Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something really wrong going on: Win32/Bagle ? [RESOLVED]


  • This topic is locked This topic is locked

#1
marcos.rj

marcos.rj

    Member

  • Member
  • PipPip
  • 29 posts
Though I rarely open IE I’ve been experiencing some IE-related problems such as pop-ups and failed (i.e., error message of) download attempts without my opening IE. But the most strange thing is a tv broadcast-like ‘ghost’ audio that comes up out of the blue. Avast is just stuck and won’t do anything, other online scanners (Panda, Kaspersky or F-Secure) won’t go till the end either . I've run ELIBAGLE a couple of times and found Win32/Bagle , which was apparently eliminated through killing some MDELK.EXE file. Anyway, pop-ups are still coming and I’d be very grateful if someone could help me sort that out.

Thanks for your help !


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\KILLWIN\System32\smss.exe
C:\KILLWIN\system32\csrss.exe
C:\KILLWIN\system32\winlogon.exe
C:\KILLWIN\system32\services.exe
C:\KILLWIN\system32\lsass.exe
C:\KILLWIN\system32\svchost.exe
C:\KILLWIN\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\KILLWIN\system32\spoolsv.exe
C:\KILLWIN\system32\lxdjcoms.exe
C:\KILLWIN\system32\UAService7.exe
C:\KILLWIN\Explorer.EXE
C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\setup.exe
C:\Arquivos de programas\JavaCore\JavaCore.exe
C:\KILLWIN\system32\ctfmon.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe
C:\Arquivos de programas\Svconr\Svconr.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SpeedRunner.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\hvasuo.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\tncqdc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\AdVantage\AdVantage.exe
C:\Arquivos de programas\Paltalk Messenger\paltalk.exe
C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
C:\Arquivos de programas\PersonalBrain\PersonalBrainS.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll
O2 - BHO: BHO Class - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Arquivos de programas\Spcron\Spcron.dll
O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [lxdjamon] "C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UDC Integration] C:\ARQUIV~1\UNIVER~1\getstart.exe "C:\Arquivos de programas\Universal Document Converter" -silent -default -noshowmanual
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Setup] C:\Program Files\Common Files\setup.exe -cleaning
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [JavaCore] C:\Arquivos de programas\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\KILLWIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Twain] C:\Arquivos de programas\Twain\Twain.exe
O4 - HKCU\..\Run: [Svconr] C:\Arquivos de programas\Svconr\Svconr.exe
O4 - HKCU\..\Run: [Steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\hvasuo.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\tncqdc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PersonalBrain 4.lnk = C:\Arquivos de programas\PersonalBrain\PersonalBrainS.exe
O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa...cab/gbpdist.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\KILLWIN\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\KILLWIN\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\KILLWIN\system32\lxdjcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\KILLWIN\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\KILLWIN\system32\UAService7.exe

--
End of file - 10690 bytes
  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer. Now I must tell you, that bagle is one of the most difficult malware to remove from a computer, and I cannot promise that we will be able to get rid of it, if your computer proves to be infected by this nasty. However, if you are willing to try, then I am too.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you turn off word wrap in Notepad. To do this, open Notepad, choose Format, then Un-check Word Wrap. (Word Wrap makes reading your log difficult).

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepad files: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the following logs:
  • The contents of the SDFix Report.txt
  • The contents of DSS main.txt
  • The contents of DSS extra.txt
Note that you may need to make two or three posts to include the full reports.

Regards,
RatHat
  • 0

#3
marcos.rj

marcos.rj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello RatHat,

Thanks a lot for your willingness to help me. Timely replies will be a problem for me due to work constraints, but I'm ready to follow every step to kill the bloody [bleep] bagle.

I did try to install SDFix.exe a couple of times but it only gave me 'Some installations files are corrupt' message at the end. At least it enabled me to reboot the computer in safe mode, which I wasnt able to before, but it didnt generate the RunThis.bat file. Text files are all the SDFix folder and subfolders contain. (See image attached). So i got no log from SDFix.

But here's DSS reports.



Deckard's System Scanner v20071014.68
Run by Marcos on 2008-05-22 19:53:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 1 Restore Point(s) --
1: 2008-05-22 22:53:38 UTC - RP210 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Marcos.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\KILLWIN\System32\smss.exe
C:\KILLWIN\system32\csrss.exe
C:\KILLWIN\system32\winlogon.exe
C:\KILLWIN\system32\services.exe
C:\KILLWIN\system32\lsass.exe
C:\KILLWIN\system32\svchost.exe
C:\KILLWIN\system32\svchost.exe
C:\KILLWIN\System32\svchost.exe
C:\KILLWIN\system32\svchost.exe
C:\KILLWIN\system32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\KILLWIN\system32\spoolsv.exe
C:\KILLWIN\Explorer.EXE
C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\KILLWIN\system32\lxdjcoms.exe
C:\KILLWIN\system32\wdfmgr.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\JavaCore\JavaCore.exe
C:\KILLWIN\system32\ctfmon.exe
C:\KILLWIN\system32\UAService7.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe
C:\Arquivos de programas\Svconr\Svconr.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\hvasuo.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\tncqdc.exe
C:\Arquivos de programas\AdVantage\AdVantage.exe
C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
C:\KILLWIN\System32\alg.exe
C:\KILLWIN\system32\rVCPj3C2.exe
C:\KILLWIN\system32\V752Nw5c.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marcos.CASA\Desktop\dss.exe
C:\KILLWIN\system32\wbem\wmiprvse.exe
C:\ARQUIV~1\TRENDM~1\HIJACK~1\Marcos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll
O2 - BHO: BHO Class - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Arquivos de programas\Spcron\Spcron.dll
O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [lxdjamon] "C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UDC Integration] C:\ARQUIV~1\UNIVER~1\getstart.exe "C:\Arquivos de programas\Universal Document Converter" -silent -default -noshowmanual
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Setup] C:\Program Files\Common Files\setup.exe -cleaning
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [JavaCore] C:\Arquivos de programas\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\KILLWIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Twain] C:\Arquivos de programas\Twain\Twain.exe
O4 - HKCU\..\Run: [Svconr] C:\Arquivos de programas\Svconr\Svconr.exe
O4 - HKCU\..\Run: [Steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\hvasuo.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\tncqdc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PersonalBrain 4.lnk = C:\Arquivos de programas\PersonalBrain\PersonalBrainS.exe
O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa...cab/gbpdist.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\KILLWIN\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\KILLWIN\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\KILLWIN\system32\lxdjcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\KILLWIN\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\KILLWIN\system32\UAService7.exe

--
End of file - 10581 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\killwin\system32\uaservice7.exe

0


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem PCI
Device ID: PCI\VEN_2003&DEV_8800&SUBSYS_28001801&REV_02\4&11D7AD53&0&4040
Manufacturer:
Name: Modem PCI
PNP Device ID: PCI\VEN_2003&DEV_8800&SUBSYS_28001801&REV_02\4&11D7AD53&0&4040
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-22 19:09:02 300 --a------ C:\KILLWIN\Tasks\AppleSoftwareUpdate.job
2008-05-22 19:00:06 350 --a------ C:\KILLWIN\Tasks\At68.job
2008-05-22 19:00:06 350 --a------ C:\KILLWIN\Tasks\At44.job
2008-05-22 19:00:02 350 --a------ C:\KILLWIN\Tasks\At20.job
2008-05-22 18:00:04 350 --a------ C:\KILLWIN\Tasks\At19.job
2008-05-22 18:00:02 350 --a------ C:\KILLWIN\Tasks\At67.job
2008-05-22 18:00:02 350 --a------ C:\KILLWIN\Tasks\At43.job
2008-05-22 17:23:18 350 --a------ C:\KILLWIN\Tasks\At61.job
2008-05-22 17:23:18 350 --a------ C:\KILLWIN\Tasks\At37.job
2008-05-22 12:00:02 350 --a------ C:\KILLWIN\Tasks\At13.job
2008-05-22 11:48:16 350 --a------ C:\KILLWIN\Tasks\At58.job
2008-05-22 11:48:14 350 --a------ C:\KILLWIN\Tasks\At34.job
2008-05-22 11:00:20 350 --a------ C:\KILLWIN\Tasks\At12.job
2008-05-22 11:00:16 350 --a------ C:\KILLWIN\Tasks\At60.job
2008-05-22 11:00:10 350 --a------ C:\KILLWIN\Tasks\At36.job
2008-05-22 10:00:08 350 --a------ C:\KILLWIN\Tasks\At59.job
2008-05-22 10:00:08 350 --a------ C:\KILLWIN\Tasks\At35.job
2008-05-22 10:00:06 350 --a------ C:\KILLWIN\Tasks\At11.job
2008-05-22 09:00:04 350 --a------ C:\KILLWIN\Tasks\At10.job
2008-05-22 08:00:02 350 --a------ C:\KILLWIN\Tasks\At51.job
2008-05-22 08:00:02 350 --a------ C:\KILLWIN\Tasks\At27.job
2008-05-22 07:00:06 350 --a------ C:\KILLWIN\Tasks\At56.job
2008-05-22 07:00:06 350 --a------ C:\KILLWIN\Tasks\At32.job
2008-05-22 07:00:02 350 --a------ C:\KILLWIN\Tasks\At8.job
2008-05-22 06:00:06 350 --a------ C:\KILLWIN\Tasks\At55.job
2008-05-22 06:00:06 350 --a------ C:\KILLWIN\Tasks\At31.job
2008-05-22 06:00:02 350 --a------ C:\KILLWIN\Tasks\At7.job
2008-05-22 05:00:06 350 --a------ C:\KILLWIN\Tasks\At54.job
2008-05-22 05:00:06 350 --a------ C:\KILLWIN\Tasks\At30.job
2008-05-22 05:00:02 350 --a------ C:\KILLWIN\Tasks\At6.job
2008-05-22 04:00:06 350 --a------ C:\KILLWIN\Tasks\At53.job
2008-05-22 04:00:06 350 --a------ C:\KILLWIN\Tasks\At29.job
2008-05-22 04:00:02 350 --a------ C:\KILLWIN\Tasks\At5.job
2008-05-22 03:00:06 350 --a------ C:\KILLWIN\Tasks\At52.job
2008-05-22 03:00:06 350 --a------ C:\KILLWIN\Tasks\At28.job
2008-05-22 03:00:04 350 --a------ C:\KILLWIN\Tasks\At4.job
2008-05-22 02:00:04 350 --a------ C:\KILLWIN\Tasks\At3.job
2008-05-22 01:17:12 350 --a------ C:\KILLWIN\Tasks\At69.job
2008-05-22 01:17:12 350 --a------ C:\KILLWIN\Tasks\At45.job
2008-05-22 01:00:06 350 --a------ C:\KILLWIN\Tasks\At50.job
2008-05-22 01:00:06 350 --a------ C:\KILLWIN\Tasks\At26.job
2008-05-22 01:00:04 350 --a------ C:\KILLWIN\Tasks\At2.job
2008-05-22 00:11:06 350 --a------ C:\KILLWIN\Tasks\At25.job
2008-05-22 00:09:08 350 --a------ C:\KILLWIN\Tasks\At49.job
2008-05-22 00:00:04 350 --a------ C:\KILLWIN\Tasks\At1.job
2008-05-21 23:00:06 350 --a------ C:\KILLWIN\Tasks\At72.job
2008-05-21 23:00:06 350 --a------ C:\KILLWIN\Tasks\At48.job
2008-05-21 23:00:04 350 --a------ C:\KILLWIN\Tasks\At24.job
2008-05-21 22:00:06 350 --a------ C:\KILLWIN\Tasks\At71.job
2008-05-21 22:00:06 350 --a------ C:\KILLWIN\Tasks\At47.job
2008-05-21 22:00:02 350 --a------ C:\KILLWIN\Tasks\At23.job
2008-05-21 21:00:06 350 --a------ C:\KILLWIN\Tasks\At70.job
2008-05-21 21:00:06 350 --a------ C:\KILLWIN\Tasks\At46.job
2008-05-21 21:00:02 350 --a------ C:\KILLWIN\Tasks\At22.job
2008-05-21 20:00:02 350 --a------ C:\KILLWIN\Tasks\At21.job
2008-05-21 19:55:08 350 --a------ C:\KILLWIN\Tasks\At64.job
2008-05-21 19:55:06 350 --a------ C:\KILLWIN\Tasks\At40.job
2008-05-21 15:00:02 350 --a------ C:\KILLWIN\Tasks\At16.job
2008-05-20 08:15:02 350 --a------ C:\KILLWIN\Tasks\At57.job
2008-05-20 08:15:00 350 --a------ C:\KILLWIN\Tasks\At33.job
2008-05-20 08:00:04 350 --a------ C:\KILLWIN\Tasks\At9.job
2008-05-20 07:54:36 350 --a------ C:\KILLWIN\Tasks\At65.job
2008-05-20 07:54:34 350 --a------ C:\KILLWIN\Tasks\At41.job
2008-05-19 17:00:06 350 --a------ C:\KILLWIN\Tasks\At66.job
2008-05-19 17:00:06 350 --a------ C:\KILLWIN\Tasks\At42.job
2008-05-19 17:00:04 350 --a------ C:\KILLWIN\Tasks\At18.job
2008-05-19 16:00:04 350 --a------ C:\KILLWIN\Tasks\At17.job
2008-05-19 15:51:52 350 --a------ C:\KILLWIN\Tasks\At63.job
2008-05-19 15:51:52 350 --a------ C:\KILLWIN\Tasks\At39.job
2008-05-19 14:00:06 350 --a------ C:\KILLWIN\Tasks\At15.job
2008-05-16 17:15:02 394 --a------ C:\KILLWIN\Tasks\1-Click Maintenance.job
2008-05-14 23:05:20 350 --a------ C:\KILLWIN\Tasks\At62.job
2008-05-14 23:05:20 350 --a------ C:\KILLWIN\Tasks\At38.job
2008-05-14 13:00:04 350 --a------ C:\KILLWIN\Tasks\At14.job


-- Files created between 2008-04-22 and 2008-05-22 -----------------------------

2008-05-22 07:57:35 0 d-------- C:\Arquivos de programas\Trend Micro
2008-05-22 01:14:50 0 d--hs---- C:\FOUND.156
2008-05-21 20:09:03 0 d-------- C:\Arquivos de programas\Yahoo!
2008-05-20 11:25:09 0 d-------- C:\fsaua.data
2008-05-20 11:06:53 0 d-------- C:\Combo-Fix
2008-05-20 11:01:34 0 d--hs---- C:\FOUND.155
2008-05-20 10:55:10 68096 --a------ C:\KILLWIN\zip.exe
2008-05-20 10:55:10 49152 --a------ C:\KILLWIN\VFind.exe
2008-05-20 10:55:10 212480 --a------ C:\KILLWIN\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-20 10:55:10 136704 --a------ C:\KILLWIN\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-20 10:55:10 161792 --a------ C:\KILLWIN\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-20 10:55:10 98816 --a------ C:\KILLWIN\sed.exe
2008-05-20 10:55:10 80412 --a------ C:\KILLWIN\grep.exe
2008-05-20 10:55:10 89504 --a------ C:\KILLWIN\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-20 10:38:43 0 d-------- C:\Arquivos de programas\Participatory Culture Foundation
2008-05-20 10:02:31 0 d-------- C:\Arquivos de programas\PersonalBrain
2008-05-20 09:48:43 0 d-------- C:\My Brains
2008-05-20 09:47:53 0 d-------- C:\Arquivos de programas\TheBrain
2008-05-20 08:36:36 0 d-------- C:\KILLWIN\system32\QuickTime
2008-05-20 08:25:36 5632 --a------ C:\KILLWIN\system32\udcpm.dll <Not Verified; fCoder Group, Inc.; Universal Document Converter>
2008-05-20 08:25:34 0 d-------- C:\UDC Snapshots
2008-05-20 08:25:33 0 d-------- C:\Arquivos de programas\Universal Document Converter
2008-05-20 08:05:26 0 d-------- C:\lotuspro
2008-05-20 07:57:15 0 d-------- C:\Arquivos de programas\Arquivos comuns\TechSmith Shared
2008-05-20 07:57:12 0 d-------- C:\Arquivos de programas\TechSmith
2008-05-19 15:51:32 0 d--hs---- C:\FOUND.154
2008-05-19 13:39:38 10240 --a------ C:\KILLWIN\system32\MVut14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 50688 --a------ C:\KILLWIN\system32\MVtl14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 51200 --a------ C:\KILLWIN\system32\MVsr14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 32768 --a------ C:\KILLWIN\system32\MVmg14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 73728 --a------ C:\KILLWIN\system32\MVmc14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 68608 --a------ C:\KILLWIN\system32\MVix14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 56320 --a------ C:\KILLWIN\system32\MVfs14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 112128 --a------ C:\KILLWIN\system32\MVcl14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 25600 --a------ C:\KILLWIN\system32\MVbk14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 0 d-------- C:\KILLWIN\Epa
2008-05-19 05:06:32 0 d--hs---- C:\FOUND.153
2008-05-18 23:05:26 0 d-------- C:\Arquivos de programas\Alwil Software
2008-05-18 23:04:09 0 d-------- C:\Arquivos de programas\RootKit Hook Analyzer
2008-05-18 22:56:17 3584 --a------ C:\KILLWIN\system32\wmfhotfix.dll
2008-05-18 22:56:17 0 d-------- C:\Arquivos de programas\WindowsMetafileFix
2008-05-18 20:46:21 0 d-------- C:\Arquivos de programas\CCleaner
2008-05-18 19:35:48 0 d-------- C:\Arquivos de programas\Arquivos comuns\Panda Software
2008-05-17 20:41:10 0 d-------- C:\KILLWIN\system32\Kaspersky Lab
2008-05-16 23:15:56 0 d--hs---- C:\FOUND.152
2008-05-15 13:56:42 0 d--hs---- C:\FOUND.151
2008-05-14 23:04:56 0 d--hs---- C:\FOUND.150
2008-05-13 16:43:02 126976 --a------ C:\KILLWIN\system32\UAService7.exe
2008-05-13 05:12:51 46594 --a------ C:\KILLWIN\system32\V752Nw5c.exe
2008-05-13 05:12:50 53248 --a------ C:\KILLWIN\system32\oml.dll
2008-05-13 04:21:13 0 d-------- C:\Arquivos de programas\Metastock Expresso e-Book
2008-05-13 01:41:54 0 d--hs---- C:\FOUND.149
2008-05-12 02:02:50 0 d--hs---- C:\FOUND.148
2008-05-12 01:41:46 0 d--hs---- C:\FOUND.147
2008-05-10 11:17:44 0 d--hs---- C:\FOUND.146
2008-05-07 20:16:57 30722 --a------ C:\KILLWIN\system32\rVCPj3C2.exe
2008-05-07 19:40:50 0 d--hs---- C:\FOUND.145
2008-05-05 15:32:49 0 d-------- C:\Arquivos de programas\Spcron
2008-05-05 15:27:37 0 d-------- C:\Arquivos de programas\Svconr
2008-05-02 09:25:45 0 d-------- C:\Arquivos de programas\AMP Font Viewer
2008-05-01 09:40:16 68608 --a------ C:\KILLWIN\b155.exe
2008-04-30 13:03:34 0 d--hs---- C:\FOUND.144
2008-04-28 13:17:41 0 d-------- C:\Arquivos de programas\Arquivos comuns\SourceTec
2008-04-28 13:17:37 0 d-------- C:\Arquivos de programas\SourceTec
2008-04-26 07:14:57 33280 --a------ C:\KILLWIN\system32\nRXLf3X2.dll
2008-04-25 09:42:48 0 d--hs---- C:\FOUND.143
2008-04-24 18:44:20 73728 --a------ C:\KILLWIN\b156.exe
2008-04-24 04:39:34 0 d-------- C:\Arquivos de programas\Juice
2008-04-24 02:47:08 0 d-------- C:\Arquivos de programas\MagicISO
2008-04-24 02:44:59 0 d-------- C:\Arquivos de programas\MagicISO Maker v5 4
2008-04-22 17:28:14 0 d--hs---- C:\FOUND.142
2008-04-22 05:07:09 0 d-------- C:\Arquivos de programas\Stardock
2008-04-22 05:07:09 0 d-------- C:\Arquivos de programas\Arquivos comuns\Stardock
2008-04-22 00:54:42 0 d--hs---- C:\FOUND.141


-- Find3M Report ---------------------------------------------------------------

2008-05-22 07:10:16 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\PCF-VLC
2008-05-20 10:39:20 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Participatory Culture Foundation
2008-05-20 10:03:34 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\PersonalBrain
2008-05-19 17:54:42 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Audacity
2008-05-13 16:43:08 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SecuROM
2008-05-13 01:23:36 4563 --a------ C:\KILLWIN\mozver.dat
2008-05-02 09:19:20 37376 -ra------ C:\KILLWIN\mrofinu1395.exe
2008-04-24 04:39:46 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\iPodder
2008-04-19 20:54:20 10 --a------ C:\Arquivos de programas\.autoreg
2008-04-19 20:53:50 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch
2008-04-19 20:53:44 0 d-------- C:\Arquivos de programas\Inet_Get_2
2008-04-19 20:48:44 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner
2008-04-19 20:43:52 0 d-------- C:\Arquivos de programas\JavaCore
2008-04-19 20:43:52 0 d-------- C:\Arquivos de programas\InetGet2
2008-04-19 20:33:46 0 d-------- C:\Arquivos de programas\Temporary
2008-04-17 06:46:52 57775 --a------ C:\KILLWIN\system32\1.exe
2008-04-15 16:35:08 55596 --a------ C:\KILLWIN\system32\AnalFTP2.exe
2008-04-14 15:26:02 0 d-------- C:\Arquivos de programas\GbPlugin
2008-04-14 12:08:18 46592 --a------ C:\KILLWIN\b157.exe
2008-04-13 05:37:00 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\MegauploadToolbar
2008-04-13 05:37:00 0 d-------- C:\Arquivos de programas\MegauploadToolbar
2008-04-12 22:01:56 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Lexmark Productivity Studio
2008-04-11 08:48:26 11264 --a------ C:\KILLWIN\b138.exe
2008-04-06 23:45:38 0 d-------- C:\Arquivos de programas\passFIRST-Certificate-Demo
2008-03-30 21:54:26 0 d-------- C:\Arquivos de programas\QuienNoAdmitido
2008-03-23 06:07:04 0 d-------- C:\Arquivos de programas\SopCast
2008-03-23 06:04:44 0 d-------- C:\Arquivos de programas\MegaCubo
2008-03-04 16:32:28 105984 --a------ C:\KILLWIN\b152.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
2008-05-05 15:32 55808 --a------ C:\Arquivos de programas\Spcron\Spcron.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdjamon"="C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 08:19]
"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-18 23:06]
"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-12-20 13:16]
"UDC Integration"="C:\ARQUIV~1\UNIVER~1\getstart.exe" [2006-02-06 19:00]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Setup"="C:\Program Files\Common Files\setup.exe" [2008-02-19 05:30]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41]
"nwiz"="nwiz.exe" [2002-01-15 05:06 C:\KILLWIN\system32\nwiz.exe]
"NvCplDaemon"="NvQTwk" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaCore"="C:\Arquivos de programas\\JavaCore\\JavaCore.exe" [2008-04-19 20:43]
"ctfmon.exe"="C:\KILLWIN\system32\ctfmon.exe" [2004-08-04 00:45]
"WinTouch"="C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe" [2008-04-19 20:54]
"Twain"="C:\Arquivos de programas\Twain\Twain.exe" []
"Svconr"="C:\Arquivos de programas\Svconr\Svconr.exe" [2008-05-05 15:27]
"Steam"="C:\Arquivos de programas\Steam\Steam.exe" []
"SpeedRunner"="C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SpeedRunner.exe" [2008-04-19 20:48]
"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-06-08 15:18]
"SfKg6wIP"="C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\hvasuo.exe" [2008-04-19 20:48]
"SfKg6w"="C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\tncqdc.exe" [2008-04-19 20:54]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-01-17 14:51]
"AdVantage"="C:\Arquivos de programas\AdVantage\AdVantage.exe" [2007-11-05 11:12]

C:\Documents and Settings\Marcos.CASA\Menu Iniciar\Programas\Inicializar\
Stardock ObjectDock.lnk - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2008-04-22 05:07:27]
Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
PersonalBrain 4.lnk - C:\Arquivos de programas\PersonalBrain\PersonalBrainS.exe [2008-05-20 10:02:37]

C:\Documents and Settings\All Users.KILLWIN\Menu Iniciar\Programas\Inicializar\
PalTalk.lnk - C:\Arquivos de programas\Paltalk Messenger\paltalk.exe [2008-05-08 19:17:29]
InterVideo WinCinema Manager.lnk - C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-08-04 17:17:11]
Adobe Reader Synchronizer.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-03-05 11:29 341576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2008-03-05 11:29 341576 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-05-22 19:55:05 ------------

SDFix.Folder.No.RunThis.bat.jpg




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Portuguese

CPU 0: AMD Athlon™ XP 2000+
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1535.35 MiB / 1107.25 MiB
Pagefile Memory (total/avail): 3434.88 MiB / 2911.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.28 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 28.61 GiB total, 5.28 GiB free.
D: is Fixed (NTFS) - 149.04 GiB total, 0.04 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IBM-DTLA-307030 - 28.63 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 28.62 GiB - C:

\\.\PHYSICALDRIVE1 - SAMSUNG SP1604N - 149.05 GiB - 1 partition
\PARTITION0 - Sistema de arquivos instalável - 149.04 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe"="C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Arquivos de programas\\Paltalk Messenger\\paltalk.exe"="C:\\Arquivos de programas\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk 9.0"
"C:\\KILLWIN\\System32\\lxdjcoms.exe"="C:\\KILLWIN\\System32\\lxdjcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Arquivos de programas\\Lexmark 1400 Series\\lxdjamon.exe"="C:\\Arquivos de programas\\Lexmark 1400 Series\\lxdjamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Arquivos de programas\\Lexmark 1400 Series\\App4R.exe"="C:\\Arquivos de programas\\Lexmark 1400 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\KILLWIN\\System32\\spool\\drivers\\W32X86\\3\\lxdjwbgw.exe"="C:\\KILLWIN\\System32\\spool\\drivers\\W32X86\\3\\lxdjwbgw.exe:*:Enabled: "
"C:\\Program Files\\Hasbro Sports\\Grand Prix 3\\GP3.exe"="C:\\Program Files\\Hasbro Sports\\Grand Prix 3\\GP3.exe:*:Enabled:GP3"
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Arquivos de programas\\Cedro Market & Finances\\Cedro Lite\\zebedee\\tunnelcedro.exe"="C:\\Arquivos de programas\\Cedro Market & Finances\\Cedro Lite\\zebedee\\tunnelcedro.exe:*:Enabled:Tunnel Cedro"
"D:\\Jogos\\Bohemia Interactive\\ArmA Demo\\ArmADemo.exe"="D:\\Jogos\\Bohemia Interactive\\ArmA Demo\\ArmADemo.exe:*:Enabled:ArmA"
"C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"="C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe:*:Enabled:ArmA Demo"
"C:\\Arquivos de programas\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Arquivos de programas\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\\Arquivos de Programas\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="D:\\Arquivos de Programas\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Arquivos de programas\\Mozilla Firefox\\FIREFOX.EXE"="C:\\Arquivos de programas\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Firefox"
"C:\\Arquivos de programas\\Avant Browser\\avant.exe"="C:\\Arquivos de programas\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjPSWX.EXE"="C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjPSWX.EXE:*:Enabled: "
"C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjjswx.exe"="C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjjswx.exe:*:Enabled: "
"C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDJtime.exe"="C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDJtime.exe:*:Enabled: "
"D:\\Arquivos de Programas\\DreMule\\emule.exe"="D:\\Arquivos de Programas\\DreMule\\emule.exe:*:Enabled:Dreamule"
"C:\\Arquivos de programas\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Arquivos de programas\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.KILLWIN
APPDATA=C:\Documents and Settings\Marcos.CASA\Dados de aplicativos
CLASSPATH=.;C:\Arquivos de programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=CASA
ComSpec=C:\KILLWIN\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Marcos.CASA
LOGONSERVER=\\CASA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\KILLWIN\system32;C:\KILLWIN;C:\KILLWIN\system32\wbem;C:\Arquivos de programas\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
QTJAVA=C:\Arquivos de programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\KILLWIN
TEMP=C:\DOCUME~1\MARCOS~1.CAS\CONFIG~1\Temp
TMP=C:\DOCUME~1\MARCOS~1.CAS\CONFIG~1\Temp
USERDOMAIN=CASA
USERNAME=Marcos
USERPROFILE=C:\Documents and Settings\Marcos.CASA
windir=C:\KILLWIN


-- User Profiles ---------------------------------------------------------------

Marcos.CASA (admin)
Gamer


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\KILLWIN\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Arquivos de programas\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX --> C:\KILLWIN\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\KILLWIN\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 - Português --> MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A80000000000}
AdVantage (Powering DAEMON Tools) --> "C:\Arquivos de programas\AdVantage\AdVUninst.exe" /r DAEM /d "AdVantage (Powering DAEMON Tools)" /m "AdVantage is safe advertising software that supports Freeze.com.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for DAEMON Tools?"
AMP Font Viewer --> "C:\Arquivos de programas\AMP Font Viewer\uninstall.exe"
Ap PDF Split/Merge --> "C:\Arquivos de programas\AdultPDF\Ap PDF Split-Merge\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arquivo do WinRAR --> C:\Arquivos de programas\WinRAR\uninstall.exe
ATI - Software Uninstall Utility --> C:\Arquivos de programas\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\KILLWIN\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
µTorrent --> "C:\Arquivos de programas\uTorrent\uTorrent.exe" /UNINSTALL
Atualização de segurança para Step by Step Interactive Training (KB923723) --> "C:\KILLWIN\$NtUninstallKB923723$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB890046) --> "C:\KILLWIN\$NtUninstallKB890046$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB893756) --> "C:\KILLWIN\$NtUninstallKB893756$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896358) --> "C:\KILLWIN\$NtUninstallKB896358$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896423) --> "C:\KILLWIN\$NtUninstallKB896423$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896428) --> "C:\KILLWIN\$NtUninstallKB896428$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899587) --> "C:\KILLWIN\$NtUninstallKB899587$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899589) --> "C:\KILLWIN\$NtUninstallKB899589$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899591) --> "C:\KILLWIN\$NtUninstallKB899591$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB900725) --> "C:\KILLWIN\$NtUninstallKB900725$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901017) --> "C:\KILLWIN\$NtUninstallKB901017$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901190) --> "C:\KILLWIN\$NtUninstallKB901190$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901214) --> "C:\KILLWIN\$NtUninstallKB901214$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB902400) --> "C:\KILLWIN\$NtUninstallKB902400$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB904706) --> "C:\KILLWIN\$NtUninstallKB904706$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905414) --> "C:\KILLWIN\$NtUninstallKB905414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905749) --> "C:\KILLWIN\$NtUninstallKB905749$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB908519) --> "C:\KILLWIN\$NtUninstallKB908519$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911562) --> "C:\KILLWIN\$NtUninstallKB911562$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911927) --> "C:\KILLWIN\$NtUninstallKB911927$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB913580) --> "C:\KILLWIN\$NtUninstallKB913580$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914388) --> "C:\KILLWIN\$NtUninstallKB914388$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914389) --> "C:\KILLWIN\$NtUninstallKB914389$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917422) --> "C:\KILLWIN\$NtUninstallKB917422$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917537) --> "C:\KILLWIN\$NtUninstallKB917537$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917953) --> "C:\KILLWIN\$NtUninstallKB917953$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918118) --> "C:\KILLWIN\$NtUninstallKB918118$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918439) --> "C:\KILLWIN\$NtUninstallKB918439$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB919007) --> "C:\KILLWIN\$NtUninstallKB919007$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920213) --> "C:\KILLWIN\$NtUninstallKB920213$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920670) --> "C:\KILLWIN\$NtUninstallKB920670$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920683) --> "C:\KILLWIN\$NtUninstallKB920683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920685) --> "C:\KILLWIN\$NtUninstallKB920685$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB922819) --> "C:\KILLWIN\$NtUninstallKB922819$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923191) --> "C:\KILLWIN\$NtUninstallKB923191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923414) --> "C:\KILLWIN\$NtUninstallKB923414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923980) --> "C:\KILLWIN\$NtUninstallKB923980$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924270) --> "C:\KILLWIN\$NtUninstallKB924270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924496) --> "C:\KILLWIN\$NtUninstallKB924496$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924667) --> "C:\KILLWIN\$NtUninstallKB924667$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB925902) --> "C:\KILLWIN\$NtUninstallKB925902$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926255) --> "C:\KILLWIN\$NtUninstallKB926255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926436) --> "C:\KILLWIN\$NtUninstallKB926436$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927779) --> "C:\KILLWIN\$NtUninstallKB927779$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927802) --> "C:\KILLWIN\$NtUninstallKB927802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928255) --> "C:\KILLWIN\$NtUninstallKB928255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928843) --> "C:\KILLWIN\$NtUninstallKB928843$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929123) --> "C:\KILLWIN\$NtUninstallKB929123$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929969) --> "C:\KILLWIN\$NtUninstallKB929969$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB930178) --> "C:\KILLWIN\$NtUninstallKB930178$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931261) --> "C:\KILLWIN\$NtUninstallKB931261$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931784) --> "C:\KILLWIN\$NtUninstallKB931784$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB932168) --> "C:\KILLWIN\$NtUninstallKB932168$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB933566) --> "C:\KILLWIN\$NtUninstallKB933566$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935839) --> "C:\KILLWIN\$NtUninstallKB935839$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935840) --> "C:\KILLWIN\$NtUninstallKB935840$\spuninst\spuninst.exe"
Atualização para Windows XP (KB908531) --> "C:\KILLWIN\$NtUninstallKB908531$\spuninst\spuninst.exe"
Atualização para Windows XP (KB911280) --> "C:\KILLWIN\$NtUninstallKB911280$\spuninst\spuninst.exe"
Atualização para Windows XP (KB922582) --> "C:\KILLWIN\$NtUninstallKB922582$\spuninst\spuninst.exe"
Atualização para Windows XP (KB925720) --> "C:\KILLWIN\$NtUninstallKB925720$\spuninst\spuninst.exe"
Avant Browser (remove only) --> "C:\Arquivos de programas\Avant Browser\uninst.exe"
avast! Antivirus --> C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Rootkit Free --> C:\Arquivos de programas\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Bink and Smacker --> C:\ARQUIV~1\RADVIDEO\UNWISE.EXE C:\ARQUIV~1\RADVIDEO\INSTALL.LOG
Camtasia Studio --> C:\Arquivos de programas\TechSmith\Camtasia Studio\CSuninst.EXE
Camtasia Studio 5 --> MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
CCleaner (remove only) --> "C:\Arquivos de programas\CCleaner\uninst.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Collins COBUILD Student's Dictionary Plus Grammar --> D:\Arquivos de ProgramasSetup.exe /u
CPV --> cmd /C regsvr32 /u /s "C:\Arquivos de programas\CPV\CPV8.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Arquivos de programas\CPV\"" /f
CPV --> cmd /C regsvr32 /u /s "C:\Arquivos de programas\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Arquivos de programas\Spcron\"" /f
Creative DVD Audio Plugin for Audigy Series --> "C:\Arquivos de programas\Creative\CTDPlugin\CTUIDVD.exe " -u
DivX Codec --> C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Arquivos de programas\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER
Dreamule 3.1 --> "D:\Arquivos de programas\DreMule\unins000.exe"
Easy Video Downloader v. 1.4.2 --> "C:\Arquivos de programas\Easy Video Downloader\unins000.exe"
ffdshow (remove only) --> "C:\Arquivos de programas\ffdshow\uninstall.exe"
HijackThis 2.0.2 --> "C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Indeo® XP Software --> C:\KILLWIN\IsUninst.exe -f"C:\Arquivos de programas\Ligos\Indeo\UninstXP.isu"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 7 --> "C:\Arquivos de programas\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Juice 2.2 --> C:\Arquivos de programas\Juice\uninst.exe
Kaspersky Online Scanner --> C:\KILLWIN\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
L&H TTS3000 Português (Brasil) --> RunDll32 advpack.d
  • 0

#4
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Before going on, could you tell me if the Folder KILLWIN is where you have Windows? Also I see you have Combo-Fix on yoour machine, have your run this, and if so could you post me the log it produced?

