Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

S3.0[1].EXE

Started by jvalmeida , Jan 29 2007 08:04 PM

  • This topic is locked This topic is locked

#1
jvalmeida
Posted 29 January 2007 - 08:04 PM

jvalmeida

    Member

  • Member
  • PipPip
  • 13 posts
Hello all and thanks in advance

I've ben infected by S3.0[1].EXE. - at least this is what prevx1 tells me.
It is preventing my IE7 and Firefox to open any Google-related site and also forbids my pc to get the anti-spyware programs on downloads. Also it doesn't let me do a virus scan online. Can you please help me?

HIJACK LOG:

Logfile of HijackThis v1.99.1
Scan saved at 1:57:32, on 30-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Proprietário-de-HP\Desktop\HijackThis.exe

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169775124406
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9 - Portuguęs
Adobe Shockwave Player
Apple Software Update
Ares 1.9.8
Audacity 1.2.6
CC_ccProxyExt
ccCommon
ccPxyCore
Dicionário de Sinônimos -completo-
DivX Codec
DivX Player
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
Google Earth
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB898456)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Software Update
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
LADSPA_plugins-win-0.4.15
Lexmark 510 Series
LiveUpdate 3.0 (Symantec Corporation)
Localization Pack for Microsoft Windows XP Media Center Edition
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Portuguese Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X Photo Scenery Display Update
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.1)
MRAI Install Wizard v1.23
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MUI Help Package - PTG
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
NVIDIA Drivers
Nvu 1.0
PC Connectivity Solution
PC-Doctor 5 para Windows
Prevx1
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
QuickTime Alternative 1.75
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sonic Backup MyPC Special Edition for HP
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic Update Manager
SPBBC
The Project SkyHigh MD-80 Base pack for FS2004
TVUPlayer 2.3.0.0
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VoipBuster
VST Bridge 1.0
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB837790
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
  • 0

Advertisements

#2
Flrman1
Posted 01 February 2007 - 01:30 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi jvalmeida

Welcome to GTG! :whistling:

Sorry for the delay in response. If you still need help with this, please do the following:

* Go to Add/Remove programs and uninstall these old versions of Java:

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#3
jvalmeida
Posted 01 February 2007 - 07:09 PM

jvalmeida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you.

The problem is that this "thing" hijacked my homepage and does not allow me to connect to any of the known online scanners. When i try to connect to panda, firefox and ie7 tell me that it is impossible to establish a connection.

so, I'm stuck.

Edited by jvalmeida, 01 February 2007 - 07:12 PM.

  • 0

#4
Flrman1
Posted 01 February 2007 - 09:00 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Download HostsXpert from here . UnZip the file and press "Restore Original Hosts" and press "OK". Exit HostsXpert.

Now try connecting to Panda to do the scan. If that doesn't work, post back here and we'll go ahead and see what else we can do.
  • 0

#5
jvalmeida
Posted 02 February 2007 - 04:01 AM

jvalmeida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It worked! I'm so sorry to be so dumb in computers.

Thank you very much. I'm sending you a paypal under the name Joao Vasco Almeida. Drink a beer!

Edited by jvalmeida, 02 February 2007 - 04:06 AM.

  • 0

#6
Flrman1
Posted 02 February 2007 - 10:18 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Thanks for the donation, but we're not finished here. Please do this as requested:

* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan


  • 0

#7
jvalmeida
Posted 03 February 2007 - 11:12 AM

jvalmeida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello. Thanks for your help, again.

I've done what you've asked. Here are the results:


Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.adtech.de/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.spylog.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.overture.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[server.iad.liveperson.net/hc/11700425]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Proprietário-de-HP\Application Data\Mozilla\Firefox\Profiles\ttsp92oz.default\cookies.txt[de.uol.com.br/]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:Trj/Mailbot.BB Disinfected C:\WINDOWS\Temp\FEE2.tmp

Logfile of HijackThis v1.99.1
Scan saved at 17:10:33, on 03-02-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Proprietário-de-HP\Desktop\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169775124406
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Hope you find it useful. Thank you.
  • 0

#8
Flrman1
Posted 03 February 2007 - 10:16 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

  • 0

#9
jvalmeida
Posted 04 February 2007 - 12:48 PM

jvalmeida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello again

I've done the Bitdefender scanner and I'm reporting it to you, along with the Hijack log.

Nevertheless, I believe that the virus/mal is still inside. Itcreates a random name file with the TMP ext and places it on Windwos/Temp dir.

Hope it helps.

Thanks for your time.


BitDefender Online Scanner



Scan report generated at: Sun, Feb 04, 2007 - 16:46:27





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;







Statistics

Time
01:00:02

Files
477044

Folders
5987

Boot Sectors
3

Archives
21300

Packed Files
40216




Results

Identified Viruses
3

Infected Files
8

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
16




Engines Info

Virus Definitions
418481

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08223BFB.exe=>(Quarantine-2)
Infected with: Trojan.Proxy.Agent.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08223BFB.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08223BFB.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\082565F8.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Clicker.BK

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\082565F8.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\082565F8.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1579494C.exe=>(Quarantine-2)
Infected with: Trojan.Proxy.Agent.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1579494C.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1579494C.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\369B588F.exe=>(Quarantine-2)
Infected with: Trojan.Proxy.Agent.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\369B588F.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\369B588F.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C5A1A0E.exe=>(Quarantine-2)
Infected with: Trojan.Proxy.Agent.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C5A1A0E.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C5A1A0E.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AD2A91.exe=>(Quarantine-2)
Infected with: Trojan.Clicker.BK

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AD2A91.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AD2A91.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B54180E=>(Quarantine-2)
Infected with: Trojan.Clicker.BK

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B54180E=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B54180E=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BD47D82=>(Quarantine-2)
Infected with: MemScan:Trojan.Clicker.BK

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BD47D82=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BD47D82=>(Quarantine-2)
Deleted









Logfile of HijackThis v1.99.1
Scan saved at 18:41:38, on 04-02-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Proprietário-de-HP\Desktop\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169775124406
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#10
Flrman1
Posted 04 February 2007 - 05:25 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

* Click here for info on how to boot to safe mode if you don't already know how.


Reboot into Safe Mode


Doubleclick WinPFind.exe
  • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot back to Normal Mode!

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Attach the WinPFind.txt to your next post here please.
  • Don't try to copy and p[aste it. It will be too long for one post.

  • 0

Advertisements

#11
jvalmeida
Posted 05 February 2007 - 03:00 PM

jvalmeida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello again

I'm trying to download winpfind but the link is void. I've searched the net for other download sites, but got none.

I'm so sorry to disturb you, but could you send me a valid link or the program itself to ?


Thank you


JVA
  • 0

#12
Flrman1
Posted 05 February 2007 - 04:25 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I removed your email address from your post. You should never post your email addy in an open forum like this. The spambots will get hold of it an inundate you with spam.

I'll get a good link for WinPfind and post it here in a few minutes. I didn't realize it had changed.
  • 0

#13
Flrman1
Posted 05 February 2007 - 04:27 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
  • 0

#14
jvalmeida
Posted 06 February 2007 - 06:15 AM

jvalmeida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here it is.
Thanks

Attached Files


  • 0

#15
Flrman1
Posted 06 February 2007 - 06:56 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I don't have time to look through the Winpfind log right now, but I will later tonight. In the meantime, go ahead and run this scan please:

* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP