800FAC92FC515CD0003D7C631
PID: 1872 ( 852) E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
size: 836904
MD5: A0101E836D2A39682E134C47B1565256
PID: 2280 ( 852) E:\WINDOWS\system32\svchost.exe
size: 14336
MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F
PID: 2492 ( 852) E:\Arquivos de programas\Avast4\ashMaiSv.exe
size: 254040
MD5: 2D697C9C4FBDA956E4BE318C334CD95E
PID: 2516 ( 852) E:\Arquivos de programas\Avast4\ashWebSv.exe
size: 352920
MD5: B9FD2B7A954A45963C3BF932DB10A633
PID: 2820 ( 852) E:\WINDOWS\System32\alg.exe
size: 44544
MD5: 6D2018AEE93285F2A8BEF55D722187A3
PID: 3208 ( 516) E:\ARQUIV~1\Avast4\ashDisp.exe
size: 81000
MD5: 55EBFBAB39BFAB5E62358C093F297641
PID: 3216 ( 516) E:\WINDOWS\RTHDCPL.EXE
size: 18082304
MD5: F4A847AAFD31959A0A355FC927C38A56
PID: 3236 ( 516) E:\Arquivos de programas\iTunes\iTunesHelper.exe
size: 342312
MD5: 6B0E8DEE62C0C9695C77F14482DDF178
PID: 3248 ( 516) E:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F
PID: 3644 ( 852) E:\Arquivos de programas\iPod\bin\iPodService.exe
size: 656168
MD5: F055C1760ABFA52B159985E551EA0EDC
PID: 1288 ( 852) E:\WINDOWS\System32\svchost.exe
size: 14336
MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F
PID: 2384 ( 516) E:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 19/5/2009 17:47:28

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://www.google.com/


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE79FDD1-68B0-47EE-B73C-5F5886EE67F3}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE79FDD1-68B0-47EE-B73C-5F5886EE67F3}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A300E0BF-9E69-4539-AD3F-97E8A69C69D4}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A300E0BF-9E69-4539-AD3F-97E8A69C69D4}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04D8C8CC-0655-4BF7-AE18-D4946C33519E}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04D8C8CC-0655-4BF7-AE18-D4946C33519E}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D4327875-62FD-44CB-AAD2-8F8283DBD10D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D4327875-62FD-44CB-AAD2-8F8283DBD10D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4ABB087A-380B-4EE3-8949-C4369D80B6BB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4ABB087A-380B-4EE3-8949-C4369D80B6BB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0A9791FE-CD1B-40EF-8768-DB5E08BC4D09}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0A9791FE-CD1B-40EF-8768-DB5E08BC4D09}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BBC66AA6-9514-4A38-9427-B34EB1ED4E72}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BBC66AA6-9514-4A38-9427-B34EB1ED4E72}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espaço para nome do reconhecimento de local da rede (NLA)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: E:\Arquivos de programas\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

[Shaba]

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

[dorian_BR]

Here's the ComboFix log:

ComboFix 09-05-19.08 - IGOR 20/05/2009 10:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3070.2582 [GMT -3:00]
Executando de: e:\documents and settings\IGOR\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090518-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\IGOR\Dados de aplicativos\addons.dat
e:\documents and settings\IGOR\e7h6t87k3.exe
e:\windows\svchost
e:\windows\system32\nsprs.dll
e:\windows\system32\serauth1.dll
e:\windows\system32\serauth2.dll
e:\windows\system32\ssprs.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-20 to 2009-05-20 ))))))))))))))))))))))))))))
.

2009-05-18 13:29 . 2009-05-18 13:30 -------- d-----w e:\arquivos de programas\ERUNT
2009-05-16 23:19 . 2009-05-16 23:19 -------- d-sh--w e:\documents and settings\Administrador\PrivacIE
2009-05-16 18:52 . 2009-05-16 19:28 -------- d-----w E:\silentrunners
2009-05-16 17:38 . 2009-05-16 17:38 -------- d--h--w e:\windows\PIF
2009-05-14 01:30 . 2009-05-14 01:30 -------- d-sh--w e:\documents and settings\Administrador\IETldCache
2009-05-12 20:40 . 2009-05-12 20:40 -------- d-----w e:\documents and settings\IGOR\Dados de aplicativos\U3
2009-05-04 18:20 . 2009-05-04 18:20 -------- d-sh--w e:\documents and settings\LocalService\IETldCache
2009-05-04 16:54 . 2009-05-04 16:54 -------- d-----w e:\arquivos de programas\iPod
2009-05-04 16:54 . 2009-05-04 16:54 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-04 16:54 . 2009-05-04 16:54 -------- d-----w e:\arquivos de programas\iTunes
2009-05-03 16:18 . 2009-05-19 20:34 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Google Updater
2009-04-30 14:11 . 2009-04-30 14:11 -------- d-sh--w e:\documents and settings\IGOR\IECompatCache
2009-04-30 14:05 . 2009-04-30 14:05 -------- d-sh--w e:\documents and settings\IGOR\PrivacIE
2009-04-30 14:04 . 2009-04-30 14:04 -------- d-sh--w e:\documents and settings\NetworkService\IETldCache
2009-04-30 14:04 . 2009-04-30 14:04 -------- d-sh--w e:\documents and settings\IGOR\IETldCache
2009-04-30 14:02 . 2009-04-30 14:02 -------- d-----w e:\windows\ie8updates
2009-04-30 14:02 . 2009-02-28 04:55 105984 -c----w e:\windows\system32\dllcache\iecompat.dll
2009-04-30 14:00 . 2009-04-30 14:02 -------- dc-h--w e:\windows\ie8
2009-04-22 03:20 . 2009-04-22 03:20 14311680 ----a-w e:\windows\system32\xlive.dll
2009-04-22 03:20 . 2009-04-22 03:20 13642496 ----a-w e:\windows\system32\xlivefnt.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 22:45 . 2008-05-05 13:55 -------- d-----w e:\arquivos de programas\Google
2009-05-17 00:05 . 2009-02-02 20:46 -------- d-----w e:\arquivos de programas\Orbitdownloader
2009-05-16 20:41 . 2008-06-14 12:51 -------- d-----w e:\arquivos de programas\GetRight
2009-05-08 14:27 . 2008-03-22 02:26 -------- d-----w e:\arquivos de programas\eMule
2009-05-04 16:54 . 2009-02-09 01:56 -------- d-----w e:\arquivos de programas\Arquivos comuns\Apple
2009-04-19 14:07 . 2009-04-19 14:04 -------- d-----w e:\arquivos de programas\TimeAdjuster
2009-04-17 15:47 . 2009-04-17 15:46 -------- d-----w e:\arquivos de programas\FormatFactory
2009-04-17 12:16 . 2001-10-28 18:07 79240 ----a-w e:\windows\system32\perfc016.dat
2009-04-17 12:16 . 2001-10-28 18:07 468462 ----a-w e:\windows\system32\perfh016.dat
2009-03-19 19:32 . 2009-02-09 01:59 23400 ----a-w e:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 07:34 . 2004-08-04 03:45 914944 ----a-w e:\windows\system32\wininet.dll
2009-03-08 07:34 . 2004-08-04 03:45 43008 ----a-w e:\windows\system32\licmgr10.dll
2009-03-08 07:33 . 2004-08-04 03:45 18944 ----a-w e:\windows\system32\corpol.dll
2009-03-08 07:33 . 2004-08-04 03:45 420352 ----a-w e:\windows\system32\vbscript.dll
2009-03-08 07:32 . 2004-08-04 03:45 72704 ----a-w e:\windows\system32\admparse.dll
2009-03-08 07:32 . 2004-08-04 03:45 71680 ----a-w e:\windows\system32\iesetup.dll
2009-03-08 07:31 . 2004-08-04 03:45 34816 ----a-w e:\windows\system32\imgutil.dll
2009-03-08 07:31 . 2004-08-04 03:44 48128 ----a-w e:\windows\system32\mshtmler.dll
2009-03-08 07:31 . 2004-08-04 03:45 45568 ----a-w e:\windows\system32\mshta.exe
2009-03-08 07:22 . 2001-10-28 18:07 156160 ----a-w e:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-04 03:45 286208 ----a-w e:\windows\system32\pdh.dll
2009-03-06 02:59 . 2009-02-09 01:57 36864 ----a-w e:\windows\system32\drivers\usbaapl.sys
2009-03-06 02:59 . 2008-09-10 01:47 1900544 ----a-w e:\windows\system32\usbaaplrc.dll
2008-03-23 04:22 . 2008-03-23 04:22 61 --sh--w e:\windows\cnerolf.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"avast!"="e:\arquiv~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"iTunesHelper"="e:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.EXE [2008-12-30 18082304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Speaker Configuration"=e:\meus downloads\Nova pasta (3)\WinXP\Setup.exe /SPEAKER
"VirtualCloneDrive"="e:\arquivos de programas\VirtualCloneDrive\VCDDaemon.exe" /s
"iTunesHelper"="e:\arquivos de programas\iTunes\iTunesHelper.exe"
"C-Media Mixer"=Mixer.exe /startup
"VTTimer"=VTTimer.exe
"QuickTime Task"="e:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Arquivos de programas\\eMule\\emule.exe"=
"e:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
"e:\\Arquivos de programas\\TmUnitedForever\\TmForever.exe"=
"e:\\Arquivos de programas\\Commandos II\\comm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"e:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"e:\\Arquivos de programas\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"e:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"e:\\Meus Downloads\\utorrent.exe"=
"e:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"e:\\Arquivos de programas\\Codemasters\\GRID\\GRID.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"e:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"e:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"c:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"e:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 ViBus;ViBus;e:\windows\system32\drivers\ViBus.sys [18/3/2008 17:07 16896]
R0 ViPrt;VIA SATA IDE Device Driver;e:\windows\system32\drivers\ViPrt.sys [18/3/2008 17:07 52224]
R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [30/3/2008 21:53 111184]
R1 BIOS;BIOS;e:\windows\system32\drivers\BIOS.sys [18/3/2008 17:06 13696]
R1 BS_I2cIo;BS_I2cIo;e:\windows\system32\drivers\BS_I2cIo.sys [19/3/2008 15:54 8192]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [30/3/2008 21:53 20560]
S2 gupdate1c9cc0bcccba718;Google Update Service (gupdate1c9cc0bcccba718);e:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/5/2009 13:25 133104]
S3 GMFilter;GMFilter HID Filter Driver;e:\windows\system32\drivers\GMFilter.sys [23/3/2008 13:51 19840]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 S3GIGP;S3GIGP;e:\windows\system32\drivers\S3gIGPm.sys [11/7/2007 13:08 714240]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-33WE-AAX5-14KC2A323342}]
c:\data\DELETED\POWER.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{91F6B99D-3EDC-CBE5-41C0-F82230C16D25}]
e:\windows\system32\SV121\svchost2.exe s
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-05-20 e:\windows\Tasks\Google Software Updater.job
- e:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 18:20]

2009-05-20 e:\windows\Tasks\GoogleUpdateTaskMachine.job
- e:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-03 16:25]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Explorer_Run-Gbieh.2 - gbiehdst.dll


.
------- Scan Suplementar -------
.
uLocal Page = hxxp://www.google.com/
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
IE: &Download by Orbit - e:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - e:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: Download with GetRight - e:\arquivos de programas\GetRight\GRdownload.htm
IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - e:\arquivos de programas\GetRight\GRbrowse.htm
TCP: {BBC66AA6-9514-4A38-9427-B34EB1ED4E72} = 189.1.1.10 189.1.1.249
FF - ProfilePath - e:\documents and settings\IGOR\Dados de aplicativos\Mozilla\Firefox\Profiles\1o5qyicl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/firefox
FF - plugin: e:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: e:\arquivos de programas\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: e:\arquivos de programas\Mozilla Firefox\plugins\NPGetRt.dll

---- FIREFOX POLICIES ----
e:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
.
------- Associação de arquivos/ficheiros -------
.
inffile=Notepad.exe "%1"
inifile=Notepad.exe "%1"
txtfile=Notepad.exe "%1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 10:10
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-73586283-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:21,27,4d,79,8f,a7,39,8b,97,94,a6,3d,d4,05,1c,fd,1f,f9,ef,64,3e,
09,f7,fa,06,6d,4d,27,71,84,fb,ca,99,de,cc,98,93,d7,b1,64,6b,25,8a,65,8b,e0,\
"rkeysecu"=hex:31,7a,d4,d4,9d,14,a8,b5,27,34,53,d3,a8,5b,20,e2

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="E?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(808)
e:\windows\system32\Ati2evxx.dll
.
Tempo para conclusão: 2009-05-20 10:12
ComboFix-quarantined-files.txt 2009-05-20 13:12

Pré-execução: 23 pasta(s) 59.805.437.952 bytes disponíveis
Pós execução: 22 pasta(s) 59.819.081.728 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

206 --- E O F --- 2008-12-11 20:21




>>>> And here's the HiJackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:30, on 20/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Avast4\ashServ.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Arquivos de programas\Bonjour\mDNSResponder.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Avast4\ashWebSv.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\Explorer.EXE
E:\ARQUIV~1\Avast4\ashDisp.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Arquivos de programas\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe
E:\Meus Downloads\Nova pasta (4)\HijackThis.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Arquivos de programas\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (disabled by BHODemon)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "E:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight - E:\Arquivos de programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - E:\Arquivos de programas\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228931293562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - E:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9cc0bcccba718) (gupdate1c9cc0bcccba718) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

--
End of file - 7932 bytes

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

[dorian_BR]

Here it is:

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.3 - Português
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
Arquivo do WinRAR
ATI Display Driver
Atualização Crítica para o Windows Media Player 11 (KB959772)
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para o Windows Media Player 11 (KB954154)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)
Atualização de Segurança para Windows Internet Explorer 7 (KB963027)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB938464)
Atualização de Segurança para Windows XP (KB938464-v2)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951066)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB954211)
Atualização de Segurança para Windows XP (KB954459)
Atualização de Segurança para Windows XP (KB954600)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956391)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956841)
Atualização de Segurança para Windows XP (KB957095)
Atualização de Segurança para Windows XP (KB957097)
Atualização de Segurança para Windows XP (KB958215)
Atualização de Segurança para Windows XP (KB958644)
Atualização de Segurança para Windows XP (KB958687)
Atualização de Segurança para Windows XP (KB958690)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960225)
Atualização de Segurança para Windows XP (KB960715)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB961373)
Atualização para Windows Internet Explorer 8 (KB968220)
Atualização para Windows XP (KB951978)
Atualização para Windows XP (KB955839)
Atualização para Windows XP (KB967715)
avast! Antivirus
AviSynth 2.5
AVS DVD Player version 2.4
Battlefield 2(TM)
Bonjour
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Commandos 2: Men of Courage
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
DivXLand Media Subtitler
DVD Flick
eMule
ERUNT 1.1j
FLV Player 2.0 (build 25)
FormatFactory 1.80
Fraps
Futuremark SystemInfo
GetRight
Google Earth
Google Update Helper
Google Updater
Grand Theft Auto IV
GRID
Guia do Usuário da Creative WebCam Instant (Português)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows XP (KB942288-v3)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB961118)
iTunes
Java(TM) 6 Update 5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Nero 8
Oblivion
Oblivion mod manager 1.1.12
OpenAL
Orbit Downloader
Pacote de Compatibilidade para o sistema Office 2007
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
PCI Audio Driver
PDF Settings
PowerISO
QuickTime
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Rockstar Games Social Club
Skype™ 3.8
Sniper Elite
Space Shuttle
SPORE™
SPORE™ Coleção de Partes Medonhas & Fofinhas
Spybot - Search & Destroy
Test Drive Unlimited
The Sims 2
TmUnitedForever
Tom Clancy's Rainbow Six Vegas 2
UltraISO Premium V9.3
Unreal Tournament 2004
USB all-in-one game controller
VIA Gerenciador de dispositivo de plataforma
VIA Rhine-Family Fast-Ethernet Adapter
Videora iPod touch Converter 4.05
VirtualCloneDrive
Winamp (remove only)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
Xvid 1.1.3 final uninstall

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent
eMule


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall log scan when finished and post the log back here.

[dorian_BR]

OK then, I've just uninstalled eMule and uTorrent, here's the new log:

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.3 - Português
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
Arquivo do WinRAR
ATI Display Driver
Atualização Crítica para o Windows Media Player 11 (KB959772)
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para o Windows Media Player 11 (KB954154)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)
Atualização de Segurança para Windows Internet Explorer 7 (KB963027)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB938464)
Atualização de Segurança para Windows XP (KB938464-v2)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951066)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB954211)
Atualização de Segurança para Windows XP (KB954459)
Atualização de Segurança para Windows XP (KB954600)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956391)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956841)
Atualização de Segurança para Windows XP (KB957095)
Atualização de Segurança para Windows XP (KB957097)
Atualização de Segurança para Windows XP (KB958215)
Atualização de Segurança para Windows XP (KB958644)
Atualização de Segurança para Windows XP (KB958687)
Atualização de Segurança para Windows XP (KB958690)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960225)
Atualização de Segurança para Windows XP (KB960715)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB961373)
Atualização para Windows Internet Explorer 8 (KB968220)
Atualização para Windows XP (KB951978)
Atualização para Windows XP (KB955839)
Atualização para Windows XP (KB967715)
avast! Antivirus
AviSynth 2.5
AVS DVD Player version 2.4
Battlefield 2(TM)
Bonjour
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Commandos 2: Men of Courage
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
DivXLand Media Subtitler
DVD Flick
FLV Player 2.0 (build 25)
FormatFactory 1.80
Fraps
Futuremark SystemInfo
GetRight
Google Earth
Google Update Helper
Google Updater
Grand Theft Auto IV
GRID
Guia do Usuário da Creative WebCam Instant (Português)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows XP (KB942288-v3)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB961118)
iTunes
Java(TM) 6 Update 5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Nero 8
Oblivion
Oblivion mod manager 1.1.12
OpenAL
Orbit Downloader
Pacote de Compatibilidade para o sistema Office 2007
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
PCI Audio Driver
PDF Settings
PowerISO
QuickTime
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Rockstar Games Social Club
Skype™ 3.8
Sniper Elite
Space Shuttle
SPORE™
SPORE™ Coleção de Partes Medonhas & Fofinhas
Spybot - Search & Destroy
Test Drive Unlimited
The Sims 2
TmUnitedForever
Tom Clancy's Rainbow Six Vegas 2
UltraISO Premium V9.3
Unreal Tournament 2004
USB all-in-one game controller
VIA Gerenciador de dispositivo de plataforma
VIA Rhine-Family Fast-Ethernet Adapter
Videora iPod touch Converter 4.05
VirtualCloneDrive
Winamp (remove only)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
Xvid 1.1.3 final uninstall

[Shaba]

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  Code:

  File::
  e:\Meus Downloads\utorrent.exe
  
  Folder::
  e:\arquivos de programas\eMule
  e:\Arquivos de programas\uTorrent
  
  DirLook::
  e:\windows\system32\SV121
  
  Registry::
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "e:\\Arquivos de programas\\eMule\\emule.exe"=-
  "e:\\Meus Downloads\\utorrent.exe"=-
  "e:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=-

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.