Finally, could you repost the DSS extra.txt as it has been cut short.

Regards,
RatHat
  • 0

#5
marcos.rj

marcos.rj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes, my current Windows was installed into KILLWIN. The previous one got helplessly corrupted and wouldnt start any more. So I had to install a separate one (the KILLWIN), which was meant to be temporary so I could backup my files and format everything clean, but then time went by and I didnt kill it as I wanted in first place and now I got this problem. Now I just want to have an AntiVirus running again to make sure my personal files in D:\ are free of viruses. Then I'll format C:\ and start from scratch again.

As for Combo-Fix, I tried to run it before, though I did not know exactly what I should do about it, but anyway it was to no use : the computer always crashed and restarted in the middle of it , so it never produced a log. I've just tried it again now and again no error or failure message, it just crashes.

Here's DSS extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Portuguese

CPU 0: AMD Athlon™ XP 2000+
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1535.35 MiB / 1107.25 MiB
Pagefile Memory (total/avail): 3434.88 MiB / 2911.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.28 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 28.61 GiB total, 5.28 GiB free.
D: is Fixed (NTFS) - 149.04 GiB total, 0.04 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IBM-DTLA-307030 - 28.63 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 28.62 GiB - C:

\\.\PHYSICALDRIVE1 - SAMSUNG SP1604N - 149.05 GiB - 1 partition
\PARTITION0 - Sistema de arquivos instalável - 149.04 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe"="C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Arquivos de programas\\Paltalk Messenger\\paltalk.exe"="C:\\Arquivos de programas\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk 9.0"
"C:\\KILLWIN\\System32\\lxdjcoms.exe"="C:\\KILLWIN\\System32\\lxdjcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Arquivos de programas\\Lexmark 1400 Series\\lxdjamon.exe"="C:\\Arquivos de programas\\Lexmark 1400 Series\\lxdjamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Arquivos de programas\\Lexmark 1400 Series\\App4R.exe"="C:\\Arquivos de programas\\Lexmark 1400 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\KILLWIN\\System32\\spool\\drivers\\W32X86\\3\\lxdjwbgw.exe"="C:\\KILLWIN\\System32\\spool\\drivers\\W32X86\\3\\lxdjwbgw.exe:*:Enabled: "
"C:\\Program Files\\Hasbro Sports\\Grand Prix 3\\GP3.exe"="C:\\Program Files\\Hasbro Sports\\Grand Prix 3\\GP3.exe:*:Enabled:GP3"
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Arquivos de programas\\Cedro Market & Finances\\Cedro Lite\\zebedee\\tunnelcedro.exe"="C:\\Arquivos de programas\\Cedro Market & Finances\\Cedro Lite\\zebedee\\tunnelcedro.exe:*:Enabled:Tunnel Cedro"
"D:\\Jogos\\Bohemia Interactive\\ArmA Demo\\ArmADemo.exe"="D:\\Jogos\\Bohemia Interactive\\ArmA Demo\\ArmADemo.exe:*:Enabled:ArmA"
"C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"="C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe:*:Enabled:ArmA Demo"
"C:\\Arquivos de programas\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Arquivos de programas\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\\Arquivos de Programas\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="D:\\Arquivos de Programas\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Arquivos de programas\\Mozilla Firefox\\FIREFOX.EXE"="C:\\Arquivos de programas\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Firefox"
"C:\\Arquivos de programas\\Avant Browser\\avant.exe"="C:\\Arquivos de programas\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjPSWX.EXE"="C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjPSWX.EXE:*:Enabled: "
"C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjjswx.exe"="C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjjswx.exe:*:Enabled: "
"C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDJtime.exe"="C:\\KILLWIN\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDJtime.exe:*:Enabled: "
"D:\\Arquivos de Programas\\DreMule\\emule.exe"="D:\\Arquivos de Programas\\DreMule\\emule.exe:*:Enabled:Dreamule"
"C:\\Arquivos de programas\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Arquivos de programas\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.KILLWIN
APPDATA=C:\Documents and Settings\Marcos.CASA\Dados de aplicativos
CLASSPATH=.;C:\Arquivos de programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=CASA
ComSpec=C:\KILLWIN\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Marcos.CASA
LOGONSERVER=\\CASA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\KILLWIN\system32;C:\KILLWIN;C:\KILLWIN\system32\wbem;C:\Arquivos de programas\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
QTJAVA=C:\Arquivos de programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\KILLWIN
TEMP=C:\DOCUME~1\MARCOS~1.CAS\CONFIG~1\Temp
TMP=C:\DOCUME~1\MARCOS~1.CAS\CONFIG~1\Temp
USERDOMAIN=CASA
USERNAME=Marcos
USERPROFILE=C:\Documents and Settings\Marcos.CASA
windir=C:\KILLWIN


-- User Profiles ---------------------------------------------------------------

Marcos.CASA (admin)
Gamer


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\KILLWIN\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Arquivos de programas\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX --> C:\KILLWIN\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\KILLWIN\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 - Português --> MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A80000000000}
AdVantage (Powering DAEMON Tools) --> "C:\Arquivos de programas\AdVantage\AdVUninst.exe" /r DAEM /d "AdVantage (Powering DAEMON Tools)" /m "AdVantage is safe advertising software that supports Freeze.com.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for DAEMON Tools?"
AMP Font Viewer --> "C:\Arquivos de programas\AMP Font Viewer\uninstall.exe"
Ap PDF Split/Merge --> "C:\Arquivos de programas\AdultPDF\Ap PDF Split-Merge\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arquivo do WinRAR --> C:\Arquivos de programas\WinRAR\uninstall.exe
ATI - Software Uninstall Utility --> C:\Arquivos de programas\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\KILLWIN\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
µTorrent --> "C:\Arquivos de programas\uTorrent\uTorrent.exe" /UNINSTALL
Atualização de segurança para Step by Step Interactive Training (KB923723) --> "C:\KILLWIN\$NtUninstallKB923723$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB890046) --> "C:\KILLWIN\$NtUninstallKB890046$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB893756) --> "C:\KILLWIN\$NtUninstallKB893756$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896358) --> "C:\KILLWIN\$NtUninstallKB896358$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896423) --> "C:\KILLWIN\$NtUninstallKB896423$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896428) --> "C:\KILLWIN\$NtUninstallKB896428$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899587) --> "C:\KILLWIN\$NtUninstallKB899587$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899589) --> "C:\KILLWIN\$NtUninstallKB899589$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899591) --> "C:\KILLWIN\$NtUninstallKB899591$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB900725) --> "C:\KILLWIN\$NtUninstallKB900725$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901017) --> "C:\KILLWIN\$NtUninstallKB901017$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901190) --> "C:\KILLWIN\$NtUninstallKB901190$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901214) --> "C:\KILLWIN\$NtUninstallKB901214$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB902400) --> "C:\KILLWIN\$NtUninstallKB902400$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB904706) --> "C:\KILLWIN\$NtUninstallKB904706$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905414) --> "C:\KILLWIN\$NtUninstallKB905414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905749) --> "C:\KILLWIN\$NtUninstallKB905749$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB908519) --> "C:\KILLWIN\$NtUninstallKB908519$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911562) --> "C:\KILLWIN\$NtUninstallKB911562$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911927) --> "C:\KILLWIN\$NtUninstallKB911927$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB913580) --> "C:\KILLWIN\$NtUninstallKB913580$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914388) --> "C:\KILLWIN\$NtUninstallKB914388$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914389) --> "C:\KILLWIN\$NtUninstallKB914389$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917422) --> "C:\KILLWIN\$NtUninstallKB917422$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917537) --> "C:\KILLWIN\$NtUninstallKB917537$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917953) --> "C:\KILLWIN\$NtUninstallKB917953$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918118) --> "C:\KILLWIN\$NtUninstallKB918118$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918439) --> "C:\KILLWIN\$NtUninstallKB918439$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB919007) --> "C:\KILLWIN\$NtUninstallKB919007$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920213) --> "C:\KILLWIN\$NtUninstallKB920213$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920670) --> "C:\KILLWIN\$NtUninstallKB920670$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920683) --> "C:\KILLWIN\$NtUninstallKB920683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920685) --> "C:\KILLWIN\$NtUninstallKB920685$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB922819) --> "C:\KILLWIN\$NtUninstallKB922819$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923191) --> "C:\KILLWIN\$NtUninstallKB923191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923414) --> "C:\KILLWIN\$NtUninstallKB923414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923980) --> "C:\KILLWIN\$NtUninstallKB923980$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924270) --> "C:\KILLWIN\$NtUninstallKB924270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924496) --> "C:\KILLWIN\$NtUninstallKB924496$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924667) --> "C:\KILLWIN\$NtUninstallKB924667$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB925902) --> "C:\KILLWIN\$NtUninstallKB925902$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926255) --> "C:\KILLWIN\$NtUninstallKB926255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926436) --> "C:\KILLWIN\$NtUninstallKB926436$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927779) --> "C:\KILLWIN\$NtUninstallKB927779$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927802) --> "C:\KILLWIN\$NtUninstallKB927802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928255) --> "C:\KILLWIN\$NtUninstallKB928255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928843) --> "C:\KILLWIN\$NtUninstallKB928843$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929123) --> "C:\KILLWIN\$NtUninstallKB929123$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929969) --> "C:\KILLWIN\$NtUninstallKB929969$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB930178) --> "C:\KILLWIN\$NtUninstallKB930178$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931261) --> "C:\KILLWIN\$NtUninstallKB931261$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931784) --> "C:\KILLWIN\$NtUninstallKB931784$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB932168) --> "C:\KILLWIN\$NtUninstallKB932168$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB933566) --> "C:\KILLWIN\$NtUninstallKB933566$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935839) --> "C:\KILLWIN\$NtUninstallKB935839$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935840) --> "C:\KILLWIN\$NtUninstallKB935840$\spuninst\spuninst.exe"
Atualização para Windows XP (KB908531) --> "C:\KILLWIN\$NtUninstallKB908531$\spuninst\spuninst.exe"
Atualização para Windows XP (KB911280) --> "C:\KILLWIN\$NtUninstallKB911280$\spuninst\spuninst.exe"
Atualização para Windows XP (KB922582) --> "C:\KILLWIN\$NtUninstallKB922582$\spuninst\spuninst.exe"
Atualização para Windows XP (KB925720) --> "C:\KILLWIN\$NtUninstallKB925720$\spuninst\spuninst.exe"
Avant Browser (remove only) --> "C:\Arquivos de programas\Avant Browser\uninst.exe"
avast! Antivirus --> C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Rootkit Free --> C:\Arquivos de programas\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Bink and Smacker --> C:\ARQUIV~1\RADVIDEO\UNWISE.EXE C:\ARQUIV~1\RADVIDEO\INSTALL.LOG
Camtasia Studio --> C:\Arquivos de programas\TechSmith\Camtasia Studio\CSuninst.EXE
Camtasia Studio 5 --> MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
CCleaner (remove only) --> "C:\Arquivos de programas\CCleaner\uninst.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Collins COBUILD Student's Dictionary Plus Grammar --> D:\Arquivos de ProgramasSetup.exe /u
CPV --> cmd /C regsvr32 /u /s "C:\Arquivos de programas\CPV\CPV8.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Arquivos de programas\CPV\"" /f
CPV --> cmd /C regsvr32 /u /s "C:\Arquivos de programas\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Arquivos de programas\Spcron\"" /f
Creative DVD Audio Plugin for Audigy Series --> "C:\Arquivos de programas\Creative\CTDPlugin\CTUIDVD.exe " -u
DivX Codec --> C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Arquivos de programas\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER
Dreamule 3.1 --> "D:\Arquivos de programas\DreMule\unins000.exe"
Easy Video Downloader v. 1.4.2 --> "C:\Arquivos de programas\Easy Video Downloader\unins000.exe"
ffdshow (remove only) --> "C:\Arquivos de programas\ffdshow\uninstall.exe"
HijackThis 2.0.2 --> "C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Indeo® XP Software --> C:\KILLWIN\IsUninst.exe -f"C:\Arquivos de programas\Ligos\Indeo\UninstXP.isu"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 7 --> "C:\Arquivos de programas\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Juice 2.2 --> C:\Arquivos de programas\Juice\uninst.exe
Kaspersky Online Scanner --> C:\KILLWIN\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
L&H TTS3000 Português (Brasil) --> RunDll32 advpack.dll,LaunchINFSection C:\KILLWIN\INF\LHTTSPTB.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\KILLWIN\INF\tv_enua.inf, Uninstall
Lexmark 1400 Series --> C:\Arquivos de programas\Lexmark 1400 Series\Install\x86\Uninst.exe
Lexmark Barra de ferramentas --> regsvr32.exe /s /u "C:\Arquivos de programas\Lexmark Toolbar\toolband.dll"
Lizardtech DjVu Control --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
macProVideo.com NED Player --> rundll32.exe dfshim.dll,ShArpMaintain N.E.D.application, Culture=neutral, PublicKeyToken=005606cf17769243, processorArchitecture=x86
Magic ISO Maker v5.4 (build 0251) --> C:\ARQUIV~1\MAGICISO\UNWISE.EXE C:\ARQUIV~1\MAGICISO\INSTALL.LOG
Marketiva --> C:\Arquivos de programas\Novativa Streamster\Uninstall.exe
Megaupload Toolbar --> C:\Arquivos de programas\MegauploadToolbar\uninstall.exe
Metastock Expresso e-Book --> C:\Arquivos de programas\Metastock Expresso e-Book\uninstall.exe
MetaTrader 4.00 --> "C:\Arquivos de programas\MetaTrader - North Finance\Uninstall.exe" "C:\Arquivos de programas\MetaTrader - North Finance\install.log"
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Miro --> C:\Arquivos de programas\Participatory Culture Foundation\Miro\uninstall.exe
Mozilla Firefox (2.0.0.12) --> C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.14) --> C:\Arquivos de programas\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.14 (pt-BR)"
MP3 WAV Converter 3.18 --> C:\ARQUIV~1\MP3WAV~1\UNWISE.EXE C:\ARQUIV~1\MP3WAV~1\INSTALL.LOG
MPEG Video Wizard DVD --> C:\ARQUIV~1\WOMBLE~1\MPEGVI~1\UNWISE.EXE C:\ARQUIV~1\WOMBLE~1\MPEGVI~1\INSTALL.LOG
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\KILLWIN\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
ObjectDock --> C:\ARQUIV~1\STARDOCK\OBJECT~1\UNWISE.EXE C:\ARQUIV~1\STARDOCK\OBJECT~1\INSTALL.LOG
PaltalkScene --> "C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Arquivos de programas\Paltalk Messenger\irunin.xml"
passFIRSTDemo 1.0.2 --> "C:\Arquivos de programas\passFIRST-Certificate-Demo\unins000.exe"
PersonalBrain 3.0 --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{C2879E92-99EF-41B4-9537-E289567E9799}\Setup.exe" -l0x9
PersonalBrain 4.0.3.1 --> C:\Arquivos de programas\PersonalBrain\uninstall.exe
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
QuienNoAdmitido --> C:\ARQUIV~1\QUIENN~1\UNWISE.EXE C:\ARQUIV~1\QUIENN~1\INSTALL.LOG
RealPlayer --> C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RootKit Hook Analyzer 3.02 --> "C:\Arquivos de programas\RootKit Hook Analyzer\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sothink SWF Decompiler --> "C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\unins000.exe"
SpeedRunner --> C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SRUninstall.exe
Svconr --> "C:\Arquivos de programas\Svconr\Svconr.exe" -uninstall
Trader Gráfico 2.1.81 --> "C:\Documents and Settings\Marcos.CASA\Meus documentos\Trader Grafico\unins000.exe"
Universal Document Converter --> "C:\Arquivos de programas\Universal Document Converter\unins000.exe"
Winamp --> "C:\Arquivos de programas\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}
Windows WMF Metafile Vulnerability HotFix 1.4 --> "C:\Arquivos de programas\WindowsMetafileFix\unins000.exe"
WinTouch --> C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WTUninstaller.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\KILLWIN\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\KILLWIN\system32\regsvr32 /u C:\ARQUIV~1\YAHOO!\Common\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type2448 / Error
Event Submitted/Written: 05/22/2008 06:28:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicativo com falha firefox.exe, versão 1.8.20080.40413, módulo com falha , versão 0.0.0.0, endereço com falha 0x00000000.
Processando evento específico de mídia para [firefox.exe!ws!]

Event Record #/Type2444 / Error
Event Submitted/Written: 05/22/2008 10:17:02 AM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicativo com falha iexplore.exe, versão 6.0.2900.2180, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x04dec85d.
Processando evento específico de mídia para [iexplore.exe!ws!]

Event Record #/Type2443 / Error
Event Submitted/Written: 05/22/2008 09:14:16 AM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicativo com falha iexplore.exe, versão 6.0.2900.2180, módulo com falha , versão 0.0.0.0, endereço com falha 0x00000000.
Processando evento específico de mídia para [iexplore.exe!ws!]

Event Record #/Type2438 / Error
Event Submitted/Written: 05/22/2008 07:26:41 AM
Event ID/Source: 1000 / Microsoft Office 12
Event Description:
Faulting application onenote.exe, version 12.0.4518.1014, stamp 4542816b, faulting module onenote.exe, version 12.0.4518.1014, stamp 4542816b, debug? 0, fault address 0x00004140.

Event Record #/Type2435 / Error
Event Submitted/Written: 05/21/2008 11:21:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicativo com falha firefox.exe, versão 1.8.20080.40413, módulo com falha js3250.dll, versão 4.0.0.0, endereço com falha 0x0001f9f9.
Processando evento específico de mídia para [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14125 / Warning
Event Submitted/Written: 05/22/2008 06:40:33 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.

Event Record #/Type14124 / Warning
Event Submitted/Written: 05/22/2008 06:13:13 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.

Event Record #/Type14123 / Warning
Event Submitted/Written: 05/22/2008 05:36:46 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.

Event Record #/Type14104 / Error
Event Submitted/Written: 05/22/2008 05:24:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Não foi possível iniciar o serviço lxdjCATSCustConnectService devido ao seguinte erro:
%%1053

Event Record #/Type14103 / Error
Event Submitted/Written: 05/22/2008 05:24:55 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Tempo limite (30000 milissegundos) de espera para que o serviço lxdjCATSCustConnectService se conecte.



-- End of Deckard's System Scanner: finished at 2008-05-22 19:55:05 ------------


Thanks for you collaboration.
Marcos
  • 0

#6
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK Marcos,

Lets see if we can go about this a different way.

I need you to run a small registry script to clean up some entries. Please copy the entire contents of the codebox below into Notepad:
  • Open Notepad
  • Copy the contents of the codebox below using CTRL C

REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedRunner"=-
"SfKg6wIP"=-
"SfKg6w"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
  • Now return to Notepad and use CTRL V to paste the script
  • Verify that you have pasted the complete script
  • Save the Notepad file to your Desktop as FixReg.reg using Save as Type: All files
  • Locate FixReg.reg on your desktop
  • Double click to run, and when prompted Allow the file to merge with your registry
  • OK your way out.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Arquivos de programas\JavaCore\JavaCore.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SpeedRunner.exe
C:\Arquivos de programas\Svconr\Svconr.exe
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\tncqdc.exe
C:\Arquivos de programas\Spcron\Spcron.dll
C:\KILLWIN\system32\rVCPj3C2.exe
C:\KILLWIN\system32\V752Nw5c.exe
C:\KILLWIN\mrofinu1395.exe
C:\Arquivos de programas\.autoreg
C:\KILLWIN\system32\1.exe
C:\KILLWIN\b157.exe
C:\KILLWIN\b138.exe
C:\FOUND.156
C:\FOUND.155
C:\FOUND.154
C:\FOUND.153
C:\FOUND.152
C:\FOUND.151
C:\FOUND.150
C:\FOUND.149
C:\FOUND.148
C:\FOUND.147
C:\FOUND.146
C:\FOUND.145
C:\FOUND.144
C:\FOUND.143
C:\FOUND.142
C:\FOUND.141
C:\Combo-Fix
C:\SDFix
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner
C:\Arquivos de programas\Spcron


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad, and copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Save the Notepad file to your Desktop as OTM.txt.
  • Close OTMoveIt
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please include the contents of OTM.txt in your next reply along with a fresh DSS log.

Regards,
RatHat.
  • 0

#7
marcos.rj

marcos.rj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi RatHat,

Here's OTM.txt :

C:\Arquivos de programas\JavaCore\JavaCore.exe moved successfully.
File move failed. C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SpeedRunner.exe scheduled to be moved on reboot.
C:\Arquivos de programas\Svconr\Svconr.exe moved successfully.
File move failed. C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\tncqdc.exe scheduled to be moved on reboot.
C:\Arquivos de programas\Spcron\Spcron.dll unregistered successfully.
C:\Arquivos de programas\Spcron\Spcron.dll moved successfully.
C:\KILLWIN\system32\rVCPj3C2.exe moved successfully.
C:\KILLWIN\system32\V752Nw5c.exe moved successfully.
C:\KILLWIN\mrofinu1395.exe moved successfully.
C:\Arquivos de programas\.autoreg moved successfully.
C:\KILLWIN\system32\1.exe moved successfully.
C:\KILLWIN\b157.exe moved successfully.
C:\KILLWIN\b138.exe moved successfully.
C:\FOUND.156 moved successfully.
C:\FOUND.155 moved successfully.
C:\FOUND.154 moved successfully.
C:\FOUND.153 moved successfully.
C:\FOUND.152 moved successfully.
C:\FOUND.151 moved successfully.
C:\FOUND.150 moved successfully.
C:\FOUND.149 moved successfully.
C:\FOUND.148 moved successfully.
C:\FOUND.147 moved successfully.
C:\FOUND.146 moved successfully.
C:\FOUND.145 moved successfully.
C:\FOUND.144 moved successfully.
C:\FOUND.143 moved successfully.
C:\FOUND.142 moved successfully.
C:\FOUND.141 moved successfully.
C:\Combo-Fix\test moved successfully.
C:\Combo-Fix moved successfully.
C:\SDFix\apps\Replace\xp moved successfully.
C:\SDFix\apps\Replace\w2k moved successfully.
C:\SDFix\apps\Replace moved successfully.
C:\SDFix\apps moved successfully.
C:\SDFix moved successfully.
Folder move failed. C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner scheduled to be moved on reboot.
C:\Arquivos de programas\Spcron moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05232008_081455

Files moved on Reboot...
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe moved successfully.
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner\SpeedRunner.exe moved successfully.
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Microsoft\Windows\tncqdc.exe moved successfully.
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch moved successfully.
C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SpeedRunner moved successfully.
  • 0

#8
marcos.rj

marcos.rj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
And here's a DSS fresh log:

Deckard's System Scanner v20071014.68
Run by Marcos on 2008-05-23 08:34:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Marcos.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:34, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\KILLWIN\System32\smss.exe
C:\KILLWIN\system32\csrss.exe
C:\KILLWIN\system32\winlogon.exe
C:\KILLWIN\system32\services.exe
C:\KILLWIN\system32\lsass.exe
C:\KILLWIN\system32\svchost.exe
C:\KILLWIN\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\KILLWIN\system32\spoolsv.exe
C:\KILLWIN\system32\lxdjcoms.exe
C:\KILLWIN\system32\UAService7.exe
C:\KILLWIN\Explorer.EXE
C:\KILLWIN\system32\wuauclt.exe
C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\setup.exe
C:\KILLWIN\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\AdVantage\AdVantage.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
C:\KILLWIN\system32\NOTEPAD.EXE
C:\Documents and Settings\Marcos.CASA\Desktop\dss.exe
C:\ARQUIV~1\TRENDM~1\HIJACK~1\Marcos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll
O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [lxdjamon] "C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UDC Integration] C:\ARQUIV~1\UNIVER~1\getstart.exe "C:\Arquivos de programas\Universal Document Converter" -silent -default -noshowmanual
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Setup] C:\Program Files\Common Files\setup.exe -cleaning
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [JavaCore] C:\Arquivos de programas\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\KILLWIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Twain] C:\Arquivos de programas\Twain\Twain.exe
O4 - HKCU\..\Run: [Svconr] C:\Arquivos de programas\Svconr\Svconr.exe
O4 - HKCU\..\Run: [Steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\KILLWIN\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PersonalBrain 4.lnk = C:\Arquivos de programas\PersonalBrain\PersonalBrainS.exe
O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa...cab/gbpdist.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\KILLWIN\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\KILLWIN\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\KILLWIN\system32\lxdjcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\KILLWIN\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\KILLWIN\system32\UAService7.exe

--
End of file - 9452 bytes

-- Files created between 2008-04-23 and 2008-05-23 -----------------------------

2008-05-22 07:57:35 0 d-------- C:\Arquivos de programas\Trend Micro
2008-05-21 20:09:03 0 d-------- C:\Arquivos de programas\Yahoo!
2008-05-20 11:25:09 0 d-------- C:\fsaua.data
2008-05-20 10:55:10 68096 --a------ C:\KILLWIN\zip.exe
2008-05-20 10:55:10 49152 --a------ C:\KILLWIN\VFind.exe
2008-05-20 10:55:10 212480 --a------ C:\KILLWIN\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-20 10:55:10 136704 --a------ C:\KILLWIN\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-20 10:55:10 161792 --a------ C:\KILLWIN\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-20 10:55:10 98816 --a------ C:\KILLWIN\sed.exe
2008-05-20 10:55:10 80412 --a------ C:\KILLWIN\grep.exe
2008-05-20 10:55:10 89504 --a------ C:\KILLWIN\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-20 10:38:43 0 d-------- C:\Arquivos de programas\Participatory Culture Foundation
2008-05-20 10:02:31 0 d-------- C:\Arquivos de programas\PersonalBrain
2008-05-20 09:48:43 0 d-------- C:\My Brains
2008-05-20 09:47:53 0 d-------- C:\Arquivos de programas\TheBrain
2008-05-20 08:36:36 0 d-------- C:\KILLWIN\system32\QuickTime
2008-05-20 08:25:36 5632 --a------ C:\KILLWIN\system32\udcpm.dll <Not Verified; fCoder Group, Inc.; Universal Document Converter>
2008-05-20 08:25:34 0 d-------- C:\UDC Snapshots
2008-05-20 08:25:33 0 d-------- C:\Arquivos de programas\Universal Document Converter
2008-05-20 08:05:26 0 d-------- C:\lotuspro
2008-05-20 07:57:15 0 d-------- C:\Arquivos de programas\Arquivos comuns\TechSmith Shared
2008-05-20 07:57:12 0 d-------- C:\Arquivos de programas\TechSmith
2008-05-19 13:39:38 10240 --a------ C:\KILLWIN\system32\MVut14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 50688 --a------ C:\KILLWIN\system32\MVtl14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 51200 --a------ C:\KILLWIN\system32\MVsr14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 32768 --a------ C:\KILLWIN\system32\MVmg14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 73728 --a------ C:\KILLWIN\system32\MVmc14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 68608 --a------ C:\KILLWIN\system32\MVix14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 56320 --a------ C:\KILLWIN\system32\MVfs14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 112128 --a------ C:\KILLWIN\system32\MVcl14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 25600 --a------ C:\KILLWIN\system32\MVbk14n.dll <Not Verified; Microsoft Corporation; Microsoft Media View>
2008-05-19 13:39:38 0 d-------- C:\KILLWIN\Epa
2008-05-18 23:05:26 0 d-------- C:\Arquivos de programas\Alwil Software
2008-05-18 23:04:09 0 d-------- C:\Arquivos de programas\RootKit Hook Analyzer
2008-05-18 22:56:17 3584 --a------ C:\KILLWIN\system32\wmfhotfix.dll
2008-05-18 22:56:17 0 d-------- C:\Arquivos de programas\WindowsMetafileFix
2008-05-18 20:46:21 0 d-------- C:\Arquivos de programas\CCleaner
2008-05-18 19:35:48 0 d-------- C:\Arquivos de programas\Arquivos comuns\Panda Software
2008-05-17 20:41:10 0 d-------- C:\KILLWIN\system32\Kaspersky Lab
2008-05-13 16:43:02 126976 --a------ C:\KILLWIN\system32\UAService7.exe
2008-05-13 05:12:50 53248 --a------ C:\KILLWIN\system32\oml.dll
2008-05-13 04:21:13 0 d-------- C:\Arquivos de programas\Metastock Expresso e-Book
2008-05-05 15:27:37 0 d-------- C:\Arquivos de programas\Svconr
2008-05-02 09:25:45 0 d-------- C:\Arquivos de programas\AMP Font Viewer
2008-05-01 09:40:16 68608 --a------ C:\KILLWIN\b155.exe
2008-04-28 13:17:41 0 d-------- C:\Arquivos de programas\Arquivos comuns\SourceTec
2008-04-28 13:17:37 0 d-------- C:\Arquivos de programas\SourceTec
2008-04-26 07:14:57 33280 --a------ C:\KILLWIN\system32\nRXLf3X2.dll
2008-04-24 18:44:20 73728 --a------ C:\KILLWIN\b156.exe
2008-04-24 04:39:34 0 d-------- C:\Arquivos de programas\Juice
2008-04-24 02:47:08 0 d-------- C:\Arquivos de programas\MagicISO
2008-04-24 02:44:59 0 d-------- C:\Arquivos de programas\MagicISO Maker v5 4


-- Find3M Report ---------------------------------------------------------------

2008-05-22 07:10:16 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\PCF-VLC
2008-05-20 10:39:20 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Participatory Culture Foundation
2008-05-20 10:03:34 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\PersonalBrain
2008-05-19 17:54:42 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Audacity
2008-05-13 16:43:08 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\SecuROM
2008-05-13 01:23:36 4563 --a------ C:\KILLWIN\mozver.dat
2008-04-24 04:39:46 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\iPodder
2008-04-22 05:07:10 0 d-------- C:\Arquivos de programas\Stardock
2008-04-22 05:07:10 0 d-------- C:\Arquivos de programas\Arquivos comuns\Stardock
2008-04-19 20:53:44 0 d-------- C:\Arquivos de programas\Inet_Get_2
2008-04-19 20:43:52 0 d-------- C:\Arquivos de programas\JavaCore
2008-04-19 20:43:52 0 d-------- C:\Arquivos de programas\InetGet2
2008-04-19 20:33:46 0 d-------- C:\Arquivos de programas\Temporary
2008-04-15 16:35:08 55596 --a------ C:\KILLWIN\system32\AnalFTP2.exe
2008-04-14 15:26:02 0 d-------- C:\Arquivos de programas\GbPlugin
2008-04-13 05:37:00 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\MegauploadToolbar
2008-04-13 05:37:00 0 d-------- C:\Arquivos de programas\MegauploadToolbar
2008-04-12 22:01:56 0 d-------- C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\Lexmark Productivity Studio
2008-04-06 23:45:38 0 d-------- C:\Arquivos de programas\passFIRST-Certificate-Demo
2008-03-30 21:54:26 0 d-------- C:\Arquivos de programas\QuienNoAdmitido
2008-03-23 06:07:04 0 d-------- C:\Arquivos de programas\SopCast
2008-03-23 06:04:44 0 d-------- C:\Arquivos de programas\MegaCubo
2008-03-04 16:32:28 105984 --a------ C:\KILLWIN\b152.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdjamon"="C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 08:19]
"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-18 23:06]
"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-12-20 13:16]
"UDC Integration"="C:\ARQUIV~1\UNIVER~1\getstart.exe" [2006-02-06 19:00]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Setup"="C:\Program Files\Common Files\setup.exe" [2008-02-19 05:30]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41]
"nwiz"="nwiz.exe" [2002-01-15 05:06 C:\KILLWIN\system32\nwiz.exe]
"NvCplDaemon"="NvQTwk" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaCore"="C:\Arquivos de programas\\JavaCore\\JavaCore.exe" []
"ctfmon.exe"="C:\KILLWIN\system32\ctfmon.exe" [2004-08-04 00:45]
"WinTouch"="C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe" []
"Twain"="C:\Arquivos de programas\Twain\Twain.exe" []
"Svconr"="C:\Arquivos de programas\Svconr\Svconr.exe" []
"Steam"="C:\Arquivos de programas\Steam\Steam.exe" []
"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-06-08 15:18]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-01-17 14:51]
"AdVantage"="C:\Arquivos de programas\AdVantage\AdVantage.exe" [2007-11-05 11:12]

C:\Documents and Settings\Marcos.CASA\Menu Iniciar\Programas\Inicializar\
Stardock ObjectDock.lnk - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2008-04-22 05:07:27]
Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
PersonalBrain 4.lnk - C:\Arquivos de programas\PersonalBrain\PersonalBrainS.exe [2008-05-20 10:02:37]

C:\Documents and Settings\All Users.KILLWIN\Menu Iniciar\Programas\Inicializar\
PalTalk.lnk - C:\Arquivos de programas\Paltalk Messenger\paltalk.exe [2008-05-08 19:17:29]
InterVideo WinCinema Manager.lnk - C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-08-04 17:17:11]
Adobe Reader Synchronizer.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-03-05 11:29 341576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2008-03-05 11:29 341576 C:\Arquivos de programas\GbPlugin\gbiehcef.dll




-- End of Deckard's System Scanner: finished at 2008-05-23 08:34:43 ------------
  • 0

#9
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Good! Now lets see if we can run Combofix.

Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Regards,
RatHat
  • 0

#10
marcos.rj

marcos.rj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
No luck with ComboFix yet. I did everything right but the computer keeps crashing, I think at the moment it's supposed to produce the log.

Regards,

Marcos
  • 0

Advertisements


#11
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, have a look in your C: drive to see if combofix left a text file there called Combofix.txt, if it did, post that for me.

Now lets try a different approach:

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the box that says Include MD5
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the Radio button under Drivers for Non Microsoft
  • Check the radio button under Rootkit Search for Yes
  • Under Additional Scans check the following:
    • Reg - ControlSets
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - File Associations
    • Reg - Uninstall List
    • Reg - WOW Settings
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Regards,
RatHat
  • 0

#12
marcos.rj

marcos.rj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Spot on, RatHat. I just hadnt noticed combofix.txt was right into C:\ComboFix.

Here's the log :

ComboFix 08-05-21.3 - Marcos 2008-05-23 14:46:24.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1149 [GMT -3:00]
Executando de: C:\Documents and Settings\Marcos.CASA\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Do you still want me to do the OTScanIt.exe scan ?


Regards,

Marcos
  • 0

#13
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Yes please. Combofix did not run properly so lets go for the different approach.

Regards,
RatHat
  • 0

#14
marcos.rj

marcos.rj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Oh , man... The file is nearly 4Mb so it won't upload. Do you want me to post it into as many blocks as necessary ? I'll try to with the help of the 'preview post' option. I'll just post a block of text that can be previewed entirely, ok ?



[code=auto:0]
OTScanIt logfile created on: 2008-05-23 23:02:24
OTScanIt by OldTimer - Version 1.0.14.3 Folder = C:\Documents and Settings\Marcos.CASA\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

1.50 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 68.41% Memory free
3.35 Gb Paging File | 2.31 Gb Available in Paging File | 69.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 3301;

%SystemDrive% = C: | %SystemRoot% = C:\KILLWIN | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 28.61 Gb Total Space | 4.77 Gb Free Space | 16.68% Space Free | Partition Type: FAT32
Drive D: | 149.04 Gb Total Space | 0.51 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASA
Current User Name: Marcos
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
gbpsv.exe -> %SystemDrive%\ARQUIV~1\GbPlugin\GbpSv.exe -> Unable to obtain MD5 | [Ver = 2,1,4,1 | Size = 50760 bytes | Modified Date = 2008-03-05 11:26:36 | Attr = ]
lxdjcoms.exe -> %SystemRoot%\system32\lxdjcoms.exe -> MD5 = 76B255EC66E5A60BDA711637088EC49C | [Ver = 1.62.50.0 | Size = 537520 bytes | Modified Date = 2007-06-11 11:18:00 | Attr = ]
uaservice7.exe -> %SystemRoot%\system32\UAService7.exe -> MD5 = 7D0340167260531926F99EFCE293E393 | [Ver = | Size = 126976 bytes | Modified Date = 2008-05-13 16:43:04 | Attr = ]
rvcpj3c2.exe -> %SystemRoot%\system32\rVCPj3C2.exe -> MD5 = CA1BDDF756EBBA3E4FDC605A0A56CA04 | [Ver = | Size = 30722 bytes | Modified Date = 2008-05-23 21:15:12 | Attr = ]
lxdjamon.exe -> %ProgramFiles%\Lexmark 1400 Series\lxdjamon.exe -> MD5 = 7919769F265843BF3CAAC86EE69CD351 | [Ver = 1.0.2676.13196 | Size = 20480 bytes | Modified Date = 2007-04-30 08:19:54 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> MD5 = D4F0F7437327DBAA264338BAAFB5E5AF | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:36 | Attr = ]
setup.exe -> %SystemDrive%\Program Files\Common Files\setup.exe -> MD5 = 22A57104DAE60EEFD2FD09A302357666 | [Ver = | Size = 14078464 bytes | Modified Date = 2008-02-19 05:30:34 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> MD5 = D81E756290BBB2433E7507A206B550E7 | OldTimer Tools [Ver = 1.0.14.3 | Size = 374272 bytes | Modified Date = 2008-05-23 11:55:32 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> MD5 = DC35EA2A1D8120981D8C8070C5016E68 | ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 2008-05-18 23:06:10 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Ati2evxx.exe -> MD5 = 3E47191DDAFFCDD9B28CBC50FB6499B5 | ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 2007-12-21 00:57:28 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> MD5 = 096C9955485F2B3F910F4C503C318D74 | [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 2007-12-20 21:05:00 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> MD5 = 187505A4278FFEB6C7DA7ED8C7FAD694 | ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 2008-05-18 23:06:10 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> MD5 = 930B6B778B5B319BD49B59F046D0C1B1 | ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 2008-05-18 23:06:10 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> MD5 = 45F0D426C3DDEB2656370709201D4E09 | ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 2008-05-18 23:06:10 | Attr = ]
(dmadmin) Serviço administrativo do gerenciador de disco lógico [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> MD5 = 67B163C435A72974D711B6B7D50FA033 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-04 03:45:32 | Attr = ]
(GbpSv) Gbp Service [Win32_Own | Unknown | Running] -> -> File not found
(lxdjCATSCustConnectService) lxdjCATSCustConnectService [Win32_Own | Auto | Stopped] -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe -> MD5 = 3BF06CE0E9870F1FF72E30F62DC7DD83 | Lexmark International, Inc. [Ver = 1.42.0.22 | Size = 99248 bytes | Modified Date = 2007-06-11 11:17:46 | Attr = ]
(lxdj_device) lxdj_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lxdjcoms.exe -> MD5 = 76B255EC66E5A60BDA711637088EC49C | [Ver = 1.62.50.0 | Size = 537520 bytes | Modified Date = 2007-06-11 11:18:00 | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 6A761D7375911067A1CAA819C0582719 | NVIDIA Corporation [Ver = 6.13.10.2720 | Size = 57344 bytes | Modified Date = 2002-01-15 05:06:36 | Attr = R ]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %SystemRoot%\system32\UAService7.exe -> MD5 = 7D0340167260531926F99EFCE293E393 | [Ver = | Size = 126976 bytes | Modified Date = 2008-05-13 16:43:04 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> MD5 = 2073F856019A2BB1F774F73B34DC2944 | ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 2008-05-15 20:13:26 | Attr = ]
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\DRIVERS\aswFsBlk.sys -> MD5 = 922C09ED986C31D6D4445DC937465103 | ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 2008-05-15 20:16:06 | Attr = ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> MD5 = 5CA5502142EF80D799EB407B4ED47BC6 | ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 2008-05-15 20:18:34 | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\aswRdr.sys -> MD5 = 52E2059219AADF5C896FF2364B88B4BD | ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 2008-05-15 20:15:30 | Attr = ]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> MD5 = 96B9EACA31846BE3B780B19024DCEBCF | ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 2008-05-15 20:20:32 | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> MD5 = 37EDFCCE12C2B46E11C9F98F36564981 | ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 2008-05-15 20:14:12 | Attr = ]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ati2mtag.sys -> MD5 = E51AA5ADF535C847072C0AED3E642912 | ATI Technologies Inc. [Ver = 6.14.10.6764 | Size = 2843136 bytes | Modified Date = 2007-12-21 01:53:22 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> MD5 = EE1E26656D60B8ADE14A058A56EBD5F7 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 2004-08-04 03:39:24 | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> MD5 = 29A6D15F8D2F1D9A5C7E0EF594A0DCC4 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153984 bytes | Modified Date = 2004-08-04 03:39:26 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> MD5 = E9317282A63CA4D188C0DF5E09C6AC5F | Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2001-10-28 15:06:18 | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> MD5 = 633C9C5BE1E4A42482A2D7F793E9119A | NVIDIA Corporation [Ver = 6.13.10.2720 | Size = 870029 bytes | Modified Date = 2002-01-15 05:06:36 | Attr = R ]
(nvax) Service for NVIDIA® nForce™ Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> MD5 = 755E5091C369D66C04526FD265452491 | NVIDIA Corporation [Ver = 5.10.2841.0 built by: WinDDK | Size = 13056 bytes | Modified Date = 2002-04-11 15:42:00 | Attr = R ]
(NVENET) NVIDIA nForce MCP Networking Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\NVENET.sys -> MD5 = 7DA0882C071C8BF07769DD88233BE52A | NVIDIA Corporation [Ver = 4.14.01.0217 | Size = 94208 bytes | Modified Date = 2001-12-07 12:26:00 | Attr = R ]
(nvnforce) Service for NVIDIA® nForce™ Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> MD5 = 3A27812402F5828DC5A09AEB2427429D | NVIDIA Corporation [Ver = 5.10.2841.0 built by: WinDDK | Size = 192384 bytes | Modified Date = 2002-04-11 15:42:00 | Attr = R ]
(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\nv_agp.sys -> MD5 = 97E6E7DC388AC4D0052EDC375B0E1A0C | NVIDIA Corporation [Ver = 4.12.01.0217 | Size = 13502 bytes | Modified Date = 2001-12-07 12:26:00 | Attr = R ]
(Ptilink) Driver de link paralelo direto [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> MD5 = 80D317BD1C3DBC5D4FE7B1678C60CADD | Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2001-10-28 15:07:22 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> MD5 = D86B4A68565E444D76457F14172C875A | Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2008-02-20 23:05:38 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> MD5 = 07F7F501AD50DE2BA2D5842D9B6D6155 | Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.00.060 | Size = 163644 bytes | Modified Date = 2008-02-19 12:31:40 | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> Unable to obtain MD5 | [Ver = | Size = 716272 bytes | Modified Date = 2008-02-03 16:55:20 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %SystemDrive%\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe] -> MD5 = 2E1D3968CBBF329E50B61B57DD829618 | ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 2008-05-18 23:06:10 | Attr = ]
KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found
lxdjamon -> %ProgramFiles%\Lexmark 1400 Series\lxdjamon.exe ["C:\Arquivos de programas\Lexmark 1400 Series\lxdjamon.exe"] -> MD5 = 7919769F265843BF3CAAC86EE69CD351 | [Ver = 1.0.2676.13196 | Size = 20480 bytes | Modified Date = 2007-04-30 08:19:54 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> MD5 = 1407E5313FA5DD4BF4AA2F3B9F96C517 | NVIDIA Corporation [Ver = 6.13.10.2720 | Size = 299008 bytes | Modified Date = 2002-01-15 05:06:36 | Attr = R ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime] -> MD5 = 7FBE43046EFDF24FC9375024E4D02AC9 | Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 2007-04-27 09:41:54 | Attr = ]
Setup -> %SystemDrive%\Program Files\Common Files\setup.exe [C:\Program Files\Common Files\setup.exe -cleaning] -> MD5 = 22A57104DAE60EEFD2FD09A302357666 | [Ver = | Size = 14078464 bytes | Modified Date = 2008-02-19 05:30:34 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"] -> MD5 = D4F0F7437327DBAA264338BAAFB5E5AF | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:36 | Attr = ]
UDC Integration -> [C:\ARQUIV~1\UNIVER~1\getstart.exe "C:\Arquivos de programas\Universal Document Converter" -silent -default -noshowmanual] -> File not found
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ["C:\Arquivos de programas\Winamp\winampa.exe"] -> MD5 = 725524F7EF2AAEFE4FFDCB1D8C7B7434 | [Ver = | Size = 37376 bytes | Modified Date = 2007-12-20 13:16:24 | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AdVantage -> %ProgramFiles%\AdVantage\AdVantage.exe ["C:\Arquivos de programas\AdVantage\AdVantage.exe"] -> MD5 = 7E857342986176D6864171E5643DB953 | AdVantage [Ver = 1, 0, 1, 13170 | Size = 884176 bytes | Modified Date = 2007-11-05 11:12:10 | Attr = ]
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun] -> MD5 = 4DDC9855F979205414FCD9F7D1D65B7F | DT Soft Ltd [Ver = 4.12.0.0 | Size = 486856 bytes | Modified Date = 2008-01-17 14:51:04 | Attr = ]
JavaCore -> JavaCore.exe [C:\Arquivos de programas\\JavaCore\\JavaCore.exe] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized] -> MD5 = 8E69E5858BB7FDF95D2554CF95323E9C | Skype Technologies S.A. [Ver = 3.2.0.163 | Size = 23233576 bytes | Modified Date = 2007-06-08 15:18:00 | Attr = R ]
Steam -> Steam.exe ["C:\Arquivos de programas\Steam\Steam.exe" -silent] -> File not found
Svconr -> Svconr.exe [C:\Arquivos de programas\Svconr\Svconr.exe] -> File not found
Twain -> Twain.exe [C:\Arquivos de programas\Twain\Twain.exe] -> File not found
WinTouch -> WinTouch.exe [C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AdVantage -> %ProgramFiles%\AdVantage\AdVantage.exe ["C:\Arquivos de programas\AdVantage\AdVantage.exe"] -> MD5 = 7E857342986176D6864171E5643DB953 | AdVantage [Ver = 1, 0, 1, 13170 | Size = 884176 bytes | Modified Date = 2007-11-05 11:12:10 | Attr = ]
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun] -> MD5 = 4DDC9855F979205414FCD9F7D1D65B7F | DT Soft Ltd [Ver = 4.12.0.0 | Size = 486856 bytes | Modified Date = 2008-01-17 14:51:04 | Attr = ]
JavaCore -> JavaCore.exe [C:\Arquivos de programas\\JavaCore\\JavaCore.exe] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized] -> MD5 = 8E69E5858BB7FDF95D2554CF95323E9C | Skype Technologies S.A. [Ver = 3.2.0.163 | Size = 23233576 bytes | Modified Date = 2007-06-08 15:18:00 | Attr = R ]
Steam -> Steam.exe ["C:\Arquivos de programas\Steam\Steam.exe" -silent] -> File not found
Svconr -> Svconr.exe [C:\Arquivos de programas\Svconr\Svconr.exe] -> File not found
Twain -> Twain.exe [C:\Arquivos de programas\Twain\Twain.exe] -> File not found
WinTouch -> WinTouch.exe [C:\Documents and Settings\Marcos.CASA\Dados de aplicativos\WinTouch\WinTouch.exe] -> File not found
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Iniciar\Programas\Inicializar ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar ->
%SystemDrive%\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> MD5 = 70DD11CF8FFAC0F237B81400A54CBE90 | InterVideo Inc. [Ver = 2.0.5 | Size = 278528 bytes | Modified Date = 2005-06-22 00:17:46 | Attr = ]
< Marcos Startup Folder > -> C:\Documents and Settings\Marcos\Menu Iniciar\Programas\Inicializar ->
< Default User.KILLWIN Startup Folder > -> C:\Documents and Settings\Default User.KILLWIN\Menu Iniciar\Programas\Inicializar ->
< All Users.KILLWIN Startup Folder > -> C:\Documents and Settings\All Users.KILLWIN\Menu Iniciar\Programas\Inicializar ->
%AllUsersProfile%\Menu Iniciar\Programas\Inicializar\PalTalk.lnk -> %ProgramFiles%\Paltalk Messenger\paltalk.exe -> MD5 = 14180DC648F4C4EF9E2F03682C1BE033 | AVM Software Inc. [Ver = 9.92.2952.1026 | Size = 10452992 bytes | Modified Date = 2008-05-08 19:17:48 | Attr = ]
%AllUsersProfile%\Menu Iniciar\Programas\Inicializar\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> MD5 = 70DD11CF8FFAC0F237B81400A54CBE90 | InterVideo Inc. [Ver = 2.0.5 | Size = 278528 bytes | Modified Date = 2005-06-22 00:17:46 | Attr = ]
%AllUsersProfile%\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> MD5 = 169C293CE9460A05646D17DC6AA2FB2C | [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 2006-10-23 00:01:50 | Attr = ]
%AllUsersProfile%\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> MD5 = 54C88BFBD055621E2306534F445C0C8D | Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 2006-10-23 01:48:20 | Attr = ]
< Marcos.CASA Startup Folder > -> C:\Documents and Settings\Marcos.CASA\Menu Iniciar\Programas\Inicializar ->
%UserProfile%\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk -> %ProgramFiles%\Stardock\ObjectDock\ObjectDock.exe -> MD5 = 716DE185272B788ECD2967A470A94EE6 | Stardock [Ver = v1.50.527u | Size = 2746104 bytes | Modified Date = 2006-11-14 19:25:44 | Attr = ]
%UserProfile%\Menu Iniciar\Programas\Inicializar\PersonalBrain 4.lnk -> %ProgramFiles%\PersonalBrain\PersonalBrainS.exe -> MD5 = F4061D14691A2A0A21EEE3DC09676F74 | [Ver = | Size = 221184 bytes | Modified Date = 2007-11-29 19:37:10 | Attr = ]
< Gamer Startup Folder > -> C:\Documents and Settings\Gamer\Menu Iniciar\Programas\Inicializar ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{A3717295-941D-416F-9384-ED1736729F1C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Scpad\scpLIB.dll [CompIBBrd] -> Unable to obtain MD5 | Scopus Tecnologia Ltda [Ver = 1, 0, 4, 5 | Size = 128512 bytes | Modified Date = 2007-03-27 01:29:08 | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{E37CB5F0-51F5-4395-A808-5FA49E399003} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GbPlugin\gbiehcef.dll [GbPlugin ShlObj] -> Unable to obtain MD5 | Caixa Economica Federal [Ver = 3.6.30.7 | Size = 341576 bytes | Modified Date = 2008-03-05 11:29:38 | Attr = ]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{A3717295-941D-416F-9384-ED1736729F1C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Scpad\scpLIB.dll [scpLIB] -> Unable to obtain MD5 | Scopus Tecnologia Ltda [Ver = 1, 0, 4, 5 | Size = 128512 bytes | Modified Date = 2007-03-27 01:29:08 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003] > -> HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
GbPluginCef -> %ProgramFiles%\GbPlugin\gbiehcef.dll -> Unable to obtain MD5 | Caixa Economica Federal [Ver = 3.6.30.7 | Size = 341576 bytes | Modified Date = 2008-03-05 11:29:38 | Attr = ]
AtiExtEvent -> %SystemRoot%\system32\Ati2evxx.dll -> MD5 = 6C253F61D585CFA2B57CBD95464EC208 | ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 2007-12-21 00:58:56 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{1CDB2949-8F65-4355-8456-263E7C208A5D} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003] > -> HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Driver de CD-ROM ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\KILLWIN\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> MD5 = AF9C19B3100FE010496B1A27181FBF72 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-08-04 01:59:54 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> 5&80e017e&0&0.0.0 [IDE\CdRomTSSTcorp_CD/DVDW_SH-W162D_______________TS00____\5&80e017e&0&0.0.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_OD1430H&Prod_UJI838E&Rev_1.01\5&3abdf2a4&0&000 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Modified Date = 2007-05-27 14:28:44 | Attr = ]
< HOSTS File > (776 bytes) -> C:\KILLWIN\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\KILLWIN\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> &http://home.microsof...ss/allinone.asp ->
HKEY_CURRENT_USER\: Main\\Start Page -> https://www.google.com.br/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> File not found
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> File not found
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\] > -> ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\: Main\\Local Page -> C:\KILLWIN\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\: Main\\Search Page -> &http://home.microsof...ss/allinone.asp ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\: Main\\Start Page -> https://www.google.com.br/ ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> File not found
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Facilitador de Leitor de Link Adobe PDF] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Barra de ferramentas] -> Unable to obtain MD5 | [Ver = | Size = 262144 bytes | Modified Date = 2007-01-26 12:44:42 | Attr = ]
{2E3C3651-B19C-4DD9-A979-901EC3E930AF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Scpad\scpsssh2.dll [ssh2 Class] -> Unable to obtain MD5 | Scopus Tecnologia Ltda [Ver = 9, 0, 1, 5 | Size = 124416 bytes | Modified Date = 2007-03-27 01:28:16 | Attr = ]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [Megaupload Toolbar] -> Unable to obtain MD5 | MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-07-31 13:25:34 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Unable to obtain MD5 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{C41A1C0E-EA6C-11D4-B1B8-444553540003} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GbPlugin\gbiehcef.dll [GbIehObj Class] -> Unable to obtain MD5 | Caixa Economica Federal [Ver = 3.6.30.7 | Size = 341576 bytes | Modified Date = 2008-03-05 11:29:38 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Barra de ferramentas] -> Unable to obtain MD5 | [Ver = | Size = 262144 bytes | Modified Date = 2007-01-26 12:44:42 | Attr = ]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [Megaupload Toolbar] -> Unable to obtain MD5 | MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-07-31 13:25:34 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Barra de ferramentas] -> Unable to obtain MD5 | [Ver = | Size = 262144 bytes | Modified Date = 2007-01-26 12:44:42 | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [Megaupload Toolbar] -> Unable to obtain MD5 | MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-07-31 13:25:34 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [Megaupload Toolbar] -> Unable to obtain MD5 | MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-07-31 13:25:34 | Attr = ]
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Barra de ferramentas] -> Unable to obtain MD5 | [Ver = | Size = 262144 bytes | Modified Date = 2007-01-26 12:44:42 | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [Megaupload Toolbar] -> Unable to obtain MD5 | MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-07-31 13:25:34 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [Megaupload Toolbar] -> Unable to obtain MD5 | MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-07-31 13:25:34 | Attr = ]
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Barra de ferramentas] -> Unable to obtain MD5 | [Ver = | Size = 262144 bytes | Modified Date = 2007-01-26 12:44:42 | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [Megaupload Toolbar] -> Unable to obtain MD5 | MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-07-31 13:25:34 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Barra de ferramentas] -> Unable to obtain MD5 | [Ver = | Size = 262144 bytes | Modified Date = 2007-01-26 12:44:42 | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [Megaupload Toolbar] -> Unable to obtain MD5 | MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-07-31 13:25:34 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> MD5 = D6A4682A6FF41832A3F1A7AB9AE08199 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Unable to obtain MD5 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}:Exec -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> MD5 = 14180DC648F4C4EF9E2F03682C1BE033 | AVM Software Inc. [Ver = 9.92.2952.1026 | Size = 10452992 bytes | Modified Date = 2008-05-08 19:17:48 | Attr = ]
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sothink SWF Catcher] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> MD5 = D6A4682A6FF41832A3F1A7AB9AE08199 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> MD5 = 14180DC648F4C4EF9E2F03682C1BE033 | AVM Software Inc. [Ver = 9.92.2952.1026 | Size = 10452992 bytes | Modified Date = 2008-05-08 19:17:48 | Attr = ]
CmdMapping\\{E19ADC6E-3909-43E4-9A89-B7B676377EE3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\ARQUIV~1\SOURCE~1\SWFCAT~1\SWFCAT~1.DLL [SWFDecompiler.InternetExplorer] -> MD5 = 6F98C661D4DF3DDA79E1324DE841CC73 | SourceTec [Ver = 3, 0, 0, 0 | Size = 397312 bytes | Modified Date = 2008-04-22 16:00:00 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Sothink SWF Catcher -> %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm -> MD5 = 5A1A214AB8FB428EF2FD84B9A8468076 | [Ver = | Size = 191 bytes | Modified Date = 2008-04-22 16:00:00 | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> MD5 = D6A4682A6FF41832A3F1A7AB9AE08199 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> MD5 = 14180DC648F4C4EF9E2F03682C1BE033 | AVM Software Inc. [Ver = 9.92.2952.1026 | Size = 10452992 bytes | Modified Date = 2008-05-08 19:17:48 | Attr = ]
CmdMapping\\{E19ADC6E-3909-43E4-9A89-B7B676377EE3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\ARQUIV~1\SOURCE~1\SWFCAT~1\SWFCAT~1.DLL [SWFDecompiler.InternetExplorer] -> MD5 = 6F98C661D4DF3DDA79E1324DE841CC73 | SourceTec [Ver = 3, 0, 0, 0 | Size = 397312 bytes | Modified Date = 2008-04-22 16:00:00 | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> MD5 = D6A4682A6FF41832A3F1A7AB9AE08199 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> MD5 = 14180DC648F4C4EF9E2F03682C1BE033 | AVM Software Inc. [Ver = 9.92.2952.1026 | Size = 10452992 bytes | Modified Date = 2008-05-08 19:17:48 | Attr = ]
CmdMapping\\{E19ADC6E-3909-43E4-9A89-B7B676377EE3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\ARQUIV~1\SOURCE~1\SWFCAT~1\SWFCAT~1.DLL [SWFDecompiler.InternetExplorer] -> MD5 = 6F98C661D4DF3DDA79E1324DE841CC73 | SourceTec [Ver = 3, 0, 0, 0 | Size = 397312 bytes | Modified Date = 2008-04-22 16:00:00 | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> MD5 = D6A4682A6FF41832A3F1A7AB9AE08199 | Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> MD5 = 14180DC648F4C4EF9E2F03682C1BE033 | AVM Software Inc. [Ver = 9.92.2952.1026 | Size = 10452992 bytes | Modified Date = 2008-05-08 19:17:48 | Attr = ]
CmdMapping\\{E19ADC6E-3909-43E4-9A89-B7B676377EE3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\ARQUIV~1\SOURCE~1\SWFCAT~1\SWFCAT~1.DLL [SWFDecompiler.InternetExplorer] -> MD5 = 6F98C661D4DF3DDA79E1324DE841CC73 | SourceTec [Ver = 3, 0, 0, 0 | Size = 397312 bytes | Modified Date = 2008-04-22 16:00:00 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-448539723-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
Sothink SWF Catcher -> %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm -> MD5 = 5A1A214AB8FB428EF2FD84B9A8468076 | [Ver = | Size = 191 bytes | Modified Date = 2008-04-22 16:00:00 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Galeria Microsoft ActiveX ->
PluginsPage -> http://activex....p?ext=%smime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL[IEProtocolHandler Class] -> MD5 = CB211D1B0EC6E334EADE510156FCBAC5 | Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 2007-08-25 21:54:38 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky...can_unicode.cab[CKAVWebScan Object] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.syma...bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.syma...n/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-sec...m/ols/fscax.cab[F-Secure Online Scanner 3.3] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macr...ash/swflash.cab[Shockwave Flash Object] ->
{DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}[HKEY_LOCAL_MACHINE] -> https://imagem.caixa...cab/gbpdist.cab[GbpDistObj Class] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/KILLWIN/Downloaded Program Files/auc_lib.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/KILLWIN/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/KILLWIN/Downloaded Program Files/auc_lib.dll\\
  • 0

#15
marcos.rj

marcos.rj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
~~~~~~~~~~~~

Sorry, I guess it wont work. The post above looked ok in the preview, it was all there but now there's a bit left out. Moreover, the next chunk was goona be really huge, it wouldnt fit again.

What should I do ?


Thanks for your help.

Marcos
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP