Hello, I already try several times to remove it with the Spybot 1.60, with Ad-Aware and Norton 360 but didn't do anything.
I read and i'm trying to follow the rules of "BEFORE you POST".
I tried the VundoFix and didn't work. You are my last hope and I see that should be the first one.
Everytime i try to run the Kaspersky Online Scanner the Firefox closes, like the process is killed. Please help me.Thanks!

Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:15, on 22-08-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
E:\Programas\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\Bonjour\mDNSResponder.exe
D:\Programas\cFosSpeed\spd.exe
D:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
E:\Programas\Raxco\PerfectDisk2008\PD91Agent.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Programas\Analog Devices\Core\smax4pnp.exe
D:\Programas\Analog Devices\SoundMAX\Smax4.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
D:\Programas\cFosSpeed\cFosSpeed.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
D:\Programas\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
E:\Programas\System Explorer\SystemExplorer.exe
E:\Programas\Wallpaper Master\Wallpaper.exe
D:\Programas\Windows Live\Messenger\MsnMsgr.Exe
D:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe
E:\Programas\DAEMON Tools Lite\daemon.exe
E:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Programas\Logitech\SetPoint\SetPoint.exe
E:\Programas\NARS\NETimetro\netimetro.exe
E:\Programas\Stickies\stickies.exe
D:\Programas\Ficheiros comuns\Logishrd\KHAL2\KHALMNPR.EXE
D:\Programas\Windows Live\Messenger\usnsvc.exe
D:\Programas\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Programas\Ficheiros comuns\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [cFosSpeed] D:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [f007915f] rundll32.exe "D:\WINDOWS\system32\qopxlxia.dll",b
O4 - HKLM\..\Run: [BMd7f56a2e] Rundll32.exe "D:\WINDOWS\system32\wjtwktdk.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SystemExplorer] "e:\Programas\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [WallpaperChanger] e:\Programas\Wallpaper Master\Wallpaper.exe -startup
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] D:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: Atalho para stickies.exe.lnk = E:\Programas\Stickies\stickies.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Atalho para stickies.exe.lnk = E:\Programas\Stickies\stickies.exe (User 'Default user')
O4 - Startup: Atalho para stickies.exe.lnk = E:\Programas\Stickies\stickies.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programas\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETimetro.lnk = E:\Programas\NARS\NETimetro\netimetro.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2704E01-1C18-430A-AE3A-E8B99AB313C6}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - e:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: addfau.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Programas\cFosSpeed\spd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Programas\Ficheiros comuns\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - E:\Programas\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - E:\Programas\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Programas\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9987 bytes

I forget to tell that in the security center of Windows appears that the auto-updates are disconnected but it's on and also appears the warning near the clock in the bar.
Thanks in advance!:oops:

I've seen so many posts about this and in the majority of them is asked to check the pc with ComboFix, i understand that it was a diagnostic program and i take the risk of running it myself trying to make things faster.
Here is the log that was generated.
Thanks again!


ComboFix 08-08-21.02 - Mordep 2008-08-23 3:10:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.1390 [GMT 1:00]
Executando de: D:\Documents and Settings\Mordep\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\BMd7f56a2e.txt
D:\WINDOWS\BMd7f56a2e.xml
D:\WINDOWS\system32\addfau.dll
D:\WINDOWS\system32\aixlxpoq.ini
D:\WINDOWS\system32\AyIjknpo.ini
D:\WINDOWS\system32\AyIjknpo.ini2
D:\WINDOWS\system32\edgunh.dll
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\ofyyjlij.dll
D:\WINDOWS\system32\opnkjIyA.dll
D:\WINDOWS\system32\qopxlxia.dll
D:\WINDOWS\system32\SBIiQqru.ini
D:\WINDOWS\system32\SBIiQqru.ini2
D:\WINDOWS\system32\xkdbvdpu.exe
D:\WINDOWS\system32\xxyvvSmJ.dll
D:\WINDOWS\system32\yxmrvoat.exe
E:\install.exe

.
((((((((((((((((((((((( Ficheiros criados de 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))
.

2008-08-23 03:16 . 2008-08-23 03:16 <DIR> d-------- D:\WINDOWS\system32\xircom
2008-08-23 03:16 . 2008-08-23 03:16 <DIR> d-------- D:\Programas\microsoft frontpage
2008-08-23 01:54 . 2008-08-23 01:54 <DIR> d-------- D:\WINDOWS\system32\xlive
2008-08-22 21:41 . 2008-08-22 21:41 <DIR> d-------- D:\Programas\Trend Micro
2008-08-22 18:04 . 2008-08-22 22:34 145 --a------ D:\WINDOWS\wininit.ini
2008-08-22 17:29 . 2008-08-22 18:31 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 14:16 . 2008-08-22 14:16 <DIR> d-------- D:\WINDOWS\Sun
2008-08-21 20:24 . 2001-03-02 11:41 634 --a------ D:\WINDOWS\system32\MAPISVC.INF
2008-08-18 13:16 . 2008-08-18 13:16 107,888 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2008-08-17 23:19 . 2008-08-22 14:44 <DIR> d-------- D:\Programas\Ficheiros comuns\BioWare
2008-08-17 23:06 . 2008-08-17 23:06 357,768 --a------ D:\Documents and Settings\Mordep\SymXPep2.dll
2008-08-14 03:48 . 2008-04-11 20:05 691,712 --------- D:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 03:48 . 2008-05-01 15:35 331,776 --------- D:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 14:48 . 2008-08-13 14:48 <DIR> d-------- D:\Documents and Settings\Laura\Application Data\Thunderbird
2008-08-13 14:48 . 2008-08-13 14:48 <DIR> d-------- D:\Documents and Settings\Laura\Application Data\Talkback
2008-08-06 19:29 . 2008-08-06 19:29 <DIR> d-------- D:\Documents and Settings\Laura\Application Data\Symantec
2008-08-01 12:15 . 2008-08-01 12:15 <DIR> d-------- D:\Documents and Settings\Laura\Application Data\Windows Desktop Search
2008-08-01 03:22 . 2008-08-01 03:22 <DIR> d--h----- D:\WINDOWS\PIF
2008-08-01 03:21 . 2008-08-01 12:20 <DIR> d-------- D:\Programas\Windows Desktop Search
2008-08-01 03:21 . 2008-08-01 03:21 <DIR> d-------- D:\Documents and Settings\Mordep\Application Data\Windows Search
2008-08-01 03:20 . 2008-03-07 18:02 192,000 --------- D:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-01 03:20 . 2008-03-07 18:02 98,304 --------- D:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-01 03:20 . 2008-03-07 18:02 29,696 --------- D:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-01 03:16 . 2008-08-19 12:22 <DIR> d-------- D:\Programas\Microsoft Silverlight
2008-07-29 13:19 . 2008-07-29 13:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-29 12:32 . 2008-05-02 02:38 301,656 --a------ D:\WINDOWS\system32\BtCoreIf.dll
2008-07-29 12:31 . 2008-07-29 12:32 <DIR> d-------- D:\Programas\Ficheiros comuns\Logishrd
2008-07-29 12:31 . 2008-07-29 12:31 <DIR> d-------- D:\Documents and Settings\Mordep\Application Data\InstallShield
2008-07-29 03:03 . 2008-07-29 03:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-28 22:35 . 2008-06-10 02:32 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-07-28 22:34 . 2008-07-28 22:35 <DIR> d-------- D:\Programas\Java
2008-07-28 22:33 . 2008-07-28 22:33 <DIR> d-------- D:\Programas\Ficheiros comuns\Java
2008-07-28 19:46 . 2008-07-28 19:46 <DIR> d-------- D:\Programas\OpenAL
2008-07-28 19:46 . 2008-01-29 11:53 782,336 -ra------ D:\WINDOWS\system32\tmpE.tmp
2008-07-28 19:46 . 2008-01-29 11:53 782,336 -ra------ D:\WINDOWS\system32\tmpD.tmp
2008-07-28 19:46 . 2008-07-28 19:46 413,696 --a------ D:\WINDOWS\system32\wrap_oal.dll
2008-07-28 19:46 . 2008-07-28 19:46 110,592 --a------ D:\WINDOWS\system32\OpenAL32.dll
2008-07-24 23:03 . 2008-07-24 23:03 <DIR> d-------- D:\Documents and Settings\Laura\Application Data\vlc

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 02:17 --------- d-----w D:\Programas\cFosSpeed
2008-08-23 02:10 --------- d-----w D:\Programas\Ficheiros comuns\Symantec Shared
2008-08-23 02:09 --------- d-----w D:\Documents and Settings\Mordep\Application Data\stickies
2008-08-22 23:43 --------- d-----w D:\Programas\Mozilla Thunderbird
2008-08-22 20:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-08-22 14:08 --------- d-----w D:\Programas\Ficheiros comuns\Wise Installation Wizard
2008-08-22 12:45 --------- d-----w D:\Programas\Norton 360
2008-08-22 02:17 --------- d-----w D:\Documents and Settings\Mordep\Application Data\uTorrent
2008-08-21 19:31 --------- d--h--w D:\Programas\InstallShield Installation Information
2008-08-17 20:08 --------- d-----w D:\Programas\Ficheiros comuns\Nero
2008-08-17 01:18 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Skype
2008-08-17 00:50 --------- d-----w D:\Documents and Settings\Mordep\Application Data\skypePM
2008-08-14 11:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 22:32 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe
2008-08-11 22:32 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-11 22:32 22,328 ----a-w D:\Documents and Settings\Mordep\Application Data\PnkBstrK.sys
2008-08-11 22:32 103,736 ----a-w D:\WINDOWS\system32\PnkBstrB.exe
2008-08-02 23:54 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Media Player Classic
2008-07-30 19:13 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Notepad++
2008-07-30 19:10 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Sports Interactive
2008-07-30 16:42 23,888 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 16:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 16:28 10,537 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-30 12:43 --------- d-----w D:\Documents and Settings\Mordep\Application Data\VoipBuster
2008-07-29 11:32 --------- d-----w D:\Programas\Ficheiros comuns\Logitech
2008-07-25 08:34 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w D:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll
2008-07-18 21:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 -c--a-w D:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w D:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w D:\WINDOWS\system32\muweb.dll
2008-07-16 19:16 2,337,865 ----a-w D:\WINDOWS\system32\pbsvc.exe
2008-07-16 19:16 --------- d-----w D:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-16 02:01 --------- d-----w D:\Programas\MSXML 4.0
2008-07-15 16:13 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-15 15:41 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Symantec
2008-07-15 00:30 --------- d-----w D:\Documents and Settings\Laura\Application Data\Logitech
2008-07-14 23:49 --------- d-----w D:\Programas\Ficheiros comuns\Adobe
2008-07-14 23:41 --------- d-----w D:\Programas\Bonjour
2008-07-14 23:38 --------- d-----w D:\Programas\Ficheiros comuns\Macrovision Shared
2008-07-14 23:31 --------- d-----w D:\Programas\Smart Panel
2008-07-14 23:30 --------- d-----w D:\Programas\epson
2008-07-14 23:12 --------- d-----w D:\Programas\Microsoft Works
2008-07-14 23:11 --------- d-----w D:\Programas\Microsoft.NET
2008-07-14 22:46 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Nero
2008-07-14 22:44 --------- d-----w D:\Programas\NeroInstall.bak
2008-07-14 22:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2008-07-14 22:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\LightScribe
2008-07-14 22:23 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Thunderbird
2008-07-14 22:23 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Talkback
2008-07-14 22:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\Raxco
2008-07-14 22:11 --------- d-----w D:\Programas\Google
2008-07-14 22:01 72,748 ----a-w D:\WINDOWS\unins000.exe
2008-07-14 21:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus
2008-07-14 21:56 --------- d-----w D:\Programas\Windows Live
2008-07-14 21:55 --------- dcsh--w D:\Programas\Ficheiros comuns\WindowsLiveInstaller
2008-07-14 21:55 --------- d-----w D:\Programas\Ficheiros comuns\LightScribe
2008-07-14 21:55 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-14 21:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 21:43 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Lavasoft
2008-07-14 21:30 --------- d-----w D:\Documents and Settings\Mordep\Application Data\vlc
2008-07-14 21:24 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Wallpaper Master
2008-07-14 21:18 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Winamp
2008-07-14 21:16 127,034 ------r D:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-07-14 21:16 --------- d-----w D:\Documents and Settings\Mordep\Application Data\Logitech
2008-07-14 21:16 --------- d-----w D:\Documents and Settings\All Users\Application Data\Wallpaper Master
2008-07-14 21:15 0 ---ha-w D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-14 21:15 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-07-14 21:15 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-07-14 21:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\Logitech
2008-07-14 21:00 --------- d-----w D:\Programas\Skype
2008-07-14 21:00 --------- d-----w D:\Programas\Ficheiros comuns\Skype
2008-07-14 21:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-07-14 20:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\SystemExplorer
2008-07-14 20:37 --------- d-----w D:\Programas\WinPcap
2008-07-14 20:19 805 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-14 20:19 60,800 ----a-w D:\WINDOWS\system32\S32EVNT1.DLL
2008-07-14 20:19 123,952 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-14 20:19 10,671 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-14 20:19 --------- d-----w D:\Programas\Symantec
2008-07-14 19:40 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-07-14 19:40 --------- d-----w D:\Documents and Settings\Mordep\Application Data\DAEMON Tools
2008-07-14 19:27 --------- d-----w D:\Programas\ASUS
2008-07-14 19:25 --------- d-----w D:\Programas\Marvell
2008-07-14 19:25 --------- d-----w D:\Programas\Ficheiros comuns\InstallShield
2008-07-14 19:25 --------- d-----w D:\Documents and Settings\Mordep\Application Data\TMP
2008-07-14 19:19 --------- d-----w D:\Programas\Analog Devices
2008-07-14 19:12 --------- d-----w D:\Programas\Intel
2008-07-14 17:51 --------- d-----w D:\Programas\7-Zip
2008-07-14 17:50 --------- d-----w D:\Programas\Reference Assemblies
2008-07-14 17:50 --------- d-----w D:\Programas\MSXML 6.0
2008-07-14 17:50 --------- d-----w D:\Programas\MSBuild
2008-07-14 17:44 --------- d-----w D:\WINDOWS\system32\config\systemprofile\Application Data\Notepad2
.

------- Sigcheck -------

2008-05-10 13:21 1036800 f908bd968ab83183c48f2886adf63d0e D:\WINDOWS\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 21:39 15360]
"SystemExplorer"="e:\Programas\System Explorer\SystemExplorer.exe" [2008-03-06 21:01 1338880]
"WallpaperChanger"="e:\Programas\Wallpaper Master\Wallpaper.exe" [2005-12-01 23:05 531571]
"MsnMsgr"="D:\Programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"LightScribe Control Panel"="D:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe" [2008-06-09 10:16 2363392]
"DAEMON Tools Lite"="E:\Programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 16:02 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="D:\Programas\Analog Devices\Core\smax4pnp.exe" [2007-10-08 21:02 1036288]
"ccApp"="D:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Symantec PIF AlertEng"="D:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"cFosSpeed"="D:\Programas\cFosSpeed\cFosSpeed.exe" [2008-05-02 18:30 863448]
"NeroFilterCheck"="D:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"EPSON Stylus CX3600 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 04:00 98304]
"SunJavaUpdateSched"="D:\Programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

D:\Documents and Settings\Mordep\Menu Iniciar\Programas\Arranque\
Atalho para stickies.exe.lnk - E:\Programas\Stickies\stickies.exe [2008-01-16 22:39:45 757760]

D:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
Logitech Desktop Messenger.lnk - E:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-14 22:16:41 67128]
Logitech SetPoint.lnk - E:\Programas\Logitech\SetPoint\SetPoint.exe [2008-07-29 12:32:15 805392]
NETimetro.lnk - E:\Programas\NARS\NETimetro\netimetro.exe [2008-05-14 16:30:16 391680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 d:\Programas\Ficheiros comuns\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=addfau.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 16:06 1840424 D:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"E:\\Programas\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"E:\\Programas\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"D:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Programas\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Jogos\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"D:\\Programas\\Bonjour\\mDNSResponder.exe"=
"D:\\WINDOWS\\system32\\PnkBstrA.exe"=
"D:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Joguhos\\Call.of.Duty.4.Modern.Warfare.Full.Rip-Skullptura.[JACKPOT]\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Programas\\Skype\\Phone\\Skype.exe"=
"E:\\Jogos\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=

R2 PD91Agent;PD91Agent;E:\Programas\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 09:52]
S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-11-06 21:22]
S3 PD91Engine;PD91Engine;E:\Programas\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 09:52]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"D:\Programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"
.
- - - - ORFAOS REMOVIDOS - - - -

BHO-{2C34C431-B9E7-4474-89E5-B82CD7ABAE47} - D:\WINDOWS\system32\urqQiIBS.dll
HKLM-Run-f007915f - D:\WINDOWS\system32\qopxlxia.dll


.
------- Ccan Suplementar -------
.
FireFox -: Profile - D:\Documents and Settings\Mordep\Application Data\Mozilla\Firefox\Profiles\32yxqday.mordep\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pt/ig?hl=pt-PT
FF -: plugin - D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - e:\Programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - e:\Programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - e:\Programas\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 03:16:54
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ*veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
------------------------ Outros Processos em Execu‡Æo ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
E:\Programas\Lavasoft\Ad-Aware\aawservice.exe
D:\Programas\Bonjour\mDNSResponder.exe
D:\Programas\cFosSpeed\spd.exe
D:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-08-23 3:18:41 - Maquina reiniciou
ComboFix-quarantined-files.txt 2008-08-23 02:18:35

Pre-Run: 26,803,355,648 bytes livres
Post-Run: 26,722,258,944 bytes livres

291 --- E O F --- 2008-08-19 11:23:00

i did a scan with SpyBot today and it shows that i didn't have any threat now but i want to know if that is true. The only things i've done is scanning with the combofix.
Thanks!!

--------------------------------------------------------------------

Do NOT run 'FIXES' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806)

File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)
Particularly post #4, http://forums.spybot.info/showpost.php?p=218503&postcount=4

Also, adding posts to your topic has removed a zero response, which is what helpers look for. ;)

Ok I didn't know that, the add post's thing.
Can I be sure that doesn't have any problem now?
Thanks for the help!

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

If you still want someone to look at this, read the directions first and then do this.

Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Thanks

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.