Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox cookies malware, plus Virtumonde and Vundo spyware [RESOLVED]


  • This topic is locked This topic is locked

#1
ghostphalanx

ghostphalanx

    Member

  • Member
  • PipPip
  • 32 posts
Hello there!

I'm very glad to have found this place!

My PC has been going crazy ever since I updated Firefox last month. Some adware called DEALIO installed itself and messed things up. First I lost internet connection and had to reset the network configurations with ISPFIX (I follow directions from another post), after that Firefox was still unfunctional, I started on google as usual, but it wouldn't load or search for anything I entered on the search bar. And any other sites I would try to enter on the address bar wouldn't load also...

I kept running HIJACKTHIS scans and fixing the suspect items (using the hijackthis log analizer on the web), but more and more corrupt registry entrances kept apearing. And Firefox started to work again but would randomly stop loading pages...

I figured my PC was full of viruses, spyware, etc. in such a way that every time I would clean some part of the bad stuff, the remaining malwares would bring forth more cronies with them... I gave up all hope when Hijackthis started to shut on it's on when I did a scan a save log file...

So I came here and went to the "read this before posting a hijackthis log" post and did all the mentioned procedures before finally coming here for some help...

So I have here all the logs from MalwareBytes, Superantispyware, Panda scan, and Hijackthis in the order I ran each scan, following the directions given to me.



There you have it! thanks for the time!!! :

Malwarebytes' Anti-Malware 1.12
Database version: 742

Scan type: Quick Scan
Objects scanned: 38031
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\opnlIbXO.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ad45647-5ca3-4f1b-a0a3-7e296c920022} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9ad45647-5ca3-4f1b-a0a3-7e296c920022} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd7766b20 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlibxo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlibxo -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dfsunqfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yfqnusfd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eibcikam.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\makicbie.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jyclcfkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wkfclcyj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlIbXO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\OXbIlnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\OXbIlnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sboewnnp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnnweobs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvvcqdrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdusorvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
Generated 05/12/2008 at 11:29 AM

Application Version : 3.6.1000

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 02:24:17

Memory items scanned : 479
Memory threats detected : 0
Registry items scanned : 6958
Registry threats detected : 3
File items scanned : 159003
File threats detected : 7

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}

Rootkit.Unclassified/SysDamp-Traces
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\EGJLM.INI
C:\WINDOWS\SYSTEM32\HJJLM.INI
C:\WINDOWS\SYSTEM32\HJJLM.INI2
C:\WINDOWS\SYSTEM32\JJLLM.INI
C:\WINDOWS\SYSTEM32\KJKMP.INI
C:\WINDOWS\SYSTEM32\KJKMP.INI2
C:\WINDOWS\SYSTEM32\MCRH.TMP


;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-12 13:47:52
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
McAfee VirusScan Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.trafficmp.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.atdmt.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.tribalfusion.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.yadro.ru/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[ad.yieldmanager.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.advertising.com/]
00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.ig.com.br/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.questionmarket.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Diego\Dados de aplicativos\Mozilla\Firefox\Profiles\f2rl67yk.Default User\cookies.txt[.adultfriendfinder.com/]
02936725 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\lhuowbsb.dll
02937945 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mpplleuq.dll
02938531 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\rbfbbhrj.dll
02938570 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\jewfoduj.dll
02938582 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ohigmrrx.dll
02940353 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\awmakaob.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location ˄
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description ˄
;===============================================================================
================================================================================
=
===================
182048 HIGH MS07-069 ˄
176382 HIGH MS07-057 ˄
170907 HIGH MS07-046 ˄
170906 HIGH MS07-045 ˄
170904 HIGH MS07-043 ˄
164913 HIGH MS07-033 ˄
160623 HIGH MS07-027 ˄
150253 HIGH MS07-016 ˄
133387 MEDIUM MS06-065 ˄
;===============================================================================
================================================================================
=
===================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:59, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\Arquivos comuns\Logitech\QCDriver2\LVCOMS.EXE
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe
C:\Arquivos de programas\McAfee\MBK\McAfeeDataBackup.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\McAfee\MBK\MBackMonitor.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\ARQUIV~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7910A428-5639-4AC0-B16B-FA3850799773} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Arquivos de programas\Arquivos comuns\Logitech\QCDriver2\LVCOMS.EXE"
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] "C:\ARQUIV~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [McAfee Backup] C:\Arquivos de programas\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Arquivos de programas\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: tuvSjKEU - tuvSjKEU.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0120511210579063) (0120511210579063mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\012051~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBackMonitor - McAfee - C:\Arquivos de programas\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

--
End of file - 8043 bytes

Here is the Uninstall list, also from Hijackthis:


3dsmax ancillary install
7-Zip 4.42
Ableton Live v6.0.7
Adobe After Effects CS3
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Illustrator CS2
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Premiere Pro 2.0
Adobe Reader 8.1.0 - Português
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Albatross18 (OGPlanet)
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Software Update
Arquivo do WinRAR
Atualização de Segurança para o Windows Media Player (KB911564)
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)
Atualização de segurança para Step by Step Interactive Training (KB898458)
Atualização de Segurança para Windows XP (KB893756)
Atualização de Segurança para Windows XP (KB896358)
Atualização de Segurança para Windows XP (KB896423)
Atualização de Segurança para Windows XP (KB896424)
Atualização de Segurança para Windows XP (KB896428)
Atualização de Segurança para Windows XP (KB899587)
Atualização de Segurança para Windows XP (KB899589)
Atualização de Segurança para Windows XP (KB899591)
Atualização de Segurança para Windows XP (KB900725)
Atualização de Segurança para Windows XP (KB901017)
Atualização de Segurança para Windows XP (KB901190)
Atualização de Segurança para Windows XP (KB901214)
Atualização de Segurança para Windows XP (KB904706)
Atualização de Segurança para Windows XP (KB905414)
Atualização de Segurança para Windows XP (KB905749)
Atualização de Segurança para Windows XP (KB908519)
Atualização de Segurança para Windows XP (KB911562)
Atualização de Segurança para Windows XP (KB911927)
Atualização de Segurança para Windows XP (KB912919)
Atualização de Segurança para Windows XP (KB913580)
Atualização de Segurança para Windows XP (KB914388)
Atualização de Segurança para Windows XP (KB914389)
Atualização de Segurança para Windows XP (KB917344)
Atualização de Segurança para Windows XP (KB917422)
Atualização de Segurança para Windows XP (KB917537)
Atualização de Segurança para Windows XP (KB917953)
Atualização de Segurança para Windows XP (KB918118)
Atualização de Segurança para Windows XP (KB918439)
Atualização de Segurança para Windows XP (KB919007)
Atualização de Segurança para Windows XP (KB920213)
Atualização de Segurança para Windows XP (KB920670)
Atualização de Segurança para Windows XP (KB920683)
Atualização de Segurança para Windows XP (KB920685)
Atualização de Segurança para Windows XP (KB921398)
Atualização de Segurança para Windows XP (KB922616)
Atualização de Segurança para Windows XP (KB922819)
Atualização de Segurança para Windows XP (KB923191)
Atualização de Segurança para Windows XP (KB923414)
Atualização de Segurança para Windows XP (KB923694)
Atualização de Segurança para Windows XP (KB923980)
Atualização de Segurança para Windows XP (KB924191)
Atualização de Segurança para Windows XP (KB924270)
Atualização de Segurança para Windows XP (KB924667)
Atualização de Segurança para Windows XP (KB925454)
Atualização de Segurança para Windows XP (KB925902)
Atualização de Segurança para Windows XP (KB926255)
Atualização de Segurança para Windows XP (KB926436)
Atualização de Segurança para Windows XP (KB927779)
Atualização de Segurança para Windows XP (KB927802)
Atualização de Segurança para Windows XP (KB928255)
Atualização de Segurança para Windows XP (KB928843)
Atualização de Segurança para Windows XP (KB929123)
Atualização de Segurança para Windows XP (KB929969)
Atualização de Segurança para Windows XP (KB930178)
Atualização de Segurança para Windows XP (KB931261)
Atualização de Segurança para Windows XP (KB931784)
Atualização de Segurança para Windows XP (KB932168)
Atualização de Segurança para Windows XP (KB933729)
Atualização de Segurança para Windows XP (KB935839)
Atualização de Segurança para Windows XP (KB935840)
Atualização de Segurança para Windows XP (KB936021)
Atualização de Segurança para Windows XP (KB937894)
Atualização de Segurança para Windows XP (KB938127)
Atualização de Segurança para Windows XP (KB941202)
Atualização de Segurança para Windows XP (KB941568)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB941644)
Atualização de Segurança para Windows XP (KB941693)
Atualização de Segurança para Windows XP (KB943055)
Atualização de Segurança para Windows XP (KB943460)
Atualização de Segurança para Windows XP (KB943485)
Atualização de Segurança para Windows XP (KB944338)
Atualização de Segurança para Windows XP (KB944653)
Atualização de Segurança para Windows XP (KB945553)
Atualização de Segurança para Windows XP (KB946026)
Atualização de Segurança para Windows XP (KB947864)
Atualização de Segurança para Windows XP (KB948590)
Atualização de Segurança para Windows XP (KB948881)
Atualização para Windows XP (KB896256)
Atualização para Windows XP (KB897663)
Atualização para Windows XP (KB898461)
Atualização para Windows XP (KB900485)
Atualização para Windows XP (KB904942)
Atualização para Windows XP (KB907265)
Atualização para Windows XP (KB908521)
Atualização para Windows XP (KB908531)
Atualização para Windows XP (KB910437)
Atualização para Windows XP (KB911280)
Atualização para Windows XP (KB916595)
Atualização para Windows XP (KB916846)
Atualização para Windows XP (KB920342)
Atualização para Windows XP (KB920872)
Atualização para Windows XP (KB922120)
Atualização para Windows XP (KB922582)
Atualização para Windows XP (KB925720)
Atualização para Windows XP (KB927891)
Atualização para Windows XP (KB930916)
Atualização para Windows XP (KB936357)
Atualização para Windows XP (KB938828)
Atualização para Windows XP (KB942763)
AutoCAD 2008 - English
Autodesk 3ds Max 9 32-bit
Autodesk DirectConnect 2.0
Autodesk DWF Viewer 7
AviSynth 2.5
Azureus
Backburner
BS.Player PRO
Celtx (0.9.9.7)
Cliente do Windows Rights Management com Service Pack 2
CmdHere Powertoy For Windows XP
Compatibilidade com Versões Anteriores do Cliente do Windows Rights Management SP2
CTP Pro 1.8
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Suite
Extensão do HighMAT para o Assistente para Gravação em CD do Microsoft Windows XP
FBX Plugin 2006.08 for Max 9.0
Genuine Fractals 5.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for MSXML 2 (KB887606)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows XP (KB889527)
Hotfix para Windows XP (KB897338)
Hotfix para Windows XP (KB898900)
Hotfix para Windows XP (KB903234)
Hotfix para Windows XP (KB904412)
Hotfix para Windows XP (KB906569)
Hotfix para Windows XP (KB907865)
Hotfix para Windows XP (KB909095)
Hotfix para Windows XP (KB912817)
Hotfix para Windows XP (KB913538)
Hotfix para Windows XP (KB914440)
Hotfix para Windows XP (KB917021)
Hotfix para Windows XP (KB918005)
Hotfix para Windows XP (KB918093)
Hotfix para Windows XP (KB918997)
Hotfix para Windows XP (KB924867)
Hotfix para Windows XP (KB924941)
Hotfix para Windows XP (KB928388)
Hotfix para Windows XP (KB929120)
Hotfix para Windows XP (KB935448)
Image Resizer Powertoy for Windows XP
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6
Java™ SE Runtime Environment 6 Update 1
LimeWire PRO 4.17.5
Magic DVD Ripper V5.2.1 build 6
MagicDisc 2.5.74
Magpie
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MeGUI modern media encoder (remove only)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB925168)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Language Pack - ptb
Microsoft .NET Framework 3.5 Language Pack - ptb
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
NVIDIA Drivers
OCCT Perestroika 1.1.0
Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card
Panda ActiveScan 2.0
PC DUAL SHOCK
PDF Settings
PowerArchiver 2007
PowerDVD
PowerISO
PremiereAVSPlugin 1.9
Prism Video Converter
QuickTime
RamBooster
Realtek High Definition Audio Driver
Search Settings 1.1
Sentinel System Driver
SketchUp 5
Skype™ 3.2
SoulSeek Client 156c
SpeedFan (remove only)
Steam Platform 1.1.2.5 i6
SUPERAntiSpyware Free Edition
SyncToy
Timershot Powertoy for Windows XP
Unlocker 1.8.5
Update Manager
User Profile Hive Cleanup Service
V-Ray for 3dsmax R9 for x86
Western Australian Time Zone Update
Winamp
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows XP Hotfix - KB319740
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896626
XML Paper Specification Shared Components Language Pack 1.0
XP Royale Theme
ZBrush3


Please tell me if I've forgotten anything and thanks a lot for all the help!!!

Edited by ghostphalanx, 12 May 2008 - 11:30 AM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
ghostphalanx

ghostphalanx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi there thanks for coming to my aid!!

Sorry for taking so long to reply but the kaspersky scan took about 6 hours to complete.

NOTE: As I ran DSS.exe it gave me a warning that hijackthis couldn't write acess the "hosts" files my panda antivirus reported to have blocked an attempt to modify some kind of system information, aprently panda didn't allow the dss file to work properly... still I have all the requested logs as follows:


Deckard's System Scanner v20071014.68
Run by Diego on 2008-05-20 16:28:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-20 19:28:34 UTC - RP1 - Ponto de verificação do sistema


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.09 GiB (less than 15%) free.


-- HijackThis (run as Diego.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:52, on 20/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\Arquivos comuns\Logitech\QCDriver2\LVCOMS.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\MagicDisc\MagicDisc.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe
c:\arquivos de programas\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Diego\Desktop\dss.exe
C:\ARQUIV~1\TRENDM~1\HIJACK~1\Diego.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Arquivos de programas\Arquivos comuns\Logitech\QCDriver2\LVCOMS.EXE"
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

--
End of file - 7586 bytes

-- HijackThis Fixed Entries (C:\ARQUIV~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080423-075858-482 O4 - HKLM\..\Run: [BMd7766b20] Rundll32.exe "C:\WINDOWS\system32\bvsbjvbh.dll",s
backup-20080423-080120-735 O4 - HKLM\..\Run: [BMd7766b20] Rundll32.exe "C:\WINDOWS\system32\bvsbjvbh.dll",s
backup-20080425-033811-782 O4 - HKLM\..\Run: [BMd7766b20] Rundll32.exe "C:\WINDOWS\system32\suobmeiv.dll",s
backup-20080425-034223-825 O4 - HKLM\..\Run: [BMd7766b20] Rundll32.exe "C:\WINDOWS\system32\suobmeiv.dll",s
backup-20080425-184207-682 O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
backup-20080425-184610-198 O2 - BHO: (no name) - {243B792D-004F-4B12-A4DD-A4467288F73C} - C:\WINDOWS\system32\mljgf.dll (file missing)
backup-20080425-184619-823 O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\tuvSjKEU.dll
backup-20080425-184846-852 O20 - Winlogon Notify: tuvSjKEU - C:\WINDOWS\SYSTEM32\tuvSjKEU.dll
backup-20080425-184923-260 O20 - Winlogon Notify: tuvSjKEU - C:\WINDOWS\SYSTEM32\tuvSjKEU.dll
backup-20080425-184923-794 O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\tuvSjKEU.dll
backup-20080425-195821-471 O4 - HKLM\..\Run: [d44558bc] rundll32.exe "C:\WINDOWS\system32\eibcikam.dll",b
backup-20080425-195821-919 O4 - HKLM\..\Run: [BMd7766b20] Rundll32.exe "C:\WINDOWS\system32\xlfurlgq.dll",s
backup-20080425-195833-205 O4 - HKLM\..\Run: [BMd7766b20] Rundll32.exe "C:\WINDOWS\system32\xlfurlgq.dll",s
backup-20080425-195853-716 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
backup-20080425-200215-338 O4 - HKLM\..\Run: [BMd7766b20] Rundll32.exe "C:\WINDOWS\system32\xlfurlgq.dll",s
backup-20080425-200215-786 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20080512-140018-326 O20 - Winlogon Notify: tuvSjKEU - tuvSjKEU.dll (file missing)
backup-20080512-140018-614 O23 - Service: McAfee Application Installer Cleanup (0120511210579063) (0120511210579063mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\012051~1.EXE (file missing)

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - C:\ARQUIV~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.vbs - VBSFile - shell\open\command - C:\ARQUIV~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 enodpl - c:\windows\system32\drivers\enodpl.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R2 tandpl - c:\windows\system32\drivers\tandpl.sys
R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)
R3 SASENUM - c:\arquivos de programas\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\arquivos de programas\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\arquivos de programas\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\arquivos de programas\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 UPHClean (User Profile Hive Cleanup) - c:\arquivos de programas\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S3 FLEXnet Licensing Service - "c:\arquivos de programas\arquivos comuns\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NMIndexingService - "c:\arquivos de programas\arquivos comuns\ahead\lib\nmindexingservice.exe" (file missing)
S4 nnserv - "c:\arquivos de programas\newdotnet\nnrun.exe" "c:\arquivos de programas\newdotnet\nncore.dll" servicestart (file missing)
S4 ProtexisLicensing - "c:\arquivos de programas\arquivos comuns\protexis\license service\psiservice.exe" <Not Verified; ; PSIService>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-21 01:23:35 340 --a------ C:\WINDOWS\Tasks\1-08 How Soon Is Now.job
2007-12-21 01:19:09 352 --a------ C:\WINDOWS\Tasks\01 - Superman - Goldfinger.job
2007-06-28 07:00:00 364 --a------ C:\WINDOWS\Tasks\The Cardigans - My Favorite Game.job


-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-19 18:42:11 0 d-------- C:\WINDOWS\Content.IE5
2008-05-18 15:14:53 0 d-------- C:\Movavi files
2008-05-18 15:13:08 0 d-------- C:\Arquivos de programas\Movavi Video Converter 6
2008-05-17 17:14:16 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-17 14:47:52 0 d-------- C:\Arquivos de programas\Setup Files
2008-05-17 14:33:32 17920 --a------ C:\WINDOWS\system32\Ntaccess.sys <Not Verified; Your Corporation; Your Product Name>
2008-05-17 14:33:32 9216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-05-17 14:33:32 0 d-------- C:\Arquivos de programas\MSI
2008-05-17 13:54:05 0 d-------- C:\test
2008-05-17 12:39:07 0 d-------- C:\WINDOWS\nvidia icons
2008-05-14 19:12:50 297 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-14 19:12:47 243572 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-05-14 19:12:34 0 d-------- C:\WINDOWS\system32\PAV
2008-05-14 19:12:18 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2008-05-14 19:08:51 0 d-------- C:\Arquivos de programas\Arquivos comuns\Panda Software
2008-05-14 07:37:34 0 d-------- C:\VundoFix Backups
2008-05-12 12:19:39 0 d-------- C:\Arquivos de programas\Panda Security
2008-05-12 08:58:16 0 d-------- C:\Arquivos de programas\SUPERAntiSpyware
2008-05-12 08:58:01 0 d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-05-12 08:11:40 0 d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-05-10 00:14:07 0 d-------- C:\Arquivos de programas\AviSynth2
2008-05-09 23:19:16 0 d-------- C:\Arquivos de programas\megui
2008-05-09 23:19:01 0 d-------- C:\Arquivos de programas\Premiere AVS GUI
2008-05-06 22:38:36 0 d-------- C:\Arquivos de programas\NCH Software
2008-05-06 22:36:31 0 d-------- C:\digitalvideoconverter
2008-05-02 03:07:26 0 d-------- C:\Arquivos de programas\MSXML 6.0
2008-05-01 23:42:46 0 d-------- C:\Arquivos de programas\LimeWire
2008-04-25 18:57:20 191384 --ahs---- C:\WINDOWS\system32\pVyIkUvw.ini2
2008-04-23 07:57:03 0 d-------- C:\Arquivos de programas\Trend Micro
2008-04-23 01:01:20 0 d-------- C:\Arquivos de programas\Alwil Software
2008-04-23 00:43:00 0 d-------- C:\!KillBox
2008-04-22 23:24:30 217751 --ahs---- C:\WINDOWS\system32\fgjlm.ini2
2008-04-22 13:14:24 190755 --ahs---- C:\WINDOWS\system32\utstv.ini2
2008-04-22 01:05:37 190386 --ahs---- C:\WINDOWS\system32\egjlm.ini2
2008-04-21 14:00:09 198250 --ahs---- C:\WINDOWS\system32\jjllm.ini2
2008-04-20 16:42:04 0 d-------- C:\Arquivos de programas\Search Settings
2008-04-20 16:41:19 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-20 16:41:16 2 --a------ C:\-733652973
2008-04-20 16:41:13 34816 --a------ C:\WINDOWS\system32\msindc.dll <Not Verified; MIT; >


-- Find3M Report ---------------------------------------------------------------

2008-05-20 16:25:17 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Azureus
2008-05-20 15:50:20 0 d-------- C:\Arquivos de programas\QuickTime
2008-05-20 15:07:03 0 d-------- C:\Arquivos de programas\SpeedFan
2008-05-19 18:28:05 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\U3
2008-05-19 17:11:26 73 --a----c- C:\WINDOWS\system32\ssprs.dll
2008-05-19 17:11:26 205 --a----c- C:\WINDOWS\system32\lsprst7.dll
2008-05-18 23:34:42 0 d-------- C:\Arquivos de programas\PowerArchiver
2008-05-18 14:26:30 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\DVD Shrink
2008-05-17 19:02:55 495144 --a------ C:\WINDOWS\system32\perfh016.dat
2008-05-17 19:02:55 88586 --a------ C:\WINDOWS\system32\perfc016.dat
2008-05-17 18:50:53 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\InstallShield
2008-05-17 17:15:13 0 d-------- C:\Arquivos de programas\Realtek
2008-05-17 15:58:39 0 d-------- C:\Arquivos de programas\OCCT
2008-05-16 14:40:03 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Skype
2008-05-16 09:38:41 88576 --ah----- C:\Documents and Settings\Diego\Dados de aplicativos\rbap550.dll
2008-05-14 19:12:17 0 d--h----- C:\Arquivos de programas\InstallShield Installation Information
2008-05-14 19:08:51 0 d-------- C:\Arquivos de programas\Arquivos comuns
2008-05-14 18:58:34 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\McAfee
2008-05-14 08:06:05 0 d-------- C:\Arquivos de programas\PowerISO
2008-05-14 08:05:29 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\LimeWire
2008-05-12 12:19:40 2712 --a----c- C:\WINDOWS\mozver.dat
2008-05-12 08:58:16 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\SUPERAntiSpyware.com
2008-05-12 08:11:47 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Malwarebytes
2008-05-10 23:09:00 0 d-------- C:\Arquivos de programas\MSN Messenger
2008-05-07 01:58:48 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\dvdcss
2008-05-06 22:51:04 1028 --a------ C:\Documents and Settings\Diego\Dados de aplicativos\AVIEncoder.wff
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-03 02:32:10 0 d-------- C:\Arquivos de programas\sXe Injected
2008-04-27 01:37:02 0 d-------- C:\Arquivos de programas\Soulseek
2008-04-23 01:03:17 0 d-------- C:\Arquivos de programas\Garena
2008-04-23 00:31:14 0 d-------- C:\Arquivos de programas\Azureus
2008-04-20 16:43:04 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Search Settings
2008-04-15 12:34:38 0 d-------- C:\Arquivos de programas\Messenger Plus! Live
2008-04-13 02:56:22 0 d-------- C:\Arquivos de programas\DivX
2008-04-13 02:14:54 0 d-------- C:\Arquivos de programas\The All-Seeing Eye
2008-04-09 21:06:58 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Greyfirst
2008-04-09 21:06:53 0 d-------- C:\Arquivos de programas\Celtx
2008-04-09 13:36:02 0 d-------- C:\Arquivos de programas\OGPlanet
2008-04-07 23:39:59 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\BSplayer PRO
2008-04-01 19:29:06 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-31 18:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 18:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 18:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 18:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 18:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 19:20:41 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Adobe
2008-03-30 19:04:56 0 d-------- C:\Arquivos de programas\Apple Software Update
2008-03-30 17:07:05 0 d-------- C:\Arquivos de programas\Webteh
2008-03-29 16:46:00 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Bioshock
2008-03-21 17:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 17:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 17:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 17:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [23/11/2006 15:10]
"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [05/12/2006 22:55]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/05/2008 05:46]
"nwiz"="nwiz.exe" [03/05/2008 05:46 C:\WINDOWS\system32\nwiz.exe]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [19/03/2002 17:30]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 16:15]
"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [16/02/2005 16:15]
"Emurayden PSX Emulator"="" []
"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"LVCOMS"="C:\Arquivos de programas\Arquivos comuns\Logitech\QCDriver2\LVCOMS.EXE" [04/09/2003 10:45]
"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" []
"APVXDWIN"="C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [04/10/2007 15:15]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/05/2008 05:46]
"RTHDCPL"="RTHDCPL.EXE" [29/01/2008 15:47 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [02/07/2007 07:29]
"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [20/05/2008 16:27]

C:\Documents and Settings\Diego\Menu Iniciar\Programas\Inicializar\
Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [16/3/2005 20:16:50]
MagicDisc.lnk - C:\Arquivos de programas\MagicDisc\MagicDisc.exe [11/6/2007 10:02:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [20/05/2008 16:27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL 12/05/2008 11:56 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b4af37-dcc0-11dc-8250-0019db6972fe}]
Auto\command- Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d542a5be-6ba1-11dc-8164-0019db6972fe}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-20 16:32:43 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Portuguese

CPU 0: Intel® Core™2 CPU 4300 @ 1.80GHz
CPU 1: Intel® Core™2 CPU 4300 @ 1.80GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.28 MiB / 1494.59 MiB
Pagefile Memory (total/avail): 3943.21 MiB / 3462.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.85 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 2.09 GiB free.
D: is Fixed (NTFS) - 129.51 GiB total, 21.65 GiB free.
E: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - ST3160211AS - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Sistema de arquivos instalável - 19.53 GiB - C:
\PARTITION1 - Estendido c/Int. estendida 13 - 129.51 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.
FirewallOverride is set.

FW: Panda Antivirus 2008 Personal Firewall v7.01.00 (Panda Security)
AV: Panda Antivirus + Firewall 2008 v7.01.00 (Panda Security)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\Azureus\\Azureus.exe"="C:\\Arquivos de programas\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Arquivos de programas\\SopCast\\SopCast.exe"="C:\\Arquivos de programas\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Diego\\Dados de aplicativos\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Diego\\Dados de aplicativos\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Arquivos de programas\\Soulseek\\slsk.exe"="C:\\Arquivos de programas\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Executa uma DLL como um aplicativo"
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Arquivos de programas\\Soulseek-Test\\slsk.exe"="C:\\Arquivos de programas\\Soulseek-Test\\slsk.exe:*:Disabled:SoulSeek"
"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"="C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Arquivos de programas\\Autodesk\\Maya2008\\bin\\maya.exe"="C:\\Arquivos de programas\\Autodesk\\Maya2008\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Arquivos de programas\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Arquivos de programas\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"="C:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"="C:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"="C:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Meus documentos\\Game\\HL2\\root\\hl2.exe"="D:\\Meus documentos\\Game\\HL2\\root\\hl2.exe:*:Enabled:hl2"
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Meus documentos\\Game\\UT3\\Binaries\\UT3.exe"="D:\\Meus documentos\\Game\\UT3\\Binaries\\UT3.exe:*:Disabled:UT3"
"D:\\Meus documentos\\Game\\Genesis\\Gens32 Surreal.exe"="D:\\Meus documentos\\Game\\Genesis\\Gens32 Surreal.exe:*:Enabled:Gens32 Surreal.exe"
"D:\\Meus documentos\\Game\\zsneswv1.36\\ZSNESW.EXE"="D:\\Meus documentos\\Game\\zsneswv1.36\\ZSNESW.EXE:*:Enabled:ZSNESW"
"D:\\Meus documentos\\Game\\CS\\Counter-Strike 1.6 + Half-Life\\hl.exe"="D:\\Meus documentos\\Game\\CS\\Counter-Strike 1.6 + Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Arquivos de programas\\Garena\\Garena.exe"="C:\\Arquivos de programas\\Garena\\Garena.exe:*:Enabled:Garena"
"D:\\Meus documentos\\Game\\Counter-Strike Source\\hl2.exe"="D:\\Meus documentos\\Game\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"D:\\Meus documentos\\Game\\Counter-Strike Source\\srcds.exe"="D:\\Meus documentos\\Game\\Counter-Strike Source\\srcds.exe:*:Enabled:srcds"
"D:\\Meus documentos\\Game\\CS SOURCE\\Counter-Strike Source\\hl2.exe"="D:\\Meus documentos\\Game\\CS SOURCE\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Arquivos de programas\\The All-Seeing Eye\\eye.exe"="C:\\Arquivos de programas\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"D:\\Meus documentos\\Game\\CS SOURCE\\hl2.exe"="D:\\Meus documentos\\Game\\CS SOURCE\\hl2.exe:*:Disabled:hl2"
"D:\\Meus documentos\\Azureus Downloads\\TF2_1023\\TF2_1023\\Team Fortress 2\\hl2.exe"="D:\\Meus documentos\\Azureus Downloads\\TF2_1023\\TF2_1023\\Team Fortress 2\\hl2.exe:*:Enabled:hl2"
"D:\\Meus documentos\\Game\\Team Fortress 2\\hl2.exe"="D:\\Meus documentos\\Game\\Team Fortress 2\\hl2.exe:*:Disabled:hl2"
"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="C:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Disabled:firefox.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Diego\Dados de aplicativos
CLIENTNAME=Console
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=INTEL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Diego
LOGONSERVER=\\INTEL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\;C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\;C:\Arquivos de programas\Autodesk\Backburner\;C:\Arquivos de programas\Arquivos comuns\Adobe\AGL;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Diego\CONFIG~1\Temp
TMP=C:\DOCUME~1\Diego\CONFIG~1\Temp
USERDOMAIN=INTEL
USERNAME=Diego
USERPROFILE=C:\Documents and Settings\Diego
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Diego (admin)
Administrador (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> .
--> C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Arquivos de programas\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> MsiExec.exe /X{57922B53-02D4-4DFC-AC24-A3519DC1F49A}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
7-Zip 4.42 --> "C:\Arquivos de programas\7-Zip\Uninstall.exe"
Ableton Live v6.0.7 --> "C:\Arquivos de programas\Ableton\Live 6.0.7\unins000.exe"
Adobe After Effects CS3 --> C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Premiere Pro 2.0 --> msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Reader 8.1.0 - Português --> MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Arquivos de programas\Arquivos comuns\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Arquivos de programas\Arquivos comuns\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Albatross18 (OGPlanet) --> C:\Arquivos de programas\OGPlanet\Albatross18\uninstall.exe
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arquivo do WinRAR --> C:\Arquivos de programas\WinRAR\uninstall.exe
Atualização de segurança para Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929123) --> &

Edited by ghostphalanx, 20 May 2008 - 06:40 PM.

  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the Kaspersky log, seems it got cut off
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this as well

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.






Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\pVyIkUvw.ini2
    C:\WINDOWS\system32\fgjlm.ini2
    C:\WINDOWS\system32\utstv.ini2
    C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\jjllm.ini2
    C:\-733652973
    C:\WINDOWS\system32\msindc.dll 
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F
    F:\LaunchU3.exe 
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b4af37-dcc0-11dc-8250-0019db6972fe}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d542a5be-6ba1-11dc-8164-0019db6972fe}
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

#6
ghostphalanx

ghostphalanx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is the uncut kaspersky log, I tried to edit my previous post but it seems that you simply can't put that many text together in one single post

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 20, 2008 8:00:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/05/2008
Kaspersky Anti-Virus database records: 788626
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 161317
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 02:20:31

Infected Object Name / Virus Name / Last Action
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\8dcad92d870837e6cd47bd88c2e66a77PSK_NAMES Object is locked skipped
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\8dcad92d870837e6cd47bd88c2e66a77PSK_NAMES2 Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Dados de aplicativos\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Dados de aplicativos\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Histórico\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Temp\hsperfdata_Diego\3480 Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Temp\IMG1.tmp Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Temp\Perflib_Perfdata_630.dat Object is locked skipped
C:\Documents and Settings\Diego\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\Azureus\ipfilter.cache Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\Azureus\tmp\AZU7767.tmp Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\Azureus\tmp\AZU7768.tmp Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\Azureus\tmp\AZU7769.tmp Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\Azureus\tmp\AZU7770.tmp Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\Azureus\tmp\AZU7771.tmp Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\Azureus\tmp\AZU7772.tmp Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\Azureus\tmp\AZU7773.tmp Object is locked skipped
C:\Documents and Settings\Diego\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-20-2008( 17-18-19 ).LOG Object is locked skipped
C:\Documents and Settings\Diego\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Diego\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{036C4286-4584-4847-A2D1-FBDA25F942A2}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\WindowsPowerShell.evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\msindc.dll Infected: Trojan-Downloader.Win32.BHO.fp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\hlktmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Meus documentos\Azureus Downloads\Windows Xp Pro Sp3 3264 Vista Style\Windows Xp Pro Sp3 3264 Vista Style.daa Object is locked skipped
D:\Meus documentos\Azureus Downloads\Windows XP Professional with SP2 ISO, Pre-activated, and key included\Windows XP Pro SP2.iso Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


I'm proceeding with the other instructions you gave me
  • 0

#7
ghostphalanx

ghostphalanx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is the log from OTMoveIT, seems it did it's job with no problems

Explorer killed successfully
C:\WINDOWS\system32\pVyIkUvw.ini2 moved successfully.
C:\WINDOWS\system32\fgjlm.ini2 moved successfully.
C:\WINDOWS\system32\utstv.ini2 moved successfully.
C:\WINDOWS\system32\egjlm.ini2 moved successfully.
C:\WINDOWS\system32\jjllm.ini2 moved successfully.
C:\-733652973 moved successfully.
C:\WINDOWS\system32\msindc.dll unregistered successfully.
C:\WINDOWS\system32\msindc.dll moved successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F\\ deleted successfully.
File/Folder F:\LaunchU3.exe not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b4af37-dcc0-11dc-8250-0019db6972fe} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b4af37-dcc0-11dc-8250-0019db6972fe}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d542a5be-6ba1-11dc-8164-0019db6972fe} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d542a5be-6ba1-11dc-8164-0019db6972fe}\\ deleted successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05202008_214701
  • 0

#8
ghostphalanx

ghostphalanx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
And here is the new log from DSS.exe

Deckard's System Scanner v20071014.68
Run by Diego on 2008-05-20 21:54:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Diego.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:20, on 20/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\Arquivos comuns\Logitech\QCDriver2\LVCOMS.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\MagicDisc\MagicDisc.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe
c:\arquivos de programas\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Diego\Desktop\dss.exe
C:\ARQUIV~1\TRENDM~1\HIJACK~1\Diego.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Arquivos de programas\Arquivos comuns\Logitech\QCDriver2\LVCOMS.EXE"
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

--
End of file - 7869 bytes

-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-20 16:35:15 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 18:42:11 0 d-------- C:\WINDOWS\Content.IE5
2008-05-18 15:14:53 0 d-------- C:\Movavi files
2008-05-18 15:13:08 0 d-------- C:\Arquivos de programas\Movavi Video Converter 6
2008-05-17 17:14:16 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-17 14:47:52 0 d-------- C:\Arquivos de programas\Setup Files
2008-05-17 14:33:32 17920 --a------ C:\WINDOWS\system32\Ntaccess.sys <Not Verified; Your Corporation; Your Product Name>
2008-05-17 14:33:32 9216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-05-17 14:33:32 0 d-------- C:\Arquivos de programas\MSI
2008-05-17 13:54:05 0 d-------- C:\test
2008-05-17 12:39:07 0 d-------- C:\WINDOWS\nvidia icons
2008-05-14 19:12:50 297 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-14 19:12:47 250088 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-05-14 19:12:34 0 d-------- C:\WINDOWS\system32\PAV
2008-05-14 19:12:18 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2008-05-14 19:08:51 0 d-------- C:\Arquivos de programas\Arquivos comuns\Panda Software
2008-05-14 07:37:34 0 d-------- C:\VundoFix Backups
2008-05-12 12:19:39 0 d-------- C:\Arquivos de programas\Panda Security
2008-05-12 08:58:16 0 d-------- C:\Arquivos de programas\SUPERAntiSpyware
2008-05-12 08:58:01 0 d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-05-12 08:11:40 0 d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-05-10 00:14:07 0 d-------- C:\Arquivos de programas\AviSynth2
2008-05-09 23:19:16 0 d-------- C:\Arquivos de programas\megui
2008-05-09 23:19:01 0 d-------- C:\Arquivos de programas\Premiere AVS GUI
2008-05-06 22:38:36 0 d-------- C:\Arquivos de programas\NCH Software
2008-05-06 22:36:31 0 d-------- C:\digitalvideoconverter
2008-05-02 03:07:26 0 d-------- C:\Arquivos de programas\MSXML 6.0
2008-05-01 23:42:46 0 d-------- C:\Arquivos de programas\LimeWire
2008-04-23 07:57:03 0 d-------- C:\Arquivos de programas\Trend Micro
2008-04-23 01:01:20 0 d-------- C:\Arquivos de programas\Alwil Software
2008-04-23 00:43:00 0 d-------- C:\!KillBox
2008-04-20 16:42:04 0 d-------- C:\Arquivos de programas\Search Settings
2008-04-20 16:41:19 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-05-20 21:51:07 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Azureus
2008-05-20 17:19:43 0 d-------- C:\Arquivos de programas\SpeedFan
2008-05-20 15:50:20 0 d-------- C:\Arquivos de programas\QuickTime
2008-05-19 18:28:05 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\U3
2008-05-19 17:11:26 73 --a----c- C:\WINDOWS\system32\ssprs.dll
2008-05-19 17:11:26 205 --a----c- C:\WINDOWS\system32\lsprst7.dll
2008-05-18 23:34:42 0 d-------- C:\Arquivos de programas\PowerArchiver
2008-05-18 14:26:30 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\DVD Shrink
2008-05-17 19:02:55 495144 --a------ C:\WINDOWS\system32\perfh016.dat
2008-05-17 19:02:55 88586 --a------ C:\WINDOWS\system32\perfc016.dat
2008-05-17 18:50:53 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\InstallShield
2008-05-17 17:15:13 0 d-------- C:\Arquivos de programas\Realtek
2008-05-17 15:58:39 0 d-------- C:\Arquivos de programas\OCCT
2008-05-16 14:40:03 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Skype
2008-05-16 09:38:41 88576 --ah----- C:\Documents and Settings\Diego\Dados de aplicativos\rbap550.dll
2008-05-14 19:12:17 0 d--h----- C:\Arquivos de programas\InstallShield Installation Information
2008-05-14 19:08:51 0 d-------- C:\Arquivos de programas\Arquivos comuns
2008-05-14 18:58:34 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\McAfee
2008-05-14 08:06:05 0 d-------- C:\Arquivos de programas\PowerISO
2008-05-14 08:05:29 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\LimeWire
2008-05-12 12:19:40 2712 --a----c- C:\WINDOWS\mozver.dat
2008-05-12 08:58:16 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\SUPERAntiSpyware.com
2008-05-12 08:11:47 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Malwarebytes
2008-05-10 23:09:00 0 d-------- C:\Arquivos de programas\MSN Messenger
2008-05-07 01:58:48 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\dvdcss
2008-05-06 22:51:04 1028 --a------ C:\Documents and Settings\Diego\Dados de aplicativos\AVIEncoder.wff
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-03 02:32:10 0 d-------- C:\Arquivos de programas\sXe Injected
2008-04-27 01:37:02 0 d-------- C:\Arquivos de programas\Soulseek
2008-04-23 01:03:17 0 d-------- C:\Arquivos de programas\Garena
2008-04-23 00:31:14 0 d-------- C:\Arquivos de programas\Azureus
2008-04-20 16:43:04 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Search Settings
2008-04-15 12:34:38 0 d-------- C:\Arquivos de programas\Messenger Plus! Live
2008-04-13 02:56:22 0 d-------- C:\Arquivos de programas\DivX
2008-04-13 02:14:54 0 d-------- C:\Arquivos de programas\The All-Seeing Eye
2008-04-09 21:06:58 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Greyfirst
2008-04-09 21:06:53 0 d-------- C:\Arquivos de programas\Celtx
2008-04-09 13:36:02 0 d-------- C:\Arquivos de programas\OGPlanet
2008-04-07 23:39:59 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\BSplayer PRO
2008-04-01 19:29:06 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-31 18:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 18:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 18:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 18:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 18:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 19:20:41 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Adobe
2008-03-30 19:04:56 0 d-------- C:\Arquivos de programas\Apple Software Update
2008-03-30 17:07:05 0 d-------- C:\Arquivos de programas\Webteh
2008-03-29 16:46:00 0 d-------- C:\Documents and Settings\Diego\Dados de aplicativos\Bioshock
2008-03-21 17:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 17:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 17:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 17:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [23/11/2006 15:10]
"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [05/12/2006 22:55]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/05/2008 05:46]
"nwiz"="nwiz.exe" [03/05/2008 05:46 C:\WINDOWS\system32\nwiz.exe]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [19/03/2002 17:30]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 16:15]
"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [16/02/2005 16:15]
"Emurayden PSX Emulator"="" []
"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"LVCOMS"="C:\Arquivos de programas\Arquivos comuns\Logitech\QCDriver2\LVCOMS.EXE" [04/09/2003 10:45]
"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" []
"APVXDWIN"="C:\Arquivos de programas\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [04/10/2007 15:15]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/05/2008 05:46]
"RTHDCPL"="RTHDCPL.EXE" [29/01/2008 15:47 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [02/07/2007 07:29]
"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [20/05/2008 16:27]

C:\Documents and Settings\Diego\Menu Iniciar\Programas\Inicializar\
Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [16/3/2005 20:16:50]
MagicDisc.lnk - C:\Arquivos de programas\MagicDisc\MagicDisc.exe [11/6/2007 10:02:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [20/05/2008 16:27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL 12/05/2008 11:56 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-05-20 21:54:56 ------------



thanks again for your trouble!!
  • 0

#9
ghostphalanx

ghostphalanx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I'd also like to pop a question...

the thing is I've been doing some stuff on the computer in the hope that it could help the situation... I recently flash my mobo bios from 2.0 to 2.5, that didn't gave me any problems that I know of but it also didn't help make anything better.... I've also tried to update the mobo drives, and that did'nty went well, aprently the older drivers created a conflict when I ran the setup for the new ones, and with that my onboard lan adapter disappeared (I later got it working again by running the new drivers setup again and somehow the lan adapter got recognized even witout the installation actually occuring). so I got my internet back but couldn't update my drivers..

With that said, I wanted to note a new issue that I think may be related with the mentioned changes: my LG dvd-RW drive isn't burning anything since these last failed update attempts.... I found that out trying to burn a backup cd with my files, since I was considering reinstalling windows from scratch... hopefuly with your help I might not have to =]

basically the burning process starts as usual (with the burner correctly recognized and everything), but as soon as the buffer test stops and the actual burning hints to start an error apears and the hole process halts and fails.... I got a message from other burning programs to try burning at lower speed, although I already tried burning at 1x with the same results....

Sorry if I got off topic with these remarks... but I wanted to explain the situation as good as I can so you can have a better biew of things....

The thing is, after my failed attempts to improve my computer's situation, I ended up bring more complications other than "just" the viruses and spyware it already had... and to think of it, I wasn't really noticing the damage the malware was causing in comparison with the damage done by the failed driver update...

ok that's it for now, I'm waiting on your next command!! thanks a bunch
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
That is more of a tech problem, you will need to go over to the Windows XP forum for that

Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
ghostphalanx

ghostphalanx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you very much Rorschach112 for your patience and effort

I have a question though. I've heard that having more than 1 anti-virus application installed on the computer is a bad thing. And that also applies to anti-spyware programs.

I already have Panda anti-virus + firewall 2008 and SUPERantispyware installed...

Should I remove any of those and install the programs directed by you?

Also, should I install all the programs you mentioned or I have to choose only one anti-spyware from the ones you suggested?

One more thing... I just realized that IE-SPYAD only works with internet explorer and I use Mozilla firefox... is it ok to ignore it then??

Thanks again.

Edited by ghostphalanx, 21 May 2008 - 12:55 PM.

  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Having more than one anti-virus or firewall is a bad idea. More than one anti-spyware is ok as long as you don't have their real-time protection on

So you are ok

Yes you can ignore IE-SPYAD if you use Firefox


Anything else ?
  • 0

#13
ghostphalanx

ghostphalanx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I think that's all then!

Thank you so much for saving my PC Rorschach112 !!

I'll go to the windows XP forum to tap my drivers problems and see if I can get my dvd burner working again... thanks a bunch!!!
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP