DDS (Ver_09-05-14.01) - NTFSx86
Run by Dave at 21:18:52.65 on 31/05/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.583 [GMT 1:00]
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dave\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
www.google.comBHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dave\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\47huwar1.default\
FF - prefs.js: browser.startup.homepage -
www.google.comFF - component: c:\documents and settings\dave\application data\mozilla\firefox\profiles\47huwar1.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-3-21 33792]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-3-21 113896]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
=============== Created Last 30 ================
2009-05-31 20:45
--d----- c:\windows\system32\wbem\Repository
2009-05-31 19:53 58,880 a------- c:\windows\system32\51A1.tmp
2009-05-31 19:53 124 a------- c:\windows\system32\519E.tmp
2009-05-31 19:49 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-05-31 19:49 --d----- c:\program files\Tukero[X]Team
2009-05-31 19:48 0 a------- c:\windows\system32\5199.tmp
2009-05-31 19:48 58,880 a------- c:\windows\system32\5198.tmp
2009-05-31 19:48 124 a------- c:\windows\system32\5193.tmp
2009-05-31 19:46 --d----- C:\Archivos de programa(2)
2009-05-24 21:53 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-05-24 17:49 --d----- C:\e98aa92d86c587af8123
2009-05-24 17:48 --d----- c:\windows\SxsCaPendDel
2009-05-24 17:17 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-05-24 17:17 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-05-24 17:17 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-05-24 17:17 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-05-24 17:17 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-05-24 17:17 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-24 17:17 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-05-24 17:17 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-05-24 17:17 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-05-24 17:16 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-24 17:16 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-05-24 17:16 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-05-14 23:39 --d----- C:\dump
==================== Find3M ====================
2009-05-31 19:49 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 15:46 604 a---h--- c:\program files\STLL Notifier
2009-03-20 19:20 80,943 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-20 18:05 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
============= FINISH: 21:19:12.58 ===============