Hello
My PC as caught a fairly large virus infection. Before I find this forum I've manage to remove most of them using a number of AV rescue disks and removal tools I found in the web.
At this point there are only two infections remaining:
C:\Windows\assembly\Gac_32\Desktop.ini
C:\Windows\assembly\Gac_64\Desktop.ini
Both identified as win32:sirefef-PL [Rtk]
I'll start to say that I don't experience, at this point, any of the effects of the virus I saw described in the net, everything seems to work well.
Following the 5-step post guideline I've done several boot scans with avast. The virus was found and eliminated but came back at windows boot. Strangely if I do a context (right click) scan of the assembly folder with avast and deleted the infected files, the folder remains clean until next boot.
The malwarebytes scan didn't caught anything, here's the log:
========================================
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Versão da base de dados: v2012.06.10.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alb :: ALB-PC [administrador]
10-06-2012 16:34:15
mbam-log-2012-06-10 (16-34-15).txt
Tipo de pesquisa: Rápida
Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI
Opções de pesquisa desactivadas: P2P
Objectos verificados: 219508
Tempo decorrido: 7 minuto(s), 54 segundo(s)
Processos de memória Detectados: 0
(Nenhum item malicioso detectado)
Módulos de Memória Detectados: 0
(Nenhum item malicioso detectado)
Chaves do Registo Detectadas: 0
(Nenhum item malicioso detectado)
Valores do Registo Detectados: 0
(Nenhum item malicioso detectado)
Itens de dados do Registo Detectados: 0
(Nenhum item malicioso detectado)
Pastas Detectadas: 0
(Nenhum item malicioso detectado)
Ficheiros Detectados: 0
(Nenhum item malicioso detectado)
(fim)
===================================
Next Step run GMER, the quick scan at startup didn't produce any log, in doubt I've clicked the scan button (hope that's what you want), here's the log:
===================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-10 17:12:21
Windows 6.1.7601 Service Pack 1
Running: b4jepem8.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b0d04d7df
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b0d04d7df@0017e69cfbcc 0x45 0xE7 0x00 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b0d04d7df@d8b377263113 0xCC 0xC5 0xFE 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b0d04d7df@f48e0906e764 0xBB 0x1C 0xB9 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x75 0x45 0x88 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x19 0xB8 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x4C 0xB9 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x06 0xAD 0x91 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d04d7df (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d04d7df@0017e69cfbcc 0x45 0xE7 0x00 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d04d7df@d8b377263113 0xCC 0xC5 0xFE 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d04d7df@f48e0906e764 0xBB 0x1C 0xB9 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x75 0x45 0x88 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x19 0xB8 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x4C 0xB9 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x06 0xAD 0x91 0x3A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC6D967F-6F59-29F8-1D98-D9E74672B269}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC6D967F-6F59-29F8-1D98-D9E74672B269}@haebdfbmbmpnkpga 0x6E 0x62 0x65 0x62 ...
---- Files - GMER 1.0.15 ----
File C:\Users\Alb\AppData\Local\Microsoft\Windows Sidebar\Gadgets\MailPreview.gadget\Client\wpdatacache_394140410706803902199.dat 0 bytes
---- EOF - GMER 1.0.15 ----
===========================================
Finally I run DDS, here's the logs:
===========================================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by Alb at 17:13:05 on 2012-06-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.2070.18.8191.5971 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\UberIcon\UberIcon Manager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\AIDA64 Extreme Edition\aida64.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\fsproflt.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\MonitorSoftware\monitor.exe
C:\Program Files\MonitorSoftware\wpRMI.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\AASP\1.00.97\aaCenter.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\MonitorSoftware\UPSMS.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Programa Auxiliar de Início de Sessão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [UberIcon] "C:\Program Files (x86)\UberIcon\UberIcon Manager.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Power Favorites - C:\Program Files (x86)\Power Favorites\copyurl.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
LSP: mswsock.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{6A42C88C-59CB-46FC-86F4-03CA3F0C2D31} : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{449D0D6E-2412-4E61-B68F-1CB625CD9E52}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{EA801577-E6AD-4BD5-8F71-4BE0154331A4}
{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{553891B7-A0D5-4526-BE18-D3CE461D6310}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{BA14329E-9550-4989-B3F2-9732E92D17CC}
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
IE-X64: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
Hosts: 82.192.86.132 oron.com www.oron.com
Hosts: 78.140.176.186 filesonic.com www.filesonic.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\fdi7zc2x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\fdi7zc2x.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\fdi7zc2x.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - d8a9e416-c0e1-4bb5-9b22-9c08c60ea75e
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 BTOWSVF;BTOWSVF;C:\Windows\system32\Drivers\BTOWSVF.sys --> C:\Windows\system32\Drivers\BTOWSVF.sys [?]
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Alb\Desktop\Emsisoft Emergency Kit\Run\a2ddax64.sys [2012-6-8 23208]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 BTOWSFF;BTOWSFF;\??\C:\Windows\System32\Drivers\BTOWSFF.sys --> C:\Windows\System32\Drivers\BTOWSFF.sys [?]
R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-14 44768]
R2 cbVSCService11;Cobian Backup 11 Solicitador de Cópia Sombra de Volume;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-5-8 67584]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2012-5-8 1131008]
R2 fsproflt;FSPro Filter Service;C:\Windows\SysWOW64\fsproflt.exe [2010-1-21 142648]
R2 hasplms;Sentinel Local License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-12-18 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-12-18 487280]
R2 UPSmonitor;UPSmonitor;C:\Program Files\MonitorSoftware\monitor.exe [2011-5-10 199911]
R2 UPSRMI;UPSRMI;C:\Program Files\MonitorSoftware\wpRMI.exe [2011-5-10 199905]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;C:\Program Files (x86)\AIDA64 Extreme Edition\kerneld.x64 [2012-5-30 28320]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PAC207;Trust WB-1400T Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Serviço Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-5 913752]
S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S3 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-15 8704]
S3 gupdatem;Serviço Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Media Jukebox 14 Service;Media Jukebox 14 Service;C:\Program Files (x86)\Media Jukebox 14\JRService.exe [2011-12-16 379400]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2010-12-16 66560]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-1-19 25504]
S3 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2012-1-31 205312]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-1-19 27584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;Serviço Stub de Virtualização de USB;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2011-7-26 96768]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-22 2228008]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
.
=============== File Associations ===============
.
txtfile=C:\Windows\NOTEPAD.EXE %1
.txt=bftxtfile
.
=============== Created Last 30 ================
.
2012-06-09 20:46:11 -------- d-----w- C:\ProgramData\Sophos
2012-06-09 15:26:32 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5E01A46-CC0F-4433-87A7-F657D5CC769A}\mpengine.dll
2012-06-09 02:22:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-07 22:56:03 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-06-07 22:50:06 -------- d-----w- C:\ProgramData\RegRun
2012-06-07 22:49:54 2 --shatr- C:\Windows\winstart.bat
2012-06-07 22:49:46 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-06-07 21:36:59 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-06-07 21:29:19 -------- d-----w- C:\Users\Alb\AppData\Roaming\Malwarebytes
2012-06-07 21:29:13 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-07 21:29:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-07 21:29:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 21:15:28 388096 ----a-r- C:\Users\Alb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-07 21:15:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-07 19:26:20 -------- d-----w- C:\Users\Alb\DoctorWeb
2012-06-07 00:48:54 -------- d-----w- C:\Users\Alb\AppData\Local\Chromium
2012-06-07 00:48:44 -------- d-----w- C:\ProgramData\Rockstar Games
2012-06-07 00:39:24 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-06-01 20:23:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-06-01 20:19:25 -------- d-----w- C:\Windows\AutoKMS
2012-06-01 20:19:06 151552 ----a-w- C:\Windows\KMSEmulator.exe
2012-06-01 19:01:37 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-06-01 19:01:23 -------- d-----w- C:\Windows\PCHEALTH
2012-06-01 17:53:20 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits
2012-05-30 21:41:05 55104 ----a-w- C:\Windows\System32\drivers\BTOWSVF.sys
2012-05-30 21:41:05 33088 ----a-w- C:\Windows\System32\drivers\BTOWSFF.sys
2012-05-30 19:18:19 -------- d-----w- C:\Program Files (x86)\Toolwiz TimeFreeze
2012-05-29 14:24:10 -------- d-----w- C:\Users\Alb\.MCReferenceSdk
2012-05-29 14:23:06 180224 ----a-w- C:\Windows\SysWow64\QTCF.dll
2012-05-29 14:19:04 -------- d-----w- C:\Users\Alb\AppData\Local\SafeNet Sentinel
2012-05-29 14:18:51 78208 ----a-w- C:\Windows\System32\drivers\aksdf.sys
2012-05-29 14:18:50 -------- d-----w- C:\Program Files (x86)\Common Files\Aladdin Shared
2012-05-29 14:18:48 4889032 ----a-w- C:\Windows\System32\hasplms.exe
2012-05-29 14:18:48 4889032 ----a-w- C:\Windows\System32\aksllmtp.exe
2012-05-29 14:18:48 139592 ----a-w- C:\Windows\System32\drivers\aksfridge.sys
2012-05-29 14:18:34 321536 ----a-w- C:\Windows\System32\drivers\hardlock.sys
2012-05-29 14:18:23 198088 ----a-w- C:\Windows\SysWow64\hlvdd.dll
2012-05-23 21:40:58 -------- d-----w- C:\Program Files (x86)\Ontrack
2012-05-19 18:53:01 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite
2012-05-18 21:37:29 90112 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2012-05-16 20:35:13 -------- d-----w- C:\Program Files (x86)\mp3DirectCut
2012-05-14 23:52:32 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-14 23:52:01 -------- d-----w- C:\Users\Alb\AppData\Local\PunkBuster
2012-05-14 20:19:15 -------- d-----w- C:\Users\Alb\AppData\Roaming\PowerUp Software
2012-05-14 20:19:15 -------- d-----w- C:\ProgramData\PowerUp Software
2012-05-13 23:23:46 -------- d-----w- C:\Program Files (x86)\Audacity
.
==================== Find3M ====================
.
2012-05-21 22:31:01 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-21 22:26:58 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-16 20:31:14 69632 ----a-w- C:\Windows\SysWow64\realbap1.dll
2012-05-16 20:31:14 45568 ----a-w- C:\Windows\SysWow64\realbsf1.dll
2012-05-14 23:57:02 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-04 21:03:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:03:12 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:03:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 13:53:12 36232 ----a-w- C:\Windows\SysWow64\rgbacodec.dll
2012-04-12 22:34:38 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-04-02 18:08:47 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-04-02 18:08:47 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-02 17:58:26 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-04-02 17:47:31 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-04-02 17:47:31 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-01 14:43:46 15664 ----a-w- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
2012-04-01 14:43:46 109360 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2003-03-21 13:45:22 250544 ----a-w- C:\Program Files (x86)\Common Files\keyhelp.ocx
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 17:13:41,15 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 16-01-2010 16:32:53
System Uptime: 10-06-2012 16:17:24 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Maximus Formula
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | LGA775 | 1981/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 500 GiB total, 128,762 GiB free.
D: is FIXED (NTFS) - 497 GiB total, 106,442 GiB free.
E: is FIXED (NTFS) - 400 GiB total, 229,676 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 103,372 GiB free.
G: is FIXED (NTFS) - 1863 GiB total, 653,748 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1160: 09-06-2012 23:15:11 - ComboFix created restore point
.
==== Installed Programs ======================
.
32nd America's Cup 0.2.0.0
ACDSee Pro 5
Actual Multiple Monitors 3.4.2
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Lens Profile Downloader
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Advanced SystemCare 5
Advanced Uninstaller PRO v10.1 (remove!)
AI Suite
AIDA64 Extreme Edition v2.30
All Media Fixer 2008 9.07
AllDup 3.4.0
AnalogX DXMan
Apple Application Support
Apple Software Update
Artisteer 3
Assassin's Creed Brotherhood
Assassin's Creed Revelations
Astra Gift Maker version 1.2
ASUSUpdate
Audacity 2.0
AutoHotkey 1.1.03.00
Autopano-SIFT 2.3
avast! Free Antivirus
AviSynth 2.5
BadCopy Pro
Bluefish 2.2.1
Boilsoft Video Joiner 6.34
Boilsoft Video Splitter 6.33
BTNext Legacy
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Cobian Backup 11 Gravity
CyberLink LabelPrint
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
DebugMode Wax 2.0
DebugMode Wink
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Desktop Plagiarism Checker versão 1.1
DiRT 3
DivXLand Media Subtitler
Dropbox
DVD Architect Pro 5.2
DVD Flick 1.3.0.7
DVDFab 8.1.7.8 (17/04/2012) Qt
DVDInfoPro 6.5.2.8
EAX4 Unified Redist
Emsa DLL Register Tool 1.0
eMule
erLT
Flash Movie Player 1.5
FormatFactory 2.95
FreeArc 0.666
Freemake Audio Converter versão 1.1.0
Freemake Video Converter versão 3.0.2
Freemake Video Downloader
Galeria de Fotografias do Windows Live
GetDataBack for FAT
GetDataBack for NTFS
Google Chrome
Google Chrome Frame
Google Drive
Google Earth
Google Update Helper
Griffith 0.13.0
HD Camcorder Add-on
HD Tune Pro 4.01
HiJackThis
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HotPotatoes v 6.3.0.3
HTML-Kit
Hugin 2011.4.0
HydraVision
Inkscape 0.48.3.1
Instalação do DivX
Java Auto Updater
Java(TM) 7 Update 3
JClic (offline)
JDownloader 0.9
jv16 PowerTools 2011
Karen's Directory Printer
KeePass Password Safe 1.19b
LAME v3.98.2 for Audacity
LG Tool Kit
LibreOffice 3.5
LibreOffice 3.5 Help Pack (Portuguese)
LightScribe Diagnostic Utility
LightScribe System Software
LightScribe Template Designs - Athletic Pack 1
LightScribe Template Designs - Hobby Pack 1
LightScribe Template Designs - Kids Korner Pack 1
LightScribe Template Designs - Music Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Travel Pack 1
LightScribe Template Labeler
Lightworks
Logitech SetPoint
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware versão 1.61.0.1400
Marvell Miniport Driver
Max Payne 3
Media Jukebox 14
Mega Manager
Microsoft DirectX Transform optional components
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Portugal)) 2010
Microsoft Office Excel MUI (Portuguese (Portugal)) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Portuguese (Portugal)) 2010
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2010
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Portuguese (Portugal)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Portugal)) 2010
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2010
Microsoft Office Shared MUI (Portuguese (Portugal)) 2010
Microsoft Office Word MUI (Portuguese (Portugal)) 2010
Microsoft Research AutoCollage 2008 Academic Edition
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MKVToolNix 5.5.0
Mozilla Firefox 12.0 (x86 pt-PT)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 pt-PT)
MP3 Repair Tool v1.5.2
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
msxml4
muvee Adrenaline Rush stylePack
muvee Back To School Style
muvee Christmas Cheer stylePack
muvee Halloween Horrors Style
muvee HD Plus Add-on
muvee Independence Day Style
muvee Life Story Style
muvee Mix It Up stylePack
muvee photoFamily stylePack
muvee photoFocus stylePack
muvee photoGenie stylePack
muvee Reveal
muvee Style Pack Runtime
muvee Wedding stylePack
MySQL Server 5.1
Neat Image v6.0 Pro+
Need For Speed World
Nokia Connectivity Cable Driver
Nokia Map Loader
Nokia PC Suite
Nokia_Multimedia_Common_Components_2_5
NVIDIA PhysX
OpenAL
OpenLibraries
Opera 11.64
PC Connectivity Solution
PC Probe II
PC Wizard 2010.1.94
PDF Password Remover v3.1
Photodex Presenter
Power Favorites 1.7.7
ProShow Producer
ProShow Workshop - Creative Captions
ProShow Workshop - Exploring Layer Keyframing
ProShow Workshop - Masking Exposed
ProShow Workshop - Mastering Audio
ProShow Workshop - Working With Layers
Protect My Disk 5.0
PunkBuster Services
QuickTime Alternative 3.2.2
Rapture3D 2.4.8 Game
RocketDock 1.3.5
Rockstar Games Social Club
Samsung AllShare
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shareaza 2.5.5.0
SHIFT 2 UNLEASHED
SizeMe 2,0,0,1926
Skype 5.8
SlimDrivers
Smart Defrag 2
Songbird 1.4.3 (Build 1438)
SoundMAX
SpywareBlaster 4.6
Startup Delayer v3.0 (build 323)
Subtitle Edit 3.2.3
SUPER © v2012.build.51 (April 7, 2012) versão v2012.build.51
SysInfoTools Open Office Calc File Repair v1.0
SysInfoTools Open Office Writer File Repair v1.0
TeamViewer 6
TMPGEnc 4.0 XPress
TMPGEnc MPEG Editor 2.0
TMPGEnc Plus 2.5
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Toolwiz TimeFreeze
Trust 100K Series Webcam
Trust WB-1400T Webcam
TweakNow PowerPack 2010
UberIcon 1.0.4
Ubisoft Game Launcher
UltraISO Premium V9.35
UniConvertor
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VASST Ultimate S Pro 4.1.7
VC80CRTRedist - 8.0.50727.6195
Visual CD
VLC media player 2.0.1
Vsk5 - patch1
VUE 3.1.2
Vuze
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Windows 7 USB/DVD Download Tool
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Resource Kit Tools - SubInAcl.exe
WinMerge 2.12.4
WinMorph 3.01
WinPcap 4.1.2
Winpower
XnView 1.98.5
.
==== End Of File ===========================
As requested for now I'll stay put awiting instructions.
Tanks in advanced for your help.
Best regards
Zedopipo
My PC as caught a fairly large virus infection. Before I find this forum I've manage to remove most of them using a number of AV rescue disks and removal tools I found in the web.
At this point there are only two infections remaining:
C:\Windows\assembly\Gac_32\Desktop.ini
C:\Windows\assembly\Gac_64\Desktop.ini
Both identified as win32:sirefef-PL [Rtk]
I'll start to say that I don't experience, at this point, any of the effects of the virus I saw described in the net, everything seems to work well.
Following the 5-step post guideline I've done several boot scans with avast. The virus was found and eliminated but came back at windows boot. Strangely if I do a context (right click) scan of the assembly folder with avast and deleted the infected files, the folder remains clean until next boot.
The malwarebytes scan didn't caught anything, here's the log:
========================================
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Versão da base de dados: v2012.06.10.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alb :: ALB-PC [administrador]
10-06-2012 16:34:15
mbam-log-2012-06-10 (16-34-15).txt
Tipo de pesquisa: Rápida
Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI
Opções de pesquisa desactivadas: P2P
Objectos verificados: 219508
Tempo decorrido: 7 minuto(s), 54 segundo(s)
Processos de memória Detectados: 0
(Nenhum item malicioso detectado)
Módulos de Memória Detectados: 0
(Nenhum item malicioso detectado)
Chaves do Registo Detectadas: 0
(Nenhum item malicioso detectado)
Valores do Registo Detectados: 0
(Nenhum item malicioso detectado)
Itens de dados do Registo Detectados: 0
(Nenhum item malicioso detectado)
Pastas Detectadas: 0
(Nenhum item malicioso detectado)
Ficheiros Detectados: 0
(Nenhum item malicioso detectado)
(fim)
===================================
Next Step run GMER, the quick scan at startup didn't produce any log, in doubt I've clicked the scan button (hope that's what you want), here's the log:
===================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-10 17:12:21
Windows 6.1.7601 Service Pack 1
Running: b4jepem8.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b0d04d7df
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b0d04d7df@0017e69cfbcc 0x45 0xE7 0x00 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b0d04d7df@d8b377263113 0xCC 0xC5 0xFE 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b0d04d7df@f48e0906e764 0xBB 0x1C 0xB9 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x75 0x45 0x88 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x19 0xB8 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x4C 0xB9 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x06 0xAD 0x91 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d04d7df (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d04d7df@0017e69cfbcc 0x45 0xE7 0x00 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d04d7df@d8b377263113 0xCC 0xC5 0xFE 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b0d04d7df@f48e0906e764 0xBB 0x1C 0xB9 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x75 0x45 0x88 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x19 0xB8 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x4C 0xB9 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x06 0xAD 0x91 0x3A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC6D967F-6F59-29F8-1D98-D9E74672B269}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC6D967F-6F59-29F8-1D98-D9E74672B269}@haebdfbmbmpnkpga 0x6E 0x62 0x65 0x62 ...
---- Files - GMER 1.0.15 ----
File C:\Users\Alb\AppData\Local\Microsoft\Windows Sidebar\Gadgets\MailPreview.gadget\Client\wpdatacache_394140410706803902199.dat 0 bytes
---- EOF - GMER 1.0.15 ----
===========================================
Finally I run DDS, here's the logs:
===========================================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by Alb at 17:13:05 on 2012-06-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.2070.18.8191.5971 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\UberIcon\UberIcon Manager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\AIDA64 Extreme Edition\aida64.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\fsproflt.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\MonitorSoftware\monitor.exe
C:\Program Files\MonitorSoftware\wpRMI.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\AASP\1.00.97\aaCenter.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\MonitorSoftware\UPSMS.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Programa Auxiliar de Início de Sessão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [UberIcon] "C:\Program Files (x86)\UberIcon\UberIcon Manager.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Power Favorites - C:\Program Files (x86)\Power Favorites\copyurl.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
LSP: mswsock.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{6A42C88C-59CB-46FC-86F4-03CA3F0C2D31} : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{449D0D6E-2412-4E61-B68F-1CB625CD9E52}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{EA801577-E6AD-4BD5-8F71-4BE0154331A4}
{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{553891B7-A0D5-4526-BE18-D3CE461D6310}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{BA14329E-9550-4989-B3F2-9732E92D17CC}
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
IE-X64: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
Hosts: 82.192.86.132 oron.com www.oron.com
Hosts: 78.140.176.186 filesonic.com www.filesonic.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\fdi7zc2x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\fdi7zc2x.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\fdi7zc2x.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - d8a9e416-c0e1-4bb5-9b22-9c08c60ea75e
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 BTOWSVF;BTOWSVF;C:\Windows\system32\Drivers\BTOWSVF.sys --> C:\Windows\system32\Drivers\BTOWSVF.sys [?]
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Alb\Desktop\Emsisoft Emergency Kit\Run\a2ddax64.sys [2012-6-8 23208]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 BTOWSFF;BTOWSFF;\??\C:\Windows\System32\Drivers\BTOWSFF.sys --> C:\Windows\System32\Drivers\BTOWSFF.sys [?]
R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-14 44768]
R2 cbVSCService11;Cobian Backup 11 Solicitador de Cópia Sombra de Volume;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-5-8 67584]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2012-5-8 1131008]
R2 fsproflt;FSPro Filter Service;C:\Windows\SysWOW64\fsproflt.exe [2010-1-21 142648]
R2 hasplms;Sentinel Local License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-12-18 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-12-18 487280]
R2 UPSmonitor;UPSmonitor;C:\Program Files\MonitorSoftware\monitor.exe [2011-5-10 199911]
R2 UPSRMI;UPSRMI;C:\Program Files\MonitorSoftware\wpRMI.exe [2011-5-10 199905]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;C:\Program Files (x86)\AIDA64 Extreme Edition\kerneld.x64 [2012-5-30 28320]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PAC207;Trust WB-1400T Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Serviço Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-5 913752]
S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S3 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-15 8704]
S3 gupdatem;Serviço Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Media Jukebox 14 Service;Media Jukebox 14 Service;C:\Program Files (x86)\Media Jukebox 14\JRService.exe [2011-12-16 379400]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2010-12-16 66560]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-1-19 25504]
S3 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2012-1-31 205312]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-1-19 27584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;Serviço Stub de Virtualização de USB;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2011-7-26 96768]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-22 2228008]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
.
=============== File Associations ===============
.
txtfile=C:\Windows\NOTEPAD.EXE %1
.txt=bftxtfile
.
=============== Created Last 30 ================
.
2012-06-09 20:46:11 -------- d-----w- C:\ProgramData\Sophos
2012-06-09 15:26:32 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5E01A46-CC0F-4433-87A7-F657D5CC769A}\mpengine.dll
2012-06-09 02:22:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-07 22:56:03 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-06-07 22:50:06 -------- d-----w- C:\ProgramData\RegRun
2012-06-07 22:49:54 2 --shatr- C:\Windows\winstart.bat
2012-06-07 22:49:46 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-06-07 21:36:59 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-06-07 21:29:19 -------- d-----w- C:\Users\Alb\AppData\Roaming\Malwarebytes
2012-06-07 21:29:13 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-07 21:29:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-07 21:29:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 21:15:28 388096 ----a-r- C:\Users\Alb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-07 21:15:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-07 19:26:20 -------- d-----w- C:\Users\Alb\DoctorWeb
2012-06-07 00:48:54 -------- d-----w- C:\Users\Alb\AppData\Local\Chromium
2012-06-07 00:48:44 -------- d-----w- C:\ProgramData\Rockstar Games
2012-06-07 00:39:24 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-06-01 20:23:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-06-01 20:19:25 -------- d-----w- C:\Windows\AutoKMS
2012-06-01 20:19:06 151552 ----a-w- C:\Windows\KMSEmulator.exe
2012-06-01 19:01:37 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-06-01 19:01:23 -------- d-----w- C:\Windows\PCHEALTH
2012-06-01 17:53:20 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits
2012-05-30 21:41:05 55104 ----a-w- C:\Windows\System32\drivers\BTOWSVF.sys
2012-05-30 21:41:05 33088 ----a-w- C:\Windows\System32\drivers\BTOWSFF.sys
2012-05-30 19:18:19 -------- d-----w- C:\Program Files (x86)\Toolwiz TimeFreeze
2012-05-29 14:24:10 -------- d-----w- C:\Users\Alb\.MCReferenceSdk
2012-05-29 14:23:06 180224 ----a-w- C:\Windows\SysWow64\QTCF.dll
2012-05-29 14:19:04 -------- d-----w- C:\Users\Alb\AppData\Local\SafeNet Sentinel
2012-05-29 14:18:51 78208 ----a-w- C:\Windows\System32\drivers\aksdf.sys
2012-05-29 14:18:50 -------- d-----w- C:\Program Files (x86)\Common Files\Aladdin Shared
2012-05-29 14:18:48 4889032 ----a-w- C:\Windows\System32\hasplms.exe
2012-05-29 14:18:48 4889032 ----a-w- C:\Windows\System32\aksllmtp.exe
2012-05-29 14:18:48 139592 ----a-w- C:\Windows\System32\drivers\aksfridge.sys
2012-05-29 14:18:34 321536 ----a-w- C:\Windows\System32\drivers\hardlock.sys
2012-05-29 14:18:23 198088 ----a-w- C:\Windows\SysWow64\hlvdd.dll
2012-05-23 21:40:58 -------- d-----w- C:\Program Files (x86)\Ontrack
2012-05-19 18:53:01 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite
2012-05-18 21:37:29 90112 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2012-05-16 20:35:13 -------- d-----w- C:\Program Files (x86)\mp3DirectCut
2012-05-14 23:52:32 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-14 23:52:01 -------- d-----w- C:\Users\Alb\AppData\Local\PunkBuster
2012-05-14 20:19:15 -------- d-----w- C:\Users\Alb\AppData\Roaming\PowerUp Software
2012-05-14 20:19:15 -------- d-----w- C:\ProgramData\PowerUp Software
2012-05-13 23:23:46 -------- d-----w- C:\Program Files (x86)\Audacity
.
==================== Find3M ====================
.
2012-05-21 22:31:01 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-21 22:26:58 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-16 20:31:14 69632 ----a-w- C:\Windows\SysWow64\realbap1.dll
2012-05-16 20:31:14 45568 ----a-w- C:\Windows\SysWow64\realbsf1.dll
2012-05-14 23:57:02 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-04 21:03:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:03:12 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:03:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 13:53:12 36232 ----a-w- C:\Windows\SysWow64\rgbacodec.dll
2012-04-12 22:34:38 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-04-02 18:08:47 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-04-02 18:08:47 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-02 17:58:26 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-04-02 17:47:31 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-04-02 17:47:31 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-01 14:43:46 15664 ----a-w- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
2012-04-01 14:43:46 109360 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2003-03-21 13:45:22 250544 ----a-w- C:\Program Files (x86)\Common Files\keyhelp.ocx
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 17:13:41,15 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 16-01-2010 16:32:53
System Uptime: 10-06-2012 16:17:24 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Maximus Formula
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | LGA775 | 1981/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 500 GiB total, 128,762 GiB free.
D: is FIXED (NTFS) - 497 GiB total, 106,442 GiB free.
E: is FIXED (NTFS) - 400 GiB total, 229,676 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 103,372 GiB free.
G: is FIXED (NTFS) - 1863 GiB total, 653,748 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1160: 09-06-2012 23:15:11 - ComboFix created restore point
.
==== Installed Programs ======================
.
32nd America's Cup 0.2.0.0
ACDSee Pro 5
Actual Multiple Monitors 3.4.2
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Lens Profile Downloader
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Advanced SystemCare 5
Advanced Uninstaller PRO v10.1 (remove!)
AI Suite
AIDA64 Extreme Edition v2.30
All Media Fixer 2008 9.07
AllDup 3.4.0
AnalogX DXMan
Apple Application Support
Apple Software Update
Artisteer 3
Assassin's Creed Brotherhood
Assassin's Creed Revelations
Astra Gift Maker version 1.2
ASUSUpdate
Audacity 2.0
AutoHotkey 1.1.03.00
Autopano-SIFT 2.3
avast! Free Antivirus
AviSynth 2.5
BadCopy Pro
Bluefish 2.2.1
Boilsoft Video Joiner 6.34
Boilsoft Video Splitter 6.33
BTNext Legacy
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Cobian Backup 11 Gravity
CyberLink LabelPrint
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
DebugMode Wax 2.0
DebugMode Wink
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Desktop Plagiarism Checker versão 1.1
DiRT 3
DivXLand Media Subtitler
Dropbox
DVD Architect Pro 5.2
DVD Flick 1.3.0.7
DVDFab 8.1.7.8 (17/04/2012) Qt
DVDInfoPro 6.5.2.8
EAX4 Unified Redist
Emsa DLL Register Tool 1.0
eMule
erLT
Flash Movie Player 1.5
FormatFactory 2.95
FreeArc 0.666
Freemake Audio Converter versão 1.1.0
Freemake Video Converter versão 3.0.2
Freemake Video Downloader
Galeria de Fotografias do Windows Live
GetDataBack for FAT
GetDataBack for NTFS
Google Chrome
Google Chrome Frame
Google Drive
Google Earth
Google Update Helper
Griffith 0.13.0
HD Camcorder Add-on
HD Tune Pro 4.01
HiJackThis
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HotPotatoes v 6.3.0.3
HTML-Kit
Hugin 2011.4.0
HydraVision
Inkscape 0.48.3.1
Instalação do DivX
Java Auto Updater
Java(TM) 7 Update 3
JClic (offline)
JDownloader 0.9
jv16 PowerTools 2011
Karen's Directory Printer
KeePass Password Safe 1.19b
LAME v3.98.2 for Audacity
LG Tool Kit
LibreOffice 3.5
LibreOffice 3.5 Help Pack (Portuguese)
LightScribe Diagnostic Utility
LightScribe System Software
LightScribe Template Designs - Athletic Pack 1
LightScribe Template Designs - Hobby Pack 1
LightScribe Template Designs - Kids Korner Pack 1
LightScribe Template Designs - Music Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Travel Pack 1
LightScribe Template Labeler
Lightworks
Logitech SetPoint
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware versão 1.61.0.1400
Marvell Miniport Driver
Max Payne 3
Media Jukebox 14
Mega Manager
Microsoft DirectX Transform optional components
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Portugal)) 2010
Microsoft Office Excel MUI (Portuguese (Portugal)) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Portuguese (Portugal)) 2010
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2010
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Portuguese (Portugal)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Portugal)) 2010
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2010
Microsoft Office Shared MUI (Portuguese (Portugal)) 2010
Microsoft Office Word MUI (Portuguese (Portugal)) 2010
Microsoft Research AutoCollage 2008 Academic Edition
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MKVToolNix 5.5.0
Mozilla Firefox 12.0 (x86 pt-PT)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 pt-PT)
MP3 Repair Tool v1.5.2
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
msxml4
muvee Adrenaline Rush stylePack
muvee Back To School Style
muvee Christmas Cheer stylePack
muvee Halloween Horrors Style
muvee HD Plus Add-on
muvee Independence Day Style
muvee Life Story Style
muvee Mix It Up stylePack
muvee photoFamily stylePack
muvee photoFocus stylePack
muvee photoGenie stylePack
muvee Reveal
muvee Style Pack Runtime
muvee Wedding stylePack
MySQL Server 5.1
Neat Image v6.0 Pro+
Need For Speed World
Nokia Connectivity Cable Driver
Nokia Map Loader
Nokia PC Suite
Nokia_Multimedia_Common_Components_2_5
NVIDIA PhysX
OpenAL
OpenLibraries
Opera 11.64
PC Connectivity Solution
PC Probe II
PC Wizard 2010.1.94
PDF Password Remover v3.1
Photodex Presenter
Power Favorites 1.7.7
ProShow Producer
ProShow Workshop - Creative Captions
ProShow Workshop - Exploring Layer Keyframing
ProShow Workshop - Masking Exposed
ProShow Workshop - Mastering Audio
ProShow Workshop - Working With Layers
Protect My Disk 5.0
PunkBuster Services
QuickTime Alternative 3.2.2
Rapture3D 2.4.8 Game
RocketDock 1.3.5
Rockstar Games Social Club
Samsung AllShare
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shareaza 2.5.5.0
SHIFT 2 UNLEASHED
SizeMe 2,0,0,1926
Skype 5.8
SlimDrivers
Smart Defrag 2
Songbird 1.4.3 (Build 1438)
SoundMAX
SpywareBlaster 4.6
Startup Delayer v3.0 (build 323)
Subtitle Edit 3.2.3
SUPER © v2012.build.51 (April 7, 2012) versão v2012.build.51
SysInfoTools Open Office Calc File Repair v1.0
SysInfoTools Open Office Writer File Repair v1.0
TeamViewer 6
TMPGEnc 4.0 XPress
TMPGEnc MPEG Editor 2.0
TMPGEnc Plus 2.5
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Toolwiz TimeFreeze
Trust 100K Series Webcam
Trust WB-1400T Webcam
TweakNow PowerPack 2010
UberIcon 1.0.4
Ubisoft Game Launcher
UltraISO Premium V9.35
UniConvertor
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VASST Ultimate S Pro 4.1.7
VC80CRTRedist - 8.0.50727.6195
Visual CD
VLC media player 2.0.1
Vsk5 - patch1
VUE 3.1.2
Vuze
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Windows 7 USB/DVD Download Tool
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Resource Kit Tools - SubInAcl.exe
WinMerge 2.12.4
WinMorph 3.01
WinPcap 4.1.2
Winpower
XnView 1.98.5
.
==== End Of File ===========================
As requested for now I'll stay put awiting instructions.
Tanks in advanced for your help.
Best regards
Zedopipo