Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Virus infection

  1. #1
    Junior Member
    Join Date
    Oct 2008
    Posts
    7

    Default Virus infection

    Hi,
    My computer have been recently infected with a virus(?) hldrrr.exe , i digged up the web for info on how to remove it and the solutions posted in forums are mostly confuse for me as im not an expert in operating systems, so i tought id come to professional help, my anti virus been disabled and wont install at all, i also runned an online scan and it found virus sources in the computer but wasnt able to clean them, im slightly desperated and seek for professional help

    thanks in advance

  2. #2
    Junior Member
    Join Date
    Oct 2008
    Posts
    7

    Default

    Quote Originally Posted by .Fallen. View Post
    Hi,
    My computer have been recently infected with a virus(?) hldrrr.exe , i digged up the web for info on how to remove it and the solutions posted in forums are mostly confuse for me as im not an expert in operating systems, so i tought id come to professional help, my anti virus been disabled and wont install at all, i also runned an online scan and it found virus sources in the computer but wasnt able to clean them, im slightly desperated and seek for professional help

    thanks in advance

    Also to add to this and i read the forum posts about first time posts, i tryed to instal spybot and the virus blocks it like it does witht the anti-virus , i cant also start in safe-mode and the same goes to Hijack this all says " .. aint a win32 valid aplication.." =(

  3. #3
    Junior Member
    Join Date
    Oct 2008
    Posts
    7

    Default More Info

    More info that may help , wille i was reading other users problems similar to mine, i found out i can get the log with Autoruns (?) i dl it and managed to get the log :


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    + Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\programas\adobe\reader 8.0\reader\reader_sl.exe
    + AppleSyncNotifier AppleSyncNotifier (Verified) Apple Inc. c:\programas\ficheiros comuns\apple\mobile device support\bin\applesyncnotifier.exe
    + Cleanup File not found: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup
    + Corel Photo Downloader File not found: C:\Programas\Ficheiros comuns\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
    + CTStartup Startup Splash (Not verified) Creative Technology Ltd. c:\programas\creative\splash screen\cteaxspl.exe
    + DownloadAccelerator Download Accelerator Plus (DAP) (Verified) Speed-Bit LTD c:\programas\dap\dap.exe
    + iTunesHelper iTunesHelper Module (Verified) Apple Inc. c:\programas\itunes\ituneshelper.exe
    + Jet Detection Creative JetDetect c:\programas\creative\sblive\program\adgjdet.exe
    + NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe
    + nwiz NVIDIA nView Wizard, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe
    + PWRISOVM.EXE PowerISO Virtual Drive Manager (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisovm.exe
    + QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\programas\quicktime\qttask.exe
    + SpySweeper Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\spysweeperui.exe
    + UpdReg Creative UpdReg (Not verified) Creative Technology Ltd. c:\windows\updreg.exe
    + WINDVDPatch CtHelper Application (Not verified) Creative Technology Ltd c:\windows\system32\cthelper.exe
    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
    + Metacafe.lnk (Verified) Metacafe c:\programas\metacafe\metacafeagent.exe
    C:\Documents and Settings\danger\Menu Iniciar\Programas\Arranque
    + Metacafe.lnk (Verified) Metacafe c:\programas\metacafe\metacafeagent.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    + DAEMON Tools Virtual DAEMON Manager (Verified) DAEMON Tools Code Signing Services c:\programas\daemon tools\daemon.exe
    + Veoh Veoh Client (Verified) Veoh Networks c:\programas\veoh networks\veoh\veohclient.exe
    HKLM\SOFTWARE\Classes\Protocols\Handler
    + linkscanner File not found: C:\Programas\AVG\AVG8\avgpp.dll
    + skype4com Skype for COM API (Verified) Skype Technologies SA c:\programas\ficheiros comuns\skype\skype4com.dll
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
    + 0 File not found: About:Home
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
    + DAP_ShredMenu DAPCtxMenuShell Module (Verified) Speed-Bit LTD c:\programas\dap\privacy package\dapctxmenushell.dll
    + PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisosh.dll
    + WinRAR c:\programas\winrar\rarext.dll
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
    + SpySweeper Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\ssctxmnu.dll
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
    + DAP_ShredMenu DAPCtxMenuShell Module (Verified) Speed-Bit LTD c:\programas\dap\privacy package\dapctxmenushell.dll
    + PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisosh.dll
    + WinRAR c:\programas\winrar\rarext.dll
    HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
    + WinRAR c:\programas\winrar\rarext.dll
    HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
    + PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\programas\ficheiros comuns\adobe\acrobat\activex\pdfshell.dll
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
    + PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisosh.dll
    + SpySweeper Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\ssctxmnu.dll
    + WinRAR c:\programas\winrar\rarext.dll
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
    + 00nView NVIDIA Desktop Explorer, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    + Apresentar extensão de panorâmica CPL File not found: deskpan.dll
    + Desktop Explorer NVIDIA Desktop Explorer, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Desktop Explorer Menu NVIDIA Desktop Explorer, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
    + iTunes iTunes Mini Player DLL (Verified) Apple Inc. c:\programas\itunes\itunesminiplayer.dll
    + nView Desktop Context Menu NVIDIA Desktop Explorer, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
    + PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisosh.dll
    + Webroot Spy Sweeper Context Menu Integration Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\ssctxmnu.dll
    + WinRAR shell extension c:\programas\winrar\rarext.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    + Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\programas\ficheiros comuns\adobe\acrobat\activex\acroiehelper.dll
    + AVG Safe Search File not found: C:\Programas\AVG\AVG8\avgssie.dll
    + AVG Security Toolbar File not found: C:\Programas\AVG\AVG8\avgtoolbar.dll
    + Skype add-on (mastermind) Skype add-on for IE (Not verified) Skype Technologies S.A. c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
    + SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\programas\java\jre1.6.0_03\bin\ssv.dll
    + Winamp Toolbar BHO Winamp IE Toolbar Dynamic Link Library (Verified) AOL LLC c:\programas\winamp toolbar\winamptb.dll
    HKLM\Software\Microsoft\Internet Explorer\Toolbar
    + Winamp Toolbar Winamp IE Toolbar Dynamic Link Library (Verified) AOL LLC c:\programas\winamp toolbar\winamptb.dll
    HKLM\Software\Microsoft\Internet Explorer\Extensions
    + ICQ6 ICQ Library (Verified) ICQ c:\programas\icq6\icq.exe
    + Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe
    Task Scheduler
    + AppleSoftwareUpdate.job Apple Software Update (Verified) Apple Inc. c:\programas\apple software update\softwareupdate.exe
    + wrSpySweeperFullSweep.job Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\spysweeperui.exe
    HKLM\System\CurrentControlSet\Services
    + Akamai Provides networking protocol and file transfer technologies. If the service is stopped, those applications that depend on the service may fail to transfer files or otherwise function properly. c:\programas\ficheiros comuns\akamai\rswin_3409.dll
    + Apple Mobile Device Fornece a interface para dispositivos móveis da Apple. (Verified) Apple Inc. c:\programas\ficheiros comuns\apple\mobile device support\bin\applemobiledeviceservice.exe
    + Bonjour Service Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration. (Not verified) Apple Inc. c:\programas\bonjour\mdnsresponder.exe
    + Creative Service for CDROM Access Creative Service for CDROM Access (Not verified) Creative Technology Ltd c:\windows\system32\ctsvccda.exe
    + PnkBstrA PunkBuster Service Component [v1029] http://www.evenbalance.com (Verified) Even Balance, Inc. c:\windows\system32\pnkbstra.exe
    + ProtexisLicensing Protexis Licensing Service (Verified) Corel Corporation c:\windows\system32\psiservice.exe
    + WebrootSpySweeperService Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function. (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\spysweeper.exe
    + WMDM PMSP Service WMDM PMSP Service (Not verified) Microsoft Corporation c:\windows\system32\mspmspsv.exe
    HKLM\System\CurrentControlSet\Services
    + a7kxd5sx File not found: C:\WINDOWS\System32\Drivers\a7kxd5sx.sys
    + a7kxd5sx File not found: C:\WINDOWS\System32\Drivers\a7kxd5sx.sys
    + ASPI32 ASPI for WIN32 Kernel Driver (Not verified) Adaptec c:\windows\system32\drivers\aspi32.sys
    + Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
    + EagleNT File not found: C:\WINDOWS\system32\drivers\EagleNT.sys
    + GEARAspiWDM CD DVD Filter (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
    + i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
    + lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
    + PciCon File not found: E:\PciCon.sys
    + PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
    + PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
    + PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
    + PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
    + PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
    + PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
    + SCDEmu PowerISO Virtual Drive (Not verified) PowerISO Computing, Inc. c:\windows\system32\drivers\scdemu.sys
    + sptd c:\windows\system32\drivers\sptd.sys
    + ssfs0bbc Spy Sweeper File System Filter Driver (Verified) Webroot Software, Inc. c:\windows\system32\drivers\ssfs0bbc.sys
    + sshrmd Spy Sweeper Hookrack MiniDriver (Verified) Webroot Software, Inc. c:\windows\system32\drivers\sshrmd.sys
    + ssidrv Spy Sweeper Interdiction Driver (Verified) Webroot Software, Inc. c:\windows\system32\drivers\ssidrv.sys
    + WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
    + XDva076 File not found: C:\WINDOWS\system32\XDva076.sys
    HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
    + mdnsNSP Bonjour Namespace Provider (Not verified) Apple Inc. c:\programas\bonjour\mdnsnsp.dll


    ----
    Also reading