Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

URGENT help with malware/keylogger - HIJACK LOG [RESOLVED]


  • This topic is locked This topic is locked

#1
xpto2008

xpto2008

    New Member

  • Member
  • Pip
  • 9 posts
Hello,

I'm infected with malware and maybe keylogger software. I'm having celldorado popups and antivirus 2009 all the time!
Also popups from thebigstars2008.com, getmyvideonow, synthebyte.com and brandrewardgroup.com ....
Also my laptop sometimes shuts down suddently and also gets reallyyyy hot everytime....!
I need help removing this.

Here is my hijackthis log:
Please Help
Thanks




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:47, on 18-07-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\NARS\NETimetro\netimetro.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\goncalo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pt.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pt.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.c...ustomize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Sonork] "C:\Program Files\Sonork\SONORK.EXE" -auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\Windows\system32\cmd.exe" /c "C:\Users\goncalo\AppData\Local\Temp\isDel.bat"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S9953.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\goncalo\AppData\Local\Temp\ljJayXrO.dll,#1
O4 - HKCU\..\Run: [exp32sys] C:\Windows\B731F\0519.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\goncalo\AppData\Local\Temp\kHaxWQhF.dll,c
O4 - HKCU\..\Run: [9850e5ae] rundll32.exe "C:\Users\goncalo\AppData\Local\Temp\gglastgr.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: NETimetro.lnk = C:\Program Files\NARS\NETimetro\netimetro.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13055 bytes
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please read my post CAREFULLY before proceed with this step. Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.
For more information regarding this download, please visit this webpage

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Please go HERE to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: DO NOT mouseclick combofix's window while it's running. That may cause it to stall**


Regards
fenzodahl512
  • 0

#3
xpto2008

xpto2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here you have:


COMBOFIX LOG:

ComboFix 08-07-19.1 - goncalo 2008-07-20 3:00:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.2070.18.1100 [GMT 1:00]
Executando de: C:\Users\goncalo\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\goncalo\AppData\Roaming\inst.exe
C:\Users\goncalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus 2008 PRO
C:\Users\goncalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Users\goncalo\Desktop\antivirus-2008pro.lnk
C:\Windows\system32\ACER.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((( Ficheiros criados de 2008-06-20 to 2008-07-20 ))))))))))))))))))))))))))))))))
.

2008-07-19 13:02 . 2008-07-19 15:25 <DIR> d-------- C:\Users\goncalo\AppData\Roaming\BSplayer PRO
2008-07-19 13:02 . 2008-07-19 13:02 <DIR> d-------- C:\Program Files\Webteh
2008-07-18 20:29 . 2008-07-19 14:57 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-18 20:18 . 2008-07-19 15:33 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-07-18 20:18 . 2008-07-19 15:32 12,936 --a------ C:\Windows\System32\drivers\avgrkx86.sys
2008-07-18 20:18 . 2008-07-18 20:18 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-07-18 20:18 . 2008-07-19 15:32 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-07-18 20:17 . 2008-07-19 00:20 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-07-18 20:17 . 2008-07-18 20:17 <DIR> d-------- C:\Users\All Users\avg8
2008-07-18 20:17 . 2008-07-18 20:17 <DIR> d-------- C:\ProgramData\avg8
2008-07-18 20:17 . 2008-07-18 20:17 <DIR> d-------- C:\Program Files\AVG
2008-07-18 20:17 . 2008-07-19 15:32 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-07-18 19:43 . 2008-07-18 19:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-17 21:05 . 2008-06-26 01:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-17 21:05 . 2008-06-26 01:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-17 21:03 . 2008-06-26 01:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-12 21:35 . 2008-07-12 21:35 23,215 --a------ C:\Windows\System32\{22e72d8b-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:32 . 2008-07-12 21:32 21,513 --a------ C:\Windows\System32\{22e72d8a-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:29 . 2008-07-12 21:29 19,776 --a------ C:\Windows\System32\{22e72d89-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:26 . 2008-07-12 21:26 18,131 --a------ C:\Windows\System32\{22e72d88-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:23 . 2008-07-12 21:23 16,486 --a------ C:\Windows\System32\{22e72d87-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:20 . 2008-07-12 21:20 14,696 --a------ C:\Windows\System32\{22e72d86-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:17 . 2008-07-12 21:17 13,052 --a------ C:\Windows\System32\{22e72d85-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:14 . 2008-07-12 21:14 11,407 --a------ C:\Windows\System32\{22e72d84-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:11 . 2008-07-12 21:11 9,617 --a------ C:\Windows\System32\{22e72d83-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:08 . 2008-07-12 21:08 7,916 --a------ C:\Windows\System32\{22e72d82-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:05 . 2008-07-12 21:05 5,249 --a------ C:\Windows\System32\{22e72d81-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 21:02 . 2008-07-12 21:02 3,434 --a------ C:\Windows\System32\{22e72d80-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:59 . 2008-07-12 20:59 1,644 --a------ C:\Windows\System32\{22e72d7f-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:56 . 2008-07-12 20:56 34,260 --a------ C:\Windows\System32\{22e72d7e-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:53 . 2008-07-12 20:53 32,615 --a------ C:\Windows\System32\{22e72d7d-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:50 . 2008-07-12 20:50 30,827 --a------ C:\Windows\System32\{22e72d7c-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:47 . 2008-07-12 20:47 29,182 --a------ C:\Windows\System32\{22e72d7b-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:44 . 2008-07-12 20:44 27,538 --a------ C:\Windows\System32\{22e72d7a-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:41 . 2008-07-12 20:41 25,747 --a------ C:\Windows\System32\{22e72d79-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:38 . 2008-07-12 20:38 24,103 --a------ C:\Windows\System32\{22e72d78-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:35 . 2008-07-12 20:35 22,458 --a------ C:\Windows\System32\{22e72d77-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:32 . 2008-07-12 20:32 20,813 --a------ C:\Windows\System32\{22e72d76-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:29 . 2008-07-12 20:29 19,023 --a------ C:\Windows\System32\{22e72d75-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:26 . 2008-07-12 20:26 17,377 --a------ C:\Windows\System32\{22e72d74-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:23 . 2008-07-12 20:23 15,732 --a------ C:\Windows\System32\{22e72d73-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:20 . 2008-07-12 20:20 13,942 --a------ C:\Windows\System32\{22e72d72-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:17 . 2008-07-12 20:17 12,297 --a------ C:\Windows\System32\{22e72d71-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:14 . 2008-07-12 20:14 10,653 --a------ C:\Windows\System32\{22e72d70-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:11 . 2008-07-12 20:11 8,864 --a------ C:\Windows\System32\{22e72d6f-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:08 . 2008-07-12 20:08 7,163 --a------ C:\Windows\System32\{22e72d6e-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:05 . 2008-07-12 20:05 5,517 --a------ C:\Windows\System32\{22e72d6d-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 20:02 . 2008-07-12 20:02 3,601 --a------ C:\Windows\System32\{22e72d6c-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:59 . 2008-07-12 19:59 1,644 --a------ C:\Windows\System32\{22e72d6b-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:56 . 2008-07-12 19:56 34,393 --a------ C:\Windows\System32\{22e72d6a-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:53 . 2008-07-12 19:53 32,748 --a------ C:\Windows\System32\{22e72d69-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:50 . 2008-07-12 19:50 30,958 --a------ C:\Windows\System32\{22e72d68-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:47 . 2008-07-12 19:47 29,313 --a------ C:\Windows\System32\{22e72d67-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:44 . 2008-07-12 19:44 27,669 --a------ C:\Windows\System32\{22e72d66-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:41 . 2008-07-12 19:41 26,024 --a------ C:\Windows\System32\{22e72d65-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:38 . 2008-07-12 19:38 24,234 --a------ C:\Windows\System32\{22e72d64-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:35 . 2008-07-12 19:35 22,589 --a------ C:\Windows\System32\{22e72d63-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:32 . 2008-07-12 19:32 20,944 --a------ C:\Windows\System32\{22e72d62-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:29 . 2008-07-12 19:29 19,153 --a------ C:\Windows\System32\{22e72d61-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:26 . 2008-07-12 19:26 17,509 --a------ C:\Windows\System32\{22e72d60-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:23 . 2008-07-12 19:23 15,864 --a------ C:\Windows\System32\{22e72d5f-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:20 . 2008-07-12 19:20 14,075 --a------ C:\Windows\System32\{22e72d5e-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:17 . 2008-07-12 19:17 12,431 --a------ C:\Windows\System32\{22e72d5d-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:14 . 2008-07-12 19:14 10,786 --a------ C:\Windows\System32\{22e72d5c-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:11 . 2008-07-12 19:11 9,142 --a------ C:\Windows\System32\{22e72d5b-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:08 . 2008-07-12 19:08 7,297 --a------ C:\Windows\System32\{22e72d5a-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:05 . 2008-07-12 19:05 5,652 --a------ C:\Windows\System32\{22e72d59-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 19:02 . 2008-07-12 19:02 3,658 --a------ C:\Windows\System32\{22e72d58-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:59 . 2008-07-12 18:59 1,644 --a------ C:\Windows\System32\{22e72d57-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:56 . 2008-07-12 18:56 35,795 --a------ C:\Windows\System32\{22e72d56-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:53 . 2008-07-12 18:53 33,693 --a------ C:\Windows\System32\{22e72d55-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:50 . 2008-07-12 18:50 31,754 --a------ C:\Windows\System32\{22e72d54-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:47 . 2008-07-12 18:47 30,110 --a------ C:\Windows\System32\{22e72d53-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:44 . 2008-07-12 18:44 28,313 --a------ C:\Windows\System32\{22e72d52-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:41 . 2008-07-12 18:41 26,668 --a------ C:\Windows\System32\{22e72d51-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:38 . 2008-07-12 18:38 24,728 --a------ C:\Windows\System32\{22e72d50-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:35 . 2008-07-12 18:35 22,932 --a------ C:\Windows\System32\{22e72d4f-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:32 . 2008-07-12 18:32 21,286 --a------ C:\Windows\System32\{22e72d4e-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:29 . 2008-07-12 18:29 19,349 --a------ C:\Windows\System32\{22e72d4d-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:26 . 2008-07-12 18:26 17,704 --a------ C:\Windows\System32\{22e72d4c-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:23 . 2008-07-12 18:23 15,905 --a------ C:\Windows\System32\{22e72d4b-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:20 . 2008-07-12 18:20 13,967 --a------ C:\Windows\System32\{22e72d4a-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:17 . 2008-07-12 18:17 12,322 --a------ C:\Windows\System32\{22e72d49-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:14 . 2008-07-12 18:14 10,526 --a------ C:\Windows\System32\{22e72d48-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:11 . 2008-07-12 18:11 8,881 --a------ C:\Windows\System32\{22e72d47-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:08 . 2008-07-12 18:08 6,888 --a------ C:\Windows\System32\{22e72d46-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:05 . 2008-07-12 18:05 5,244 --a------ C:\Windows\System32\{22e72d45-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 18:02 . 2008-07-12 18:02 3,433 --a------ C:\Windows\System32\{22e72d44-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:59 . 2008-07-12 17:59 1,644 --a------ C:\Windows\System32\{22e72d43-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:56 . 2008-07-12 17:56 35,325 --a------ C:\Windows\System32\{22e72d42-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:53 . 2008-07-12 17:53 33,680 --a------ C:\Windows\System32\{22e72d41-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:50 . 2008-07-12 17:50 31,979 --a------ C:\Windows\System32\{22e72d40-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:47 . 2008-07-12 17:47 30,241 --a------ C:\Windows\System32\{22e72d3f-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:44 . 2008-07-12 17:44 28,597 --a------ C:\Windows\System32\{22e72d3e-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:41 . 2008-07-12 17:41 26,952 --a------ C:\Windows\System32\{22e72d3d-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:38 . 2008-07-12 17:38 25,162 --a------ C:\Windows\System32\{22e72d3c-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:35 . 2008-07-12 17:35 23,517 --a------ C:\Windows\System32\{22e72d3b-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:32 . 2008-07-12 17:32 21,872 --a------ C:\Windows\System32\{22e72d3a-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:29 . 2008-07-12 17:29 20,082 --a------ C:\Windows\System32\{22e72d39-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:26 . 2008-07-12 17:26 18,437 --a------ C:\Windows\System32\{22e72d38-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:23 . 2008-07-12 17:23 16,792 --a------ C:\Windows\System32\{22e72d37-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:20 . 2008-07-12 17:20 15,146 --a------ C:\Windows\System32\{22e72d36-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:17 . 2008-07-12 17:17 13,354 --a------ C:\Windows\System32\{22e72d35-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:14 . 2008-07-12 17:14 11,444 --a------ C:\Windows\System32\{22e72d34-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:11 . 2008-07-12 17:11 9,034 --a------ C:\Windows\System32\{22e72d33-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:08 . 2008-07-12 17:08 7,192 --a------ C:\Windows\System32\{22e72d32-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:05 . 2008-07-12 17:05 5,395 --a------ C:\Windows\System32\{22e72d31-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 17:02 . 2008-07-12 17:02 3,585 --a------ C:\Windows\System32\{22e72d30-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:59 . 2008-07-12 16:59 1,644 --a------ C:\Windows\System32\{22e72d2f-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:56 . 2008-07-12 16:56 35,806 --a------ C:\Windows\System32\{22e72d2e-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:53 . 2008-07-12 16:53 34,162 --a------ C:\Windows\System32\{22e72d2d-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:50 . 2008-07-12 16:50 32,365 --a------ C:\Windows\System32\{22e72d2c-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:47 . 2008-07-12 16:47 30,574 --a------ C:\Windows\System32\{22e72d2b-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:44 . 2008-07-12 16:44 28,774 --a------ C:\Windows\System32\{22e72d2a-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:41 . 2008-07-12 16:41 27,129 --a------ C:\Windows\System32\{22e72d29-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:38 . 2008-07-12 16:38 25,189 --a------ C:\Windows\System32\{22e72d28-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:35 . 2008-07-12 16:35 23,392 --a------ C:\Windows\System32\{22e72d27-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:32 . 2008-07-12 16:32 21,748 --a------ C:\Windows\System32\{22e72d26-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:29 . 2008-07-12 16:29 19,809 --a------ C:\Windows\System32\{22e72d25-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:26 . 2008-07-12 16:26 18,164 --a------ C:\Windows\System32\{22e72d24-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:23 . 2008-07-12 16:23 16,365 --a------ C:\Windows\System32\{22e72d23-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:20 . 2008-07-12 16:20 14,569 --a------ C:\Windows\System32\{22e72d22-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:17 . 2008-07-12 16:17 12,779 --a------ C:\Windows\System32\{22e72d21-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:14 . 2008-07-12 16:14 10,982 --a------ C:\Windows\System32\{22e72d20-4dc6-11dd-96b8-001b38713a2c}
2008-07-12 16:11 . 2008-07-12 16:11 9,337 --a------ C:\Windows\System32\{22e72d1f-4dc6-11dd-96b8-001b38713a2c}

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 23:35 --------- d-----w C:\Users\goncalo\AppData\Roaming\uTorrent
2008-07-19 00:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-18 18:40 --------- d-----w C:\Program Files\Acer GameZone
2008-07-18 18:38 --------- d-----w C:\ProgramData\Symantec
2008-07-18 18:38 --------- d-----w C:\Program Files\Symantec
2008-07-18 07:49 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-17 19:19 --------- d---a-w C:\ProgramData\TEMP
2008-07-09 09:01 174 --sha-w C:\Program Files\desktop.ini
2008-07-08 00:27 --------- d-----w C:\Users\goncalo\AppData\Roaming\mIRC
2008-07-07 21:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 20:11 --------- d-----w C:\Users\goncalo\AppData\Roaming\PC Suite
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-10 20:05 --------- d-----w C:\Program Files\Picasa2
2008-05-29 22:35 --------- d-----w C:\Users\goncalo\AppData\Roaming\Vso
2008-05-29 22:34 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-05-29 22:34 47,360 ----a-w C:\Users\goncalo\AppData\Roaming\pcouffin.sys
2008-05-29 22:34 --------- d-----w C:\Program Files\DVDFab 5
2008-05-29 22:03 --------- d-----w C:\ProgramData\DVD Shrink
2008-05-29 22:03 --------- d-----w C:\Program Files\DVD Shrink
2008-05-29 21:24 --------- d-----w C:\Users\goncalo\AppData\Roaming\CyberLink
2008-05-26 21:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-26 21:35 --------- d-----w C:\ProgramData\UDL
2008-05-26 21:34 --------- d-----w C:\Program Files\EPSON
2008-05-26 21:29 --------- d-----w C:\Users\goncalo\AppData\Roaming\InstallShield
2008-05-26 21:28 --------- d-----w C:\ProgramData\EPSON
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-06 08:04 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-05-06 08:04 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-12 11:14 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 16:41 222128]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-11 23:38 171448]
"VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-10-17 14:07 131072]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"EPSON Stylus DX4400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 07:01 180736]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 02:23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 18:25 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 14:47 45056]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 06:51 768520]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50 233472]
"Sonork"="C:\Program Files\Sonork\SONORK.EXE" [2008-04-20 09:36 761856]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 09:10 2007088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-19 15:32 1232152]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-16 11:45:40 535336]
NETimetro.lnk - C:\Program Files\NARS\NETimetro\netimetro.exe [2008-05-05 23:13:16 391680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4AC0FB22-4981-4414-9FC2-157900F93DFF}"= C:\Program Files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{67C27BEA-EAA8-4903-8728-E5B4F8D5E4B0}"= C:\Program Files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{BC62B131-7335-40D7-AB2F-7AC9D9001801}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0CB553B2-60BB-47B7-B021-C4604C31B6CC}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{133EFC73-72FF-47D9-99C7-A142CF67E732}"= C:\Program Files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
"{BDA085EB-00BC-4EF5-B28E-0A7D1F365950}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AD5DAE3E-B679-48C9-93A5-6F05CCC2DFC9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3405940E-B001-4FFA-8ACB-E731DDE4BB13}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E65D88F9-725B-4432-96C9-43F780A44DAC}C:\\users\\goncalo\\downloads\\emule-0.48a-morphxt-v10.5-bin\\emule\\emule.exe"= UDP:C:\users\goncalo\downloads\emule-0.48a-morphxt-v10.5-bin\emule\emule.exe:emule.exe
"UDP Query User{0715B60F-7BAE-4BDD-BC88-8F6EA0E5F5B6}C:\\users\\goncalo\\downloads\\emule-0.48a-morphxt-v10.5-bin\\emule\\emule.exe"= TCP:C:\users\goncalo\downloads\emule-0.48a-morphxt-v10.5-bin\emule\emule.exe:emule.exe
"{8534CD45-34E9-41CF-BF35-9DD933C8B7C0}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{78E05F7F-406D-4C71-AE7B-E10539298E26}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E4CAB09A-8C3C-443A-8D88-BC9A0322BF5E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B8D2BF23-8A93-430A-BA42-9675150231C6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{18BD090E-CD6B-45DB-ABD7-72FF55FFC844}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{06E70F2C-CD44-4649-836C-F452D8754562}"= UDP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{2278E4AB-DEBA-4E4B-8255-2B59FADF6CAE}"= TCP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{F3E7B623-A11B-4BBE-BAD7-1B25FF0975C5}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{454CBF79-6F62-40A1-9C5F-F686156429FC}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-07-19 15:32]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-19 15:32]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-19 15:32]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-19 15:32]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-19 15:33]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\SETUP.EXE
\shell\configure\command - G:\SETUP.EXE
\shell\install\command - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25dcc414-9cca-11dc-8502-806e6f6e6963}]
\shell\AutoRun\command - E:\WAG200G.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e3ec49-f222-11dc-9244-806e6f6e6963}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8681645-efd7-11dc-bb7a-001b38713a2c}]
\shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b868164f-efd7-11dc-bb7a-001b38713a2c}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9a1793a-2dcf-11dd-93f6-001b38713a2c}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-07-19 00:23:47 C:\Windows\Tasks\User_Feed_Synchronization-{079BD8E8-5D5D-45BB-8133-BE61C8DB8940}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-FreeCall - C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
HKLM-Run-ALaunch - C:\Acer\ALaunch\AlaunchClient.exe
HKLM-Run-SetPanel - C:\Acer\APanel\APanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 03:05:26
Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-07-20 3:07:37
ComboFix-quarantined-files.txt 2008-07-20 02:07:19

Pre-Run: 8,496,398,336 bytes livres
Post-Run: 8,454,737,920 bytes livres

317 --- E O F --- 2008-07-18 07:52:34





AND NEW HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:47, on 18-07-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\NARS\NETimetro\netimetro.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\goncalo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pt.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pt.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.c...://br.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Sonork] "C:\Program Files\Sonork\SONORK.EXE" -auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\Windows\system32\cmd.exe" /c "C:\Users\goncalo\AppData\Local\Temp\isDel.bat"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S9953.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\goncalo\AppData\Local\Temp\ljJayXrO.dll,#1
O4 - HKCU\..\Run: [exp32sys] C:\Windows\B731F\0519.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\goncalo\AppData\Local\Temp\kHaxWQhF.dll,c
O4 - HKCU\..\Run: [9850e5ae] rundll32.exe "C:\Users\goncalo\AppData\Local\Temp\gglastgr.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: NETimetro.lnk = C:\Program Files\NARS\NETimetro\netimetro.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13055 bytes



HIJACK gave a message telling it couldn't access HOSTS file
Thank you for your help
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. Firstly tell me what did you do with your computer on 12-July-2008 from 4pm until 9.30pm (your local time).. Do you download/install anything during that time?.. Does your computer online?.. Do you chatting with someone?



Please do the following....


Please download the HostsXpert by funkytoad.
  • Unzip HostsXpert to a convenient folder such as C:\HostsXpert
  • Double-click HostsXpert.exe to run HostsXpert - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Ms Hosts File and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following logs in your next reply..

1. Answer my question above
2. Malwarebytes'
3. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512

Edited by fenzodahl512, 20 July 2008 - 06:39 AM.

  • 0

#5
xpto2008

xpto2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello.. Firstly tell me what did you do with your computer on 12-July-2008 from 4pm until 9.30pm (your local time).. Do you download/install anything during that time?.. Does your computer online?.. Do you chatting with someone?

I was on vacation between 10-14 July. My computer was online, connected to the internet, but i was 2000km away from home...
I'll try your fix now, will post results later
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. will wait for you.. Please ask the person at your home if they use the computer and what they do during the period mentioned.. I need to know..



Regards
fenzodahl512
  • 0

#7
xpto2008

xpto2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
very weird, nobody was at home during that period... is it possible someone gain access to my computer using internet?
Here are the logs attached (too long to put here as text)
THANK YOU FOR YOUR HELP ONCE MORE!

Attached File  logs_MBAM_DSS.txt   194.5KB   92 downloads

Edited by xpto2008, 20 July 2008 - 05:18 PM.

  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Lets see.. actually you have lots of files created between 9-July-2008 (4.30pm) until 12-July-2008 (9.30pm)..


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\Windows\system32\{22e72ca2-4dc6-11dd-96b8-001b38713a2c}
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.
  • 0

#9
xpto2008

xpto2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hmm i noticed now i have lots of those files in system32...

Scan results:
Jotti's malware scan:

Service load:
0% 100%
File: {22e72ca4dc6dd-96b8-001b38713a2c}
Status:
OK
MD5: c8ebe48ee07ab735974ccea815735c05
Packers detected:
-
Scanner results
Scan taken on 21 Jul 2008 08:26:16 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



VIRUSTOTAL RESULT:

File _22e72ca2-4dc6-11dd-96b8-001b3871 received on 07.21.2008 10:35:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/33 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.7.17.0 2008.07.21 -
AntiVir 7.8.1.11 2008.07.21 -
Authentium 5.1.0.4 2008.07.20 -
Avast 4.8.1195.0 2008.07.20 -
AVG 8.0.0.130 2008.07.20 -
BitDefender 7.2 2008.07.21 -
CAT-QuickHeal 9.50 2008.07.18 -
ClamAV 0.93.1 2008.07.21 -
DrWeb 4.44.0.09170 2008.07.21 -
eSafe 7.0.17.0 2008.07.20 -
eTrust-Vet 31.6.5966 2008.07.18 -
Ewido 4.0 2008.07.20 -
F-Prot 4.4.4.56 2008.07.20 -
F-Secure 7.60.13501.0 2008.07.21 -
Fortinet 3.14.0.0 2008.07.21 -
GData 2.0.7306.1023 2008.07.21 -
Ikarus T3.1.1.34.0 2008.07.21 -
Kaspersky 7.0.0.125 2008.07.21 -
McAfee 5342 2008.07.18 -
Microsoft 1.3704 2008.07.21 -
NOD32v2 3282 2008.07.19 -
Norman 5.80.02 2008.07.18 -
Panda 9.0.0.4 2008.07.20 -
Prevx1 V2 2008.07.21 -
Rising 20.54.00.00 2008.07.21 -
Sophos 4.31.0 2008.07.21 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.21 -
TheHacker 6.2.96.385 2008.07.20 -
TrendMicro 8.700.0.1004 2008.07.21 -
VBA32 3.12.8.1 2008.07.20 -
VirusBuster 4.5.11.0 2008.07.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 34865 bytes
MD5...: c8ebe48ee07ab735974ccea815735c05
SHA1..: fdcc5383469ab7eee9532fed8e65a7e4ee353426
SHA256: 4d630bfbb9a8cbef747177d6cb8ffc0a0e85785cd51c8773759d8c072d9aa9cc
SHA512: 9a8b0a12b8134a043e4a8b984a7dd6ae143c9d38b25ff5a81a08e928c3f0981b
65292f3a9da5010a00d3860881937ef86ac9f3b4ca03e51728eba0f90c1dcb7b
PEiD..: -
PEInfo: -


  • 0

#10
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

hmm i noticed now i have lots of those files in system32...


I don't think those files are good.. They look evil to me.. Lets do this...

IMPORTANT!: Please create a fresh Restore Point before proceed with our fix. Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Windows\system32\{22e72???-4dc6-11dd-96b8-001b38713a2c}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post the following logs in your next reply...

1. OTMoveIt2
2. A fresh DSS log (after OTMoveIt2 step)


Regards
fenzodahl512

Edited by fenzodahl512, 21 July 2008 - 05:08 AM.

  • 0

Advertisements


#11
xpto2008

xpto2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
files are attached
both DSS log and OTMoveIt2

thanks

Attached Files


  • 0

#12
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following..


Please uninstall BS.Player PRO from your computer...



NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\Windows\system32\RMActsvr.exe
      C:\Windows\winfsysrn.dll
  • Click on the Upload button. You can only submit one file per round..
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.




NEXT


Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\Webteh
    C:\Windows\system32\prfh0816.dat
    C:\Windows\system32\prfc0816.dat
    F:\VMC_PBStarter.exe
    G:\SETUP.EXE
    F:\StartVMCLite.exe
    G:\VMC_PBStarter.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e3ec49-f222-11dc-9244-806e6f6e6963}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8681645-efd7-11dc-bb7a-001b38713a2c}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b868164f-efd7-11dc-bb7a-001b38713a2c}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9a1793a-2dcf-11dd-93f6-001b38713a2c}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post the following log in your next reply.. Post each log in sepatare post..

1. VirScan.org result
2. OTMoveIt2
3. A fresh DSS log (after OTMoveIt2 step)



Regards
fenzodahl512
  • 0

#13
xpto2008

xpto2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I use BSPLAYER to watch my divx movies.... the PRO version is not spyware-infected.... although removed the software as requested.
About VMC is the software for vodafone internet access provider, altough i do not use it anymore, so i will remove it also.

Here are the VIRSCAN LOGS. OTMoveIt2 and DSS logs are attached.
Thanks


LOGS:
VIRSCAN LOG FOR "C:\Windows\system32\RMActsvr.exe":

VirSCAN.org Scanned Report :
Scanned time : 2008/07/21 20:08:34 (AZOST)
Scanner results: 6% Scanner(2/36) found malware!
File Name : RMActsvr.exe
File Size : 2392064 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : e4a74c5618039c248a49ddd490ac027e
SHA1 : cdd9600be8156b8d99fb54810f197a4324c25f24
Online report : http://virscan.org/r...a28176532a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.20 2008-07-20 2.45 -
AhnLab V3 2008.07.22.00 2008.07.22 2008-07-22 0.92 -
AntiVir 7.8.1.11 7.0.5.146 2008-07-21 0.07 -
Arcavir 1.0.4 200807151947 2008-07-15 1.19 -
AVAST! 3.0.1 080720-0 2008-07-20 0.71 -
AVG 7.5.51.442 270.5.3/1564 2008-07-21 1.47 -
BitDefender 7.60825.1382334 7.20123 2008-07-21 2.82 -
CA (VET) 9.0.0.143 31.6.5971 2008-07-21 0.65 -
ClamAV 0.93.3 7766 2008-07-21 0.39 -
Comodo 2.11 2.0.0.592 2008-07-21 0.49 -
CP Secure 1.1.0.715 2008.07.21 2008-07-21 5.96 Troj.Downloader.W32.Small.axy
Dr.Web 4.44.0.9170 2008.07.21 2008-07-21 3.05 -
ewido 4.0.0.2 2008.07.21 2008-07-21 2.28 -
F-Prot 4.4.4.56 20080720 2008-07-20 1.03 -
F-Secure 5.51.6100 2008.07.21.06 2008-07-21 2.79 -
Fortinet 2.81-3.11 9.340 2008-07-21 1.66 -
ViRobot 20080721 2008.07.21 2008-07-21 0.41 -
Ikarus T3.1.01.34 2008.07.21.71132 2008-07-21 5.58 -
JiangMin 11.0.706 2008.07.21 2008-07-21 1.11 -
Kaspersky 5.5.10 2008.07.21 2008-07-21 0.07 -
KingSoft 2008.1.14.15 2008.7.21.17 2008-07-21 0.66 -
McAfee 5.2.00 5342 2008-07-18 1.98 -
Microsoft 1.3704 2008.07.21 2008-07-21 4.96 -
mks_vir 2.01 2008.07.21 2008-07-21 2.46 -
Norman 5.93.01 5.93.00 2008-07-18 4.36 -
Panda 9.05.01 2008.07.21 2008-07-21 2.16 -
Trend Micro 8.700-1004 5.420.08 2008-07-21 0.04 -
Quick Heal 9.50 2008.07.15 2008-07-15 1.54 TrojanDropper.Agent.nn
Rising 20.0 20.54.02.00 2008-07-21 0.89 -
Sophos 2.75.4 4.31 2008-07-21 1.94 -
Sunbelt 3.1.1536.1 2156 2008-07-18 0.52 -
Symantec 1.3.0.24 20080720.003 2008-07-20 0.60 -
nProtect 2008-07-21.00 1695598 2008-07-21 3.42 -
The Hacker 6.2.96 v00385 2008-07-19 0.40 -
VBA32 3.12.8.1 20080721.0843 2008-07-21 1.29 -
VirusBuster 4.5.11.10 10.82.12/595718 2008-07-15 1.54 -




VIRSCAN LOG FOR "C:\Windows\winfsysrn.dll":

VirSCAN.org Scanned Report :
Scanned time : 2008/07/21 20:13:28 (AZOST)
Scanner results: All Scanners reported not find malware!
File Name : winfsysrn.dll
File Size : 131072 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 236211f401ed261870dfe7a9da25df10
SHA1 : 819a28c74afdcaeeb3c71ee8cc5aa1161668658c
Online report : http://virscan.org/r...1896addce3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.20 2008-07-20 2.38 -
AhnLab V3 2008.07.22.00 2008.07.22 2008-07-22 0.82 -
AntiVir 7.8.1.11 7.0.5.146 2008-07-21 0.07 -
Arcavir 1.0.4 200807151947 2008-07-15 1.18 -
AVAST! 3.0.1 080720-0 2008-07-20 0.64 -
AVG 7.5.51.442 270.5.3/1564 2008-07-21 1.46 -
BitDefender 7.60825.1382334 7.20123 2008-07-21 2.56 -
CA (VET) 9.0.0.143 31.6.5971 2008-07-21 0.61 -
ClamAV 0.93.3 7766 2008-07-21 0.04 -
Comodo 2.11 2.0.0.592 2008-07-21 0.42 -
CP Secure 1.1.0.715 2008.07.21 2008-07-21 5.89 -
Dr.Web 4.44.0.9170 2008.07.21 2008-07-21 3.00 -
ewido 4.0.0.2 2008.07.21 2008-07-21 2.25 -
F-Prot 4.4.4.56 20080720 2008-07-20 1.24 -
F-Secure 5.51.6100 2008.07.21.06 2008-07-21 2.73 -
Fortinet 2.81-3.11 9.340 2008-07-21 1.60 -
ViRobot 20080721 2008.07.21 2008-07-21 0.41 -
Ikarus T3.1.01.34 2008.07.21.71132 2008-07-21 3.28 -
JiangMin 11.0.706 2008.07.21 2008-07-21 1.10 -
Kaspersky 5.5.10 2008.07.21 2008-07-21 0.04 -
KingSoft 2008.1.14.15 2008.7.21.17 2008-07-21 0.64 -
McAfee 5.2.00 5342 2008-07-18 1.97 -
Microsoft 1.3704 2008.07.21 2008-07-21 4.46 -
mks_vir 2.01 2008.07.21 2008-07-21 2.47 -
Norman 5.93.01 5.93.00 2008-07-18 4.37 -
Panda 9.05.01 2008.07.21 2008-07-21 1.98 -
Trend Micro 8.700-1004 5.420.08 2008-07-21 0.02 -
Quick Heal 9.50 2008.07.15 2008-07-15 1.59 -
Rising 20.0 20.54.02.00 2008-07-21 0.74 -
Sophos 2.75.4 4.31 2008-07-21 1.83 -
Sunbelt 3.1.1536.1 2156 2008-07-18 0.41 -
Symantec 1.3.0.24 20080720.003 2008-07-20 0.05 -
nProtect 2008-07-21.00 1695598 2008-07-21 3.11 -
The Hacker 6.2.96 v00385 2008-07-19 0.39 -
VBA32 3.12.8.1 20080721.0843 2008-07-21 1.18 -
VirusBuster 4.5.11.10 10.82.12/595718 2008-07-15 0.85 -

Attached Files


  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

I use BSPLAYER to watch my divx movies.... the PRO version is not spyware-infected.... although removed the software as requested.


I believe you can install it back if you wish :)



Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\system32\RMActsvr.exe
    EmptyTemp
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.




Tell me about your computer behaviour


Regards
fenzodahl512
  • 0

#15
xpto2008

xpto2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here are both logs attached

regarding the computer, noticed two main things changed: much faster when starting windows and never gets as hot as earlier...

Attached Files


Edited by xpto2008, 22 July 2008 - 08:28 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP