Help - Search - Members - Calendar
Full Version: Found 30 INFECTED objects on another computer...
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
nasapilot
Apr 21 2009, 05:36 PM
Hi again,
Just found my fiances' computer to be infected worse. Ran all the beginning protocols *they changed since i last did mine!
She is running Windows XP and also had Avast anti-virus running when infection occured. She removed Avast before running MBAM and rest of protocols. Her computer is really slow when starting and freezes up easily.
Thanks!


1.
Malwarebytes' Anti-Malware 1.36
Database version: 2018
Windaows 5.1.2600 Service Pack 2

21-04-2009 9:11:54
mbam-log-2009-04-21 (09-11-54).txt

Scan type: Quick Scan
Objects scanned: 70359
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 8
Files Infected: 9

Memory Processes Infected:
C:\Programas\Ficheiros comuns\FixMenaces\strpmon.exe (Rogue.SystemErrorFixer) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\FixMenaces (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\FixMenaces\Data (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cliente\Application Data\FixMenaces (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cliente\Application Data\FixMenaces\Logs (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Programas\Ficheiros comuns\FixMenaces (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Programas\FixMenaces (Rogue.FixMenaces) -> Quarantined and deleted successfully.

Files Infected:
C:\Programas\Ficheiros comuns\FixMenaces\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\FixMenaces\Data\ac (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\FixMenaces\Data\em (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\FixMenaces\Data\oid (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\FixMenaces\Data\user (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cliente\Application Data\FixMenaces\Logs\update.log (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\Programas\FixMenaces\swupd.log (Rogue.FixMenaces) -> Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Trojan.Koobface) -> Quarantined and deleted successfully.


2.

OTListIt logfile created on: 4/21/2009 6:13:23 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Cliente\Definições locais\Temporary Internet Files\Content.IE5\MK9BPL8C
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy

510.17 Mb Total Physical Memory | 212.79 Mb Available Physical Memory | 41.71% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 48.64 Gb Total Space | 32.82 Gb Free Space | 67.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOME-8765A365C7
Current User Name: Cliente
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/06/28 14:55:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005/12/09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\programas\ficheiros comuns\logitech\lvmvfm\LVPrcSrv.exe
PRC - [2007/06/14 20:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programas\Bonjour\mDNSResponder.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Java\jre6\bin\jqs.exe
PRC - [2007/05/25 10:38:38 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
PRC - [2007/05/25 10:38:20 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/05/28 08:35:56 | 00,036,864 | R--- | M] () -- C:\Programas\samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2004/08/04 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2005/06/28 14:55:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/06/13 14:22:26 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/02/02 04:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Programas\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 04:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Programas\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/03/04 04:01:56 | 00,088,209 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/08/17 02:37:00 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Programas\ltmoh\Ltmoh.exe
PRC - [2005/06/28 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/07/15 19:42:46 | 00,200,704 | R--- | M] () -- C:\Programas\Samsung\AVStation premium\bin\AVStation agent.exe
PRC - [2005/08/18 10:33:26 | 01,933,312 | ---- | M] () -- C:\Programas\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2004/03/17 01:06:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/06/17 18:18:04 | 02,785,280 | ---- | M] (SAMSUNG ELECTRONICS, CO.LTD) -- C:\Programas\Samsung\Samsung Command Center\PIC_UI.exe
PRC - [2005/06/27 19:30:06 | 00,360,448 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programas\SAMSUNG\MagicKBD\MagicKBD.exe
PRC - [2005/12/09 15:32:18 | 00,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/17 18:17:32 | 00,425,984 | ---- | M] (SAMSUNG ELECTRONICS, CO.LTD) -- C:\Programas\Samsung\Samsung Command Center\SamsungPIC.exe
PRC - [2008/06/12 16:57:18 | 00,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Programas\Search Settings\SearchSettings.exe
PRC - [2007/04/30 09:19:54 | 00,020,480 | ---- | M] () -- C:\Programas\Lexmark 1300 Series\lxdcamon.exe
PRC - [2004/07/27 14:48:04 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Java\jre6\bin\jusched.exe
PRC - [2009/04/04 09:54:07 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cliente\Definições locais\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/02/28 05:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Programas\Internet Explorer\iexplore.exe
PRC - [2006/08/31 20:33:02 | 00,115,024 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
PRC - [2008/10/13 12:25:02 | 12,310,864 | ---- | M] (Microsoft Corporation) -- C:\Programas\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/04/21 18:12:28 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cliente\Definições locais\Temporary Internet Files\Content.IE5\MK9BPL8C\OTListIt2[1].exe

========== Win32 Services (SafeList) ==========

SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/06/28 14:55:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/06/14 20:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programas\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/08/04 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/12/09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\programas\ficheiros comuns\logitech\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/05/25 10:38:38 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe -- (lxdcCATSCustConnectService [Auto | Running])
SRV - [2007/05/25 10:38:20 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe -- (lxdc_device [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/03/08 08:48:52 | 00,069,632 | ---- | M] () -- C:\Programas\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus [Auto | Stopped])
SRV - [2005/05/28 08:35:56 | 00,036,864 | R--- | M] () -- C:\Programas\samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service [Auto | Running])
SRV - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programas\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Programas\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/01/05 20:08:02 | 00,915,968 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/12/29 11:59:09 | 00,133,200 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2005/03/04 04:02:20 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/07/13 11:58:18 | 00,463,296 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2005/06/28 15:01:58 | 01,241,088 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/05/26 07:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006/02/20 03:17:40 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running])
DRV - [2000/08/23 17:19:38 | 00,004,300 | ---- | M] () -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO [Auto | Running])
DRV - [2004/05/18 06:43:54 | 00,005,088 | ---- | M] () -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI [Auto | Running])
DRV - [2005/10/21 18:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/10/21 18:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/07/19 03:34:22 | 01,049,180 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2005/12/09 15:35:54 | 02,174,464 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap [On_Demand | Stopped])
DRV - [2005/12/09 15:37:42 | 02,400,256 | ---- | M] () -- C:\WINDOWS\system32\drivers\lvmvdrv.sys -- (lvmvdrv [On_Demand | Stopped])
DRV - [2005/12/09 15:37:42 | 00,016,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon [On_Demand | Running])
DRV - [2005/12/06 04:26:16 | 00,039,424 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2000/03/29 17:11:20 | 00,008,096 | ---- | M] (MicroStaff Co.,Ltd.) -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT [Auto | Running])
DRV - [2005/12/03 00:48:42 | 00,031,680 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2005/12/06 04:27:04 | 00,007,136 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - [2005/12/06 04:30:19 | 00,916,096 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV302AV.SYS -- (PID_08A0 [On_Demand | Stopped])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/12/06 15:51:10 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Boot | Running])
DRV - [2005/04/18 22:21:08 | 00,027,136 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk [Boot | Running])
DRV - [2004/12/05 21:57:14 | 00,307,456 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Boot | Running])
DRV - [2004/05/18 06:43:58 | 00,043,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS -- (RITCPT [Boot | Running])
DRV - [2007/11/13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/09/01 13:17:46 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/08/30 18:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2005/08/30 18:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2005/08/30 18:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2005/02/02 03:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/04/30 16:01:56 | 03,281,408 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Stopped])
DRV - [2005/06/08 16:58:10 | 00,017,792 | ---- | M] () -- C:\WINDOWS\system32\drivers\wowfilter.sys -- (wowfilter [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/is&api/redir....d=iear=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/uk/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/26 10:43:44 | 00,000,000 | ---D | M]

[2008/10/17 21:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\mozilla\Firefox\Profiles\or4lf00d.default\extensions
[2008/09/12 22:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\mozilla\Firefox\Profiles\or4lf00d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/10/23 11:47:41 | 00,000,000 | ---D | M] -- C:\Programas\mozilla firefox\extensions
[2007/08/12 11:45:01 | 00,000,000 | ---D | M] -- C:\Programas\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/10 11:13:54 | 00,000,000 | ---D | M] -- C:\Programas\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/10/23 11:21:00 | 00,000,000 | ---D | M] -- C:\Programas\mozilla firefox\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}
[2008/10/23 11:30:06 | 00,000,000 | ---D | M] -- C:\Programas\mozilla firefox\extensions\search@searchsettings.com

O1 HOSTS File: (808 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programas\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Programas\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programas\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programas\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programas\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] "C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVStation premium] "C:\Programas\Samsung\AVStation premium\bin\AVStation agent.exe" ()
O4 - HKLM..\Run: [BatteryManager] C:\Programas\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [Blubster] C:\Programas\Blubster\Blubster.exe SILENT File not found
O4 - HKLM..\Run: [farstone] File not found
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Programas\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxdcamon] "C:\Programas\Lexmark 1300 Series\lxdcamon.exe" ()
O4 - HKLM..\Run: [lxdcmon.exe] "C:\Programas\Lexmark 1300 Series\lxdcmon.exe" File not found
O4 - HKLM..\Run: [MagicKeyboard] C:\Programas\SAMSUNG\MagicKBD\PreMKBD.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RestoreIT!] "C:\Programas\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart (FarStone Tech. Inc.)
O4 - HKLM..\Run: [SamsungPIC] C:\Programas\Samsung\Samsung Command Center\PIC_UI.exe (SAMSUNG ELECTRONICS, CO.LTD)
O4 - HKLM..\Run: [SearchSettings] C:\Programas\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Programas\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ccleaner] "C:\Programas\CCleaner\CCleaner.exe" /AUTO (Piriform Ltd)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Cliente\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programas\Ficheiros comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Ficheiros comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Programas\Ficheiros comuns\eztools\eztoolslib2.dll ()
O18 - Protocol\Filter: - text/xml - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/14 15:17:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8c2067e8-2431-11de-9eb9-0000f07bc546}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wmg32.exe -- File not found
O33 - MountPoints2\{8c2067e8-2431-11de-9eb9-0000f07bc546}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wmg32.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\Cliente\Os meus documentos\*.tmp files]
[2009/04/21 17:44:03 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Cliente\Ambiente de trabalho\HijackThis.exe
[2009/04/21 11:56:43 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Cliente\Os meus documentos\Doc1.doc
[2009/04/21 09:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\Application Data\Malwarebytes
[2009/04/21 09:06:06 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/21 09:06:06 | 00,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
[2009/04/21 09:06:04 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/21 09:06:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/21 09:06:02 | 00,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2009/04/21 07:40:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\Ambiente de trabalho\Computer Fix it Programs
[2009/04/20 20:29:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/19 13:00:50 | 00,116,640 | ---- | C] () -- C:\Documents and Settings\Cliente\Os meus documentos\DSCN1359.jpg
[2009/04/19 13:00:42 | 00,134,615 | ---- | C] () -- C:\Documents and Settings\Cliente\Os meus documentos\DSCN1357.jpg
[2009/04/08 12:50:51 | 00,001,512 | ---- | C] () -- C:\Documents and Settings\Cliente\Ambiente de trabalho\CCleaner.lnk
[2009/04/08 12:40:06 | 00,182,784 | ---- | C] () -- C:\Documents and Settings\Cliente\Os meus documentos\Landlord_Order_Form.doc
[2009/04/05 17:24:59 | 00,185,916 | ---- | C] () -- C:\Documents and Settings\Cliente\Os meus documentos\home2.jpg
[2009/04/05 17:24:43 | 00,175,878 | ---- | C] () -- C:\Documents and Settings\Cliente\Os meus documentos\Home.jpg
[2009/04/05 12:03:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\Os meus documentos\Events
[2009/04/05 12:02:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\Os meus documentos\cosy nest
[2009/04/05 11:58:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\Os meus documentos\Imogin's folder
[2009/04/04 09:54:12 | 00,000,940 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1459696707-1709670304-1825280218-1005.job
[2009/04/04 09:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\Definições locais\Application Data\Deployment
[2009/03/29 22:25:54 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Cliente\Os meus documentos\top rint.doc
[2009/03/17 12:08:52 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/29 10:25:29 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\BHARegister.dll
[2009/01/29 10:04:55 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/12/28 23:01:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll
[2008/12/28 23:01:42 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll
[2008/12/28 22:54:21 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini
[2008/12/28 22:54:19 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll
[2008/12/17 21:00:01 | 00,323,584 | R--- | C] () -- C:\WINDOWS\System32\LXDChcp.dll
[2008/12/17 20:57:26 | 00,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll
[2008/12/17 20:57:26 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll
[2008/12/17 20:57:26 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll
[2008/12/17 20:57:25 | 01,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll
[2008/12/17 20:57:24 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll
[2008/12/17 20:57:24 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll
[2008/12/17 20:57:24 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll
[2008/12/17 20:57:24 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll
[2008/12/17 20:57:22 | 00,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll
[2008/12/17 20:57:22 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll
[2008/12/17 20:57:21 | 00,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll
[2008/12/17 20:57:20 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll
[2007/11/08 16:46:44 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2007/08/07 13:59:45 | 00,000,149 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/13 18:39:20 | 00,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/13 18:35:41 | 00,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2007/05/07 11:29:38 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2007/05/07 11:29:37 | 00,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/01/12 17:40:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/09 15:37:42 | 02,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 15:37:42 | 00,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 15:35:54 | 02,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/12/03 00:45:52 | 00,000,413 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/03 00:33:45 | 00,001,543 | ---- | C] () -- C:\WINDOWS\System32\Cliente_KBD.ini
[2005/10/28 15:30:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/14 23:03:21 | 00,000,638 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/14 23:02:57 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/09/14 23:02:55 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/09/14 15:28:44 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2005/09/14 15:28:42 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2005/09/14 15:28:42 | 00,002,700 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2005/09/14 15:28:42 | 00,002,596 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2005/09/14 15:28:42 | 00,002,554 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2005/09/14 15:28:42 | 00,002,461 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2005/09/14 15:28:42 | 00,002,237 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2005/09/14 15:28:42 | 00,001,886 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2005/09/14 15:28:42 | 00,001,820 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2005/09/14 15:28:42 | 00,001,811 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2005/09/14 15:28:42 | 00,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2005/09/14 15:28:42 | 00,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2005/09/14 15:28:42 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2005/09/14 15:28:42 | 00,001,332 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2005/09/14 15:28:36 | 00,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2005/09/14 15:28:26 | 00,005,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2005/09/14 15:27:28 | 00,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2005/07/08 19:21:48 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\AVS3_Resource.dll
[2005/06/08 16:58:10 | 00,017,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2005/06/08 16:58:08 | 00,035,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/06/08 16:58:08 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/04/11 10:12:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImageIODll.dll
[2005/04/11 10:12:50 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\ImageAlbumSave.dll
[2005/02/26 13:33:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll
[2003/04/10 15:50:50 | 00,005,890 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\Cliente\Os meus documentos\*.tmp files]
[2009/04/21 17:21:14 | 00,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1459696707-1709670304-1825280218-1005.job
[2009/04/21 17:09:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 17:08:48 | 00,001,543 | ---- | M] () -- C:\WINDOWS\System32\Cliente_KBD.ini
[2009/04/21 17:05:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/21 17:05:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/21 17:05:10 | 53,502,3616 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/21 15:23:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/04/21 15:23:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/04/21 11:56:43 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Cliente\Os meus documentos\Doc1.doc
[2009/04/21 11:54:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/21 11:54:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/04/21 09:06:06 | 00,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
[2009/04/20 20:44:43 | 00,444,354 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2009/04/20 20:44:43 | 00,396,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/20 20:44:43 | 00,071,870 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2009/04/20 20:44:43 | 00,060,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/20 20:44:41 | 00,980,524 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/20 20:33:08 | 00,003,052 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/19 13:09:54 | 14,586,880 | -HS- | M] () -- C:\Documents and Settings\Cliente\Os meus documentos\Thumbs.db
[2009/04/19 13:00:50 | 00,116,640 | ---- | M] () -- C:\Documents and Settings\Cliente\Os meus documentos\DSCN1359.jpg
[2009/04/19 13:00:43 | 00,134,615 | ---- | M] () -- C:\Documents and Settings\Cliente\Os meus documentos\DSCN1357.jpg
[2009/04/18 20:29:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/18 20:29:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/17 20:50:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/17 20:50:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/15 12:46:26 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/15 12:46:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/15 08:51:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/15 08:51:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/09 09:29:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/09 09:29:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/08 12:50:52 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\Cliente\Ambiente de trabalho\CCleaner.lnk
[2009/04/08 12:40:16 | 00,182,784 | ---- | M] () -- C:\Documents and Settings\Cliente\Os meus documentos\Landlord_Order_Form.doc
[2009/04/07 09:56:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/07 09:56:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/06 18:49:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/04/06 18:49:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/06 15:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 11:45:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/06 11:45:32 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/06 11:38:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/06 11:38:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/05 22:36:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/05 22:36:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/05 22:36:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/05 22:36:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/05 22:33:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/05 22:33:48 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/05 20:13:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/05 20:13:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/05 17:46:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/05 17:46:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/05 17:41:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/04/05 17:41:26 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/05 17:40:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/04/05 17:40:16 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/04/05 17:39:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/04/05 17:39:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/04/05 17:38:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/04/05 17:38:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/04/05 17:24:02 | 00,175,878 | ---- | M] () -- C:\Documents and Settings\Cliente\Os meus documentos\Home.jpg
[2009/04/05 17:23:53 | 00,185,916 | ---- | M] () -- C:\Documents and Settings\Cliente\Os meus documentos\home2.jpg
[2009/03/29 22:25:55 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Cliente\Os meus documentos\top rint.doc
[2009/03/27 08:09:34 | 01,193,414 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

========== LOP Check ==========

[2009/04/21 09:11:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/23 11:21:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\143C8
[2005/09/14 15:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/08/15 13:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/11/16 23:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2005/09/14 15:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/08/12 11:48:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2007/05/19 22:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training
[2009/04/21 09:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/15 14:57:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/05 09:47:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2005/09/14 15:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung Electronics
[2007/08/13 21:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/04/14 19:46:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/03/08 20:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/12/19 22:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/04/21 09:11:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Cliente\Application Data
[2008/04/21 13:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Adobe
[2007/05/06 09:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\AdobeUM
[2008/11/16 23:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Apple Computer
[2006/11/05 16:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\CyberLink
[2005/09/14 15:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Help
[2005/09/14 15:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Identities
[2009/01/29 10:21:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\InstallShield
[2008/12/28 23:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Lexmark Productivity Studio
[2007/03/03 16:39:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Macromedia
[2009/04/21 09:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Malwarebytes
[2009/04/04 10:11:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Cliente\Application Data\Microsoft
[2009/04/07 09:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Mozilla
[2007/08/05 13:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\MySpace
[2008/12/17 21:37:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Real
[2009/01/29 10:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Samsung
[2005/09/14 15:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Samsung Electronics
[2008/10/23 11:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Search Settings
[2009/04/03 19:05:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Skype
[2009/04/03 17:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\skypePM
[2007/04/09 16:00:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Snapfish
[2007/01/11 13:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Sun
[2005/12/03 00:50:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Application Data\Symantec
[2004/08/04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/21 17:21:14 | 00,000,940 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1459696707-1709670304-1825280218-1005.job
[2009/04/21 17:05:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

3.
OTListIt Extras logfile created on: 4/21/2009 6:13:23 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Cliente\Definições locais\Temporary Internet Files\Content.IE5\MK9BPL8C
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: Estados Unidos | Language: ENU | Date Format: M/d/yyyy

510.17 Mb Total Physical Memory | 212.79 Mb Available Physical Memory | 41.71% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 48.64 Gb Total Space | 32.82 Gb Free Space | 67.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOME-8765A365C7
Current User Name: Cliente
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2007/06/20 12:00:28 | 00,029,360 | ---- | M] () -- C:\Programas\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Programas\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Programas\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
File not found -- C:\Programas\Blubster\Blubster.exe:*:Enabled:Blubster
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2007/05/25 10:38:20 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System
[2007/04/30 09:19:54 | 00,020,480 | ---- | M] () -- C:\Programas\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor
[2007/06/20 12:00:28 | 00,029,360 | ---- | M] () -- C:\Programas\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2008/11/07 15:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Programas\Skype\Phone\Skype.exe:*:Enabled:Skype
[2009/03/24 18:33:40 | 03,985,104 | ---- | M] (Google) -- C:\Documents and Settings\Cliente\Definições locais\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
[2009/03/24 17:55:30 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Cliente\Definições locais\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
[2007/05/25 10:38:32 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe:*:Enabled:
[2007/05/25 10:38:36 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe:*:Enabled:
[2007/05/25 10:38:48 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe:*:Enabled:
[2007/05/25 10:38:52 | 00,140,208 | ---- | M] (Copyright 2006-2007 Lexmark International, Inc. All rights reserved.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcwbgw.exe:*:Enabled:

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{095B0246-4EB6-45B9-B1BE-536097A0BDDA}" = HD Writer 2.5E for HDC
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Painel de Controle da ATI
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C9816-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium
"{5012BC0C-7E1A-329A-8F02-B6846070C5F8}" = Google Talk Plugin
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}" = ImageMixer with VCD
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110816-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen
"{A15E5EFD-76D7-4006-B7A5-8FBD86449BCB}" = IEEE 802.11 Wireless Lan Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AAB9478F-DE6B-498B-9420-21E1F1AC700D}" = WOW XT and TSXT Filter Driver
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-7AD7-1046-7B44-A00000000001}" = Adobe Reader 6.0.1 - Português
"{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.0
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C01EAD00-7A41-4045-9FB7-07813BA1EDAE}" = Samsung PC Studio 3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8FD6900-BBB1-42D4-A76A-AFD6B7CEE62A}" = PracticalScriptwriter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"All ATI Software" = ATI - Utilitário de desinstalação de software
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"Cinergy Script Editor" = Cinergy Script Editor
"DVDXCopyXpress" = DVDXCopy Xpress 3.0.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iMesh MediaBar" = MediaBar 2.0
"InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"InstallShield_{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"Lexmark 1300 Series" = Lexmark 1300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"QcDrv" = Logitech® Camera Driver
"RestoreIT!" = Recover Pro
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2009 2:23:58 AM | Computer Name = NOME-8765A365C7 | Source = PerfNet | ID = 2002
Description = Não foi possível abrir o serviço do redireccionador. Os dados de desempenho
do redireccionador não serão devolvidos. O erro de código devolvido encontra-se
nos dados DWORD 0.

Error - 4/21/2009 4:18:43 AM | Computer Name = NOME-8765A365C7 | Source = PerfNet | ID = 2002
Description = Não foi possível abrir o serviço do redireccionador. Os dados de desempenho
do redireccionador não serão devolvidos. O erro de código devolvido encontra-se
nos dados DWORD 0.

Error - 4/21/2009 6:32:24 AM | Computer Name = NOME-8765A365C7 | Source = PerfNet | ID = 2002
Description = Não foi possível abrir o serviço do redireccionador. Os dados de desempenho
do redireccionador não serão devolvidos. O erro de código devolvido encontra-se
nos dados DWORD 0.

Error - 4/21/2009 10:14:50 AM | Computer Name = NOME-8765A365C7 | Source = PerfNet | ID = 2002
Description = Não foi possível abrir o serviço do redireccionador. Os dados de desempenho
do redireccionador não serão devolvidos. O erro de código devolvido encontra-se
nos dados DWORD 0.

[ System Events ]
Error - 4/21/2009 12:53:08 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 12:53:09 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 12:53:12 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 12:53:17 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 12:53:21 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 12:53:25 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 12:53:31 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 1:00:48 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 1:00:55 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Error - 4/21/2009 1:00:59 PM | Computer Name = NOME-8765A365C7 | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.


< End of report >

4.
Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
AVStationpremium
AVStationpremium
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 13
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

Scan took 42 seconds.
`````````End of Log```````````
LoPhatPhuud
Apr 22 2009, 03:31 PM
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.
nasapilot
Apr 27 2009, 07:16 AM
ComboFix 09-04-25.A3 - Cliente 04/27/2009 7:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.2070.18.510.257 [GMT 1:00]
Running from: c:\documents and settings\Cliente\Ambiente de trabalho\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-21 08:06 . 2009-04-21 08:06 -------- d-----w c:\documents and settings\Cliente\Application Data\Malwarebytes
2009-04-21 08:06 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 08:06 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-21 08:06 . 2009-04-21 08:06 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-21 08:06 . 2009-04-21 08:06 -------- d-----w c:\programas\Malwarebytes' Anti-Malware
2009-04-04 08:51 . 2009-04-04 08:54 -------- d-----w c:\documents and settings\Cliente\Definições locais\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 08:25 . 2009-02-22 13:38 232 ---ha-w C:\sqmdata17.sqm
2009-04-24 08:25 . 2009-02-22 13:38 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-24 08:21 . 2009-02-21 23:47 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-24 08:21 . 2009-02-21 23:47 232 ---ha-w C:\sqmdata16.sqm
2009-04-23 08:10 . 2009-02-21 21:38 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-23 08:10 . 2009-02-21 21:38 232 ---ha-w C:\sqmdata15.sqm
2009-04-23 08:09 . 2009-02-21 19:36 232 ---ha-w C:\sqmdata14.sqm
2009-04-23 08:09 . 2009-02-21 19:36 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-22 18:55 . 2009-02-21 17:46 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-22 18:55 . 2009-02-21 17:46 232 ---ha-w C:\sqmdata13.sqm
2009-04-22 13:31 . 2009-02-21 02:17 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-22 13:31 . 2009-02-21 02:17 232 ---ha-w C:\sqmdata12.sqm
2009-04-22 12:02 . 2009-02-20 20:14 232 ---ha-w C:\sqmdata11.sqm
2009-04-22 12:02 . 2009-02-20 20:14 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-22 10:17 . 2009-02-20 15:20 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-22 10:17 . 2009-02-20 15:20 232 ---ha-w C:\sqmdata10.sqm
2009-04-22 09:37 . 2009-02-20 13:49 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-22 09:37 . 2009-02-20 13:49 232 ---ha-w C:\sqmdata09.sqm
2009-04-22 09:19 . 2009-02-20 08:56 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-22 09:19 . 2009-02-20 08:56 232 ---ha-w C:\sqmdata08.sqm
2009-04-21 14:23 . 2009-02-20 07:26 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-21 14:23 . 2009-02-20 07:26 232 ---ha-w C:\sqmdata07.sqm
2009-04-21 10:54 . 2009-02-19 18:41 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-21 10:54 . 2009-02-19 18:41 232 ---ha-w C:\sqmdata06.sqm
2009-04-20 19:45 . 2005-09-14 14:18 -------- d-----w c:\programas\Java
2009-04-20 19:44 . 2005-09-14 22:03 71870 ----a-w c:\windows\system32\perfc016.dat
2009-04-20 19:44 . 2005-09-14 22:03 444354 ----a-w c:\windows\system32\perfh016.dat
2009-04-18 19:29 . 2009-01-30 14:48 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-18 19:29 . 2009-01-30 14:48 232 ---ha-w C:\sqmdata05.sqm
2009-04-17 19:50 . 2009-01-30 14:42 232 ---ha-w C:\sqmdata04.sqm
2009-04-17 19:50 . 2009-01-30 14:42 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-15 11:46 . 2008-04-14 18:20 232 ---ha-w C:\sqmdata03.sqm
2009-04-15 11:46 . 2008-04-14 18:20 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-15 07:51 . 2008-04-14 18:12 232 ---ha-w C:\sqmdata02.sqm
2009-04-15 07:51 . 2008-04-14 18:12 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-09 08:29 . 2008-04-14 18:09 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-09 08:29 . 2008-04-14 18:09 232 ---ha-w C:\sqmdata01.sqm
2009-04-08 11:53 . 2008-12-28 22:03 -------- d-----w c:\programas\Lx_cats
2009-04-07 08:56 . 2008-04-14 12:10 232 ---ha-w C:\sqmdata00.sqm
2009-04-07 08:56 . 2008-04-14 12:10 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-06 17:49 . 2009-02-23 08:22 244 ---ha-w C:\sqmnoopt19.sqm
2009-04-06 17:49 . 2009-02-23 08:22 232 ---ha-w C:\sqmdata19.sqm
2009-04-06 10:45 . 2009-02-23 02:07 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-06 10:45 . 2009-02-23 02:07 232 ---ha-w C:\sqmdata18.sqm
2009-04-03 18:05 . 2007-05-05 20:52 -------- d-----w c:\documents and settings\Cliente\Application Data\Skype
2009-04-03 16:21 . 2008-04-09 19:39 -------- d-----w c:\documents and settings\Cliente\Application Data\skypePM
2009-03-22 11:24 . 2009-03-22 11:24 -------- d-----w c:\programas\Amazon
2009-03-09 04:19 . 2009-02-26 09:43 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:45 . 2005-09-14 22:02 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:07 . 2005-09-14 22:02 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-27 21:56 . 2009-02-27 21:56 4193464 ----a-w c:\documents and settings\All Users\SPLA.tmp
2009-02-20 17:09 . 2005-09-14 22:02 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:16 . 2005-09-14 22:02 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:49 . 2004-08-04 00:49 2061568 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:49 . 2005-09-14 22:02 2184320 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2005-09-14 22:02 727040 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2005-09-14 22:02 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2005-09-14 22:02 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2005-09-14 22:02 737792 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2005-09-14 22:02 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2005-09-14 22:02 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:10 . 2005-09-14 22:02 55808 ----a-w c:\windows\system32\secur32.dll
2009-01-29 09:06 . 2009-01-29 09:06 74 ----a-w C:\CMLoader.log
2008-08-15 16:34 . 2007-05-17 12:12 64368 ----a-w c:\documents and settings\Cliente\Definições locais\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 19:39 . 2008-04-09 19:39 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ccleaner"="c:\programas\CCleaner\CCleaner.exe" [2009-03-24 1488112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programas\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"LtMoh"="c:\programas\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"ATIPTA"="c:\programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"RestoreIT!"="c:\programas\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-09-23 114688]
"BatteryManager"="c:\programas\Samsung\Samsung Battery Manager\BatteryManager.exe" [2005-08-18 1933312]
"RemoteControl"="c:\programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-03-17 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"SearchSettings"="c:\programas\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"QuickTime Task"="c:\programas\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdcamon"="c:\programas\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"SoundMAXPnP"="c:\programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SunJavaUpdateSched"="c:\programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SamsungPIC"="c:\programas\Samsung\Samsung Command Center\PIC_UI.exe" [2005-06-17 2785280]
"MagicKeyboard"="c:\programas\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 159744]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programas\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programas\\MSN Messenger\\livecall.exe"=
"c:\\Programas\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Programas\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Programas\\Lexmark 1300 Series\\App4R.exe"=
"c:\\Programas\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Cliente\\Definições locais\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Cliente\\Definições locais\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcwbgw.exe"=

S0 RITCPT;RITCPT; [x]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2000-08-23 4300]
S2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2004-05-18 5088]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 537520]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 99248]
S2 SNM WLAN Service;SNM WLAN Service;c:\programas\samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864]
S3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\wowfilter.sys [2005-06-08 17792]

.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\programas\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
HKLM-Run-lxdcmon.exe - c:\programas\Lexmark 1300 Series\lxdcmon.exe
HKLM-Run-Blubster - c:\programas\Blubster\Blubster.exe
HKLM-Run-farstone - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 08:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\ext
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\100_02.jpg-711fb35d-76c88b45.idx 415 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\100_02.jpg-711fb35d-76c88b45.jpg 9000 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\100_02.jpg-71b91234-1d0464fb.idx 411 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\100_02.jpg-71b91234-1d0464fb.jpg 9000 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\11_02.jpg-eb6e5da-211c2c2d.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\11_02.jpg-eb6e5da-211c2c2d.jpg 6688 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\11_02.jpg-f5044b1-13d42d4f.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\11_02.jpg-f5044b1-13d42d4f.jpg 6688 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\15_02.jpg-2e3b9956-3ead8df7.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\15_02.jpg-2e3b9956-3ead8df7.jpg 7656 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\15_02.jpg-2ed4f82d-1507845d.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\15_02.jpg-2ed4f82d-1507845d.jpg 7656 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\202_06.jpg-3563dc3e-7d2db1df.idx 416 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\202_06.jpg-3563dc3e-7d2db1df.jpg 11727 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\202_06.jpg-35fd3b15-247463f9.idx 412 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\202_06.jpg-35fd3b15-247463f9.jpg 11727 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\85-88_02.jpg-726d7e1e-27584e35.idx 417 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\85-88_02.jpg-726d7e1e-27584e35.jpg 6988 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\85-88_02.jpg-7306dcf5-346d867d.idx 413 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\85-88_02.jpg-7306dcf5-346d867d.jpg 6988 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\91_02.jpg-30da5de2-44a26bfa.idx 415 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\91_02.jpg-30da5de2-44a26bfa.jpg 11546 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\91_02.jpg-3173bcb9-1a94e6d7.idx 411 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\91_02.jpg-3173bcb9-1a94e6d7.jpg 11546 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\92_02.jpg-18bb8ac1-7f5fd4e8.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\92_02.jpg-18bb8ac1-7f5fd4e8.jpg 8448 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\92_02.jpg-1954e998-72ab91ab.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\92_02.jpg-1954e998-72ab91ab.jpg 8448 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U18.jpg-666e956c-54da887c.jpg 3351 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U35.jpg-6914a150-740627ed.idx 412 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U35.jpg-6914a150-740627ed.jpg 3850 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U35.jpg-69ae0027-39574061.idx 408 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U35.jpg-69ae0027-39574061.jpg 3850 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U38.jpg-693ee7d3-3d3a6efa.idx 413 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U38.jpg-693ee7d3-3d3a6efa.jpg 10462 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U38.jpg-69d846aa-360b2769.idx 409 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U38.jpg-69d846aa-360b2769.jpg 10462 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U42.jpg-6a9f336c-6e7a1233.idx 412 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U42.jpg-6a9f336c-6e7a1233.jpg 5132 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U42.jpg-6b389243-51e94c1b.idx 408 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U42.jpg-6b389243-51e94c1b.jpg 5132 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\99_02.jpg-6fe3c4da-4ea81609.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\99_02.jpg-6fe3c4da-4ea81609.jpg 8511 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\99_02.jpg-707d23b1-1047944d.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\99_02.jpg-707d23b1-1047944d.jpg 8511 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\CheckInfo.class-7af292fb-30558c29.class 520 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\CheckInfo.class-7af292fb-30558c29.idx 255 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\dice.gif-465c3b71-5e61681a.gif 98 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\dice.gif-465c3b71-5e61681a.idx 238 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\funOff.gif-7f7307fa-654b19c3.gif 141 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\funOff.gif-7f7307fa-654b19c3.idx 241 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\funOn.gif-19d13512-4b0ccfb7.gif 141 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\funOn.gif-19d13512-4b0ccfb7.idx 240 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\37_02.jpg-2686d116-53c59f46.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\37_02.jpg-2686d116-53c59f46.jpg 7328 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\37_02.jpg-27202fed-34f5d996.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\37_02.jpg-27202fed-34f5d996.jpg 7328 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\38_02.jpg-e67fdf5-28e79c3d.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\38_02.jpg-e67fdf5-28e79c3d.jpg 3772 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\38_02.jpg-f015ccc-31b0e2a2.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\38_02.jpg-f015ccc-31b0e2a2.jpg 3772 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\47_02.jpg-3acb4017-682dccbb.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\47_02.jpg-3acb4017-682dccbb.jpg 6744 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\47_02.jpg-3b649eee-2f911ddf.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\47_02.jpg-3b649eee-2f911ddf.jpg 6744 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\53_05.jpg-2fb5421f-1014ba84.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\53_05.jpg-2fb5421f-1014ba84.jpg 5113 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\53_05.jpg-304ea0f6-25090256.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\53_05.jpg-304ea0f6-25090256.jpg 5113 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\game_background.jpg-3b06c4c-4a942877.jpg 93524 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ludo005_uk.gif-43d955df-15a28610.gif 844486 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ludo005_uk.gif-43d955df-15a28610.idx 241 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\RotatingPicture.class-28f246e1-70ee3971.class 8901 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\RotatingPicture.class-28f246e1-70ee3971.idx 426 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\RotatingPicture.class-298ba5b8-11db5d88.class 8901 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\RotatingPicture.class-298ba5b8-11db5d88.idx 422 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U18.jpg-65d53695-47a984a4.idx 412 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U18.jpg-65d53695-47a984a4.jpg 3351 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\game_background.jpg-3b06c4c-4a942877.idx 253 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U18.jpg-666e956c-54da887c.idx 408 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ludo_09960.jar-73ec52e1-2f5afd60.idx 83 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ludo_09960.jar-73ec52e1-2f5afd60.zip 405609 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nblobby_140.jar-47a4233a-16510128.idx 84 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nblobby_140.jar-47a4233a-16510128.zip 798693 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\shared_140.jar-445efa95-6d2963fe.idx 83 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\shared_140.jar-445efa95-6d2963fe.zip 159820 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\uploader.jar-100923fd-560f1148.idx 31501 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\uploader.jar-100923fd-560f1148.zip 484511 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\uploader.jar-689786e1-5a6cb417.idx 29417 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\uploader.jar-689786e1-5a6cb417.zip 692021 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\tmp
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\tmp

scan completed successfully
hidden files: 97

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1372)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-27 8:04
ComboFix-quarantined-files.txt 2009-04-27 07:04

Pre-Run: 35,259,805,696 bytes livres
Post-Run: 35,250,507,776 bytes livres

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

280 --- E O F --- 2009-04-15 14:01
LoPhatPhuud
Apr 27 2009, 04:19 PM
It appears that MBAM removed the most. VOmbofix was clean with the exception of a few stragglers.

Are there any outstanding issues?
nasapilot
Apr 30 2009, 09:24 AM
Great. No problems that we can tell. It's back to it's normal speed again.
Do you recommend A Squared Free 4.0 as an anti-virus? Or is AVG or Avira better?
I will install a good firewall on her system now.

Thanks again any recommends would be appreciated. You guys are the best! Been coming to you for almost 5 years now and I send all my friends to your site as well.

peace
J
LoPhatPhuud
Apr 30 2009, 04:31 PM
Delete OTListIt2 and the remove ComboFix (instructions follow). Nothing more to do and no recommendations.


Click Start, then click Run.
Enter into the command box that opens: combofix /u and then click OK.
nasapilot
May 14 2009, 12:35 PM
Found her computer locking up again. Ran a COMBOFIX and got this text:
---
ComboFix 09-05-13.02 - Cliente 14-05-2009 13:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.2070.18.510.284 [GMT 1:00]
Running from: c:\documents and settings\Cliente\Ambiente de trabalho\ComboFix.exe
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\recycler\S-5-8-71-100011465-100012588-100005617-8826.com
c:\windows\system32\drivers\gxvxcjlnowxdkbwulrssftofrrsktxiqympjx.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcumehesdotepxjyxiqeimpqxhkwbdwqku.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-06 09:42 . 2009-05-06 09:42 -------- d-----w c:\programas\Ficheiros comuns\HP
2009-05-06 09:42 . 2009-05-06 09:42 -------- d-----w c:\programas\Hewlett-Packard
2009-05-06 09:42 . 2009-05-06 09:42 -------- d-----w c:\programas\Ficheiros comuns\Hewlett-Packard
2009-05-06 09:40 . 2009-05-06 09:40 -------- d-----w c:\programas\HP
2009-05-06 09:30 . 2007-10-30 09:25 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-06 09:14 . 2009-05-06 09:42 141009 ----a-w c:\windows\hpoins27.dat
2009-05-06 09:14 . 2008-01-19 08:01 932 ------w c:\windows\hpomdl27.dat
2009-05-06 09:14 . 2009-05-06 09:14 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-06 09:13 . 2007-11-08 14:52 271704 ----a-r c:\windows\system32\hpzids01.dll
2009-05-06 09:13 . 2007-10-20 17:25 117760 ----a-w c:\windows\system32\hpzll5mu.dll
2009-05-06 08:58 . 2007-10-30 09:25 309760 ----a-r c:\windows\system32\difxapi.dll
2009-05-06 08:58 . 2007-10-30 09:25 372736 ----a-r c:\windows\system32\hppldcoi.dll
2009-05-06 08:58 . 2007-10-30 09:11 303104 ----a-r c:\windows\system32\hpovst15.dll
2009-05-06 08:58 . 2007-10-30 09:11 581632 ----a-r c:\windows\system32\hpotscl6.dll
2009-05-06 08:58 . 2007-10-30 09:11 729088 ----a-r c:\windows\system32\hpowiax7.dll
2009-05-03 12:45 . 2009-05-03 12:45 -------- d-----r c:\documents and settings\NetworkService\Favoritos
2009-05-03 12:39 . 2004-10-15 17:32 14568 ----a-w c:\windows\system32\drivers\wg6n.sys
2009-05-03 12:39 . 2004-10-15 17:32 14568 ----a-w c:\windows\system32\drivers\wg5n.sys
2009-05-03 12:39 . 2004-10-15 17:32 14568 ----a-w c:\windows\system32\drivers\wg4n.sys
2009-05-03 12:39 . 2004-10-15 17:32 14568 ----a-w c:\windows\system32\drivers\wg3n.sys
2009-05-03 12:39 . 2004-10-15 17:17 60496 ----a-w c:\windows\system32\drivers\Teefer.sys
2009-05-03 12:39 . 2004-10-15 17:18 21075 ----a-w c:\windows\system32\drivers\wpsdrvnt.sys
2009-05-03 12:39 . 2004-10-15 17:32 83096 ----a-w c:\windows\system32\SSSensor.dll
2009-05-03 12:38 . 2009-05-03 12:38 -------- d-----w c:\programas\Sygate
2009-05-03 11:44 . 2009-03-24 15:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-21 08:06 . 2009-04-21 08:06 -------- d-----w c:\documents and settings\Cliente\Application Data\Malwarebytes
2009-04-21 08:06 . 2009-04-21 08:06 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 12:07 . 2005-12-02 17:16 -------- d-----w c:\programas\Ahead
2009-05-14 12:07 . 2005-12-02 17:16 -------- d-----w c:\programas\Ficheiros comuns\Ahead
2009-05-03 12:54 . 2005-09-14 14:27 -------- d-----w c:\programas\Samsung
2009-05-03 12:51 . 2008-11-16 22:15 -------- d-----w c:\programas\Bonjour
2009-05-03 12:50 . 2007-05-01 17:48 -------- d-----w c:\programas\Windows Media Connect 2
2009-05-03 12:41 . 2005-09-14 14:22 -------- d--h--w c:\programas\InstallShield Installation Information
2009-05-03 12:31 . 2009-01-29 09:04 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-04-27 11:46 . 2007-07-30 17:47 -------- d-----w c:\programas\Driving Test Success Practical
2009-04-20 19:45 . 2005-09-14 14:18 -------- d-----w c:\programas\Java
2009-04-20 19:44 . 2005-09-14 22:03 71870 ----a-w c:\windows\system32\perfc016.dat
2009-04-20 19:44 . 2005-09-14 22:03 444354 ----a-w c:\windows\system32\perfh016.dat
2009-04-08 11:53 . 2008-12-28 22:03 -------- d-----w c:\programas\Lx_cats
2009-03-09 04:19 . 2009-02-26 09:43 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:45 . 2005-09-14 22:02 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:07 . 2005-09-14 22:02 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-27 21:56 . 2009-02-27 21:56 4193464 ----a-w c:\documents and settings\All Users\SPLA.tmp
2009-02-20 17:09 . 2005-09-14 22:02 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ccleaner"="c:\programas\CCleaner\CCleaner.exe" [2009-05-07 1561840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programas\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"LtMoh"="c:\programas\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"ATIPTA"="c:\programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"RestoreIT!"="c:\programas\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-09-23 114688]
"BatteryManager"="c:\programas\Samsung\Samsung Battery Manager\BatteryManager.exe" [2005-08-18 1933312]
"RemoteControl"="c:\programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-03-17 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"SoundMAXPnP"="c:\programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"MagicKeyboard"="c:\programas\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"SamsungPIC"="c:\programas\Samsung\Samsung Command Center\PIC_UI.exe" [2005-06-17 2785280]
"SunJavaUpdateSched"="c:\programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programas\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Programas\\Skype\\Phone\\Skype.exe"=
"c:\\Programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [14-09-2005 15:28 43512]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [14-09-2005 15:27 4300]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [14-09-2005 15:28 5088]
R2 SNM WLAN Service;SNM WLAN Service;c:\programas\Samsung\Samsung Network Manager\SNMWLANService.exe [28-05-2005 8:35 36864]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [08-06-2005 16:58 17792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVStation premium - c:\programas\Samsung\AVStation premium\bin\AVStation agent.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Cliente\Application Data\Mozilla\Firefox\Profiles\or4lf00d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 13:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\ext
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\100_02.jpg-711fb35d-76c88b45.idx 415 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\100_02.jpg-711fb35d-76c88b45.jpg 9000 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\100_02.jpg-71b91234-1d0464fb.idx 411 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\100_02.jpg-71b91234-1d0464fb.jpg 9000 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\11_02.jpg-eb6e5da-211c2c2d.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\11_02.jpg-eb6e5da-211c2c2d.jpg 6688 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\11_02.jpg-f5044b1-13d42d4f.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\11_02.jpg-f5044b1-13d42d4f.jpg 6688 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\15_02.jpg-2e3b9956-3ead8df7.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\15_02.jpg-2e3b9956-3ead8df7.jpg 7656 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\15_02.jpg-2ed4f82d-1507845d.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\15_02.jpg-2ed4f82d-1507845d.jpg 7656 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\202_06.jpg-3563dc3e-7d2db1df.idx 416 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\202_06.jpg-3563dc3e-7d2db1df.jpg 11727 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\202_06.jpg-35fd3b15-247463f9.idx 412 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\202_06.jpg-35fd3b15-247463f9.jpg 11727 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\85-88_02.jpg-726d7e1e-27584e35.idx 417 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\85-88_02.jpg-726d7e1e-27584e35.jpg 6988 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\85-88_02.jpg-7306dcf5-346d867d.idx 413 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\85-88_02.jpg-7306dcf5-346d867d.jpg 6988 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\91_02.jpg-30da5de2-44a26bfa.idx 415 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\91_02.jpg-30da5de2-44a26bfa.jpg 11546 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\91_02.jpg-3173bcb9-1a94e6d7.idx 411 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\91_02.jpg-3173bcb9-1a94e6d7.jpg 11546 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\92_02.jpg-18bb8ac1-7f5fd4e8.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\92_02.jpg-18bb8ac1-7f5fd4e8.jpg 8448 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\92_02.jpg-1954e998-72ab91ab.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\92_02.jpg-1954e998-72ab91ab.jpg 8448 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U18.jpg-666e956c-54da887c.jpg 3351 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U35.jpg-6914a150-740627ed.idx 412 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U35.jpg-6914a150-740627ed.jpg 3850 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U35.jpg-69ae0027-39574061.idx 408 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U35.jpg-69ae0027-39574061.jpg 3850 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U38.jpg-693ee7d3-3d3a6efa.idx 413 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U38.jpg-693ee7d3-3d3a6efa.jpg 10462 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U38.jpg-69d846aa-360b2769.idx 409 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U38.jpg-69d846aa-360b2769.jpg 10462 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U42.jpg-6a9f336c-6e7a1233.idx 412 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U42.jpg-6a9f336c-6e7a1233.jpg 5132 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U42.jpg-6b389243-51e94c1b.idx 408 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U42.jpg-6b389243-51e94c1b.jpg 5132 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\99_02.jpg-6fe3c4da-4ea81609.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\99_02.jpg-6fe3c4da-4ea81609.jpg 8511 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\99_02.jpg-707d23b1-1047944d.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\99_02.jpg-707d23b1-1047944d.jpg 8511 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\CheckInfo.class-7af292fb-30558c29.class 520 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\CheckInfo.class-7af292fb-30558c29.idx 255 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\dice.gif-465c3b71-5e61681a.gif 98 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\dice.gif-465c3b71-5e61681a.idx 238 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\funOff.gif-7f7307fa-654b19c3.gif 141 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\funOff.gif-7f7307fa-654b19c3.idx 241 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\funOn.gif-19d13512-4b0ccfb7.gif 141 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\funOn.gif-19d13512-4b0ccfb7.idx 240 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\37_02.jpg-2686d116-53c59f46.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\37_02.jpg-2686d116-53c59f46.jpg 7328 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\37_02.jpg-27202fed-34f5d996.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\37_02.jpg-27202fed-34f5d996.jpg 7328 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\38_02.jpg-e67fdf5-28e79c3d.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\38_02.jpg-e67fdf5-28e79c3d.jpg 3772 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\38_02.jpg-f015ccc-31b0e2a2.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\38_02.jpg-f015ccc-31b0e2a2.jpg 3772 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\47_02.jpg-3acb4017-682dccbb.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\47_02.jpg-3acb4017-682dccbb.jpg 6744 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\47_02.jpg-3b649eee-2f911ddf.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\47_02.jpg-3b649eee-2f911ddf.jpg 6744 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\53_05.jpg-2fb5421f-1014ba84.idx 414 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\53_05.jpg-2fb5421f-1014ba84.jpg 5113 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\53_05.jpg-304ea0f6-25090256.idx 410 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\53_05.jpg-304ea0f6-25090256.jpg 5113 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\game_background.jpg-3b06c4c-4a942877.jpg 93524 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ludo005_uk.gif-43d955df-15a28610.gif 844486 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ludo005_uk.gif-43d955df-15a28610.idx 241 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\RotatingPicture.class-28f246e1-70ee3971.class 8901 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\RotatingPicture.class-28f246e1-70ee3971.idx 426 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\RotatingPicture.class-298ba5b8-11db5d88.class 8901 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\RotatingPicture.class-298ba5b8-11db5d88.idx 422 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U18.jpg-65d53695-47a984a4.idx 412 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U18.jpg-65d53695-47a984a4.jpg 3351 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\game_background.jpg-3b06c4c-4a942877.idx 253 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\U18.jpg-666e956c-54da887c.idx 408 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ludo_09960.jar-73ec52e1-2f5afd60.idx 83 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ludo_09960.jar-73ec52e1-2f5afd60.zip 405609 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nblobby_140.jar-47a4233a-16510128.idx 84 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nblobby_140.jar-47a4233a-16510128.zip 798693 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\shared_140.jar-445efa95-6d2963fe.idx 83 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\shared_140.jar-445efa95-6d2963fe.zip 159820 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\uploader.jar-100923fd-560f1148.idx 31501 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\uploader.jar-100923fd-560f1148.zip 484511 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\uploader.jar-689786e1-5a6cb417.idx 29417 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\uploader.jar-689786e1-5a6cb417.zip 692021 bytes
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\tmp
c:\documents and settings\Cliente\Application Data\Sun\Java\Deployment\cache\tmp

scan completed successfully
hidden files: 97

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-14 13:28
ComboFix-quarantined-files.txt 2009-05-14 12:27

Pre-Run: 38.403.211.264 bytes livres
Post-Run: 38.390.964.224 bytes livres

244 --- E O F --- 2009-04-30 11:14
LoPhatPhuud
May 14 2009, 05:41 PM
ComboFix seems to have cleaned it. There is nothing showing. You may want to update MBAM and run it as well.

ALso, you should dump the Java cache on your wife's computer.

Control Panels -> Java -> General Tab -> Settings (Temporary Internet Files section)

You can delete the cache file from the new dialog that opens
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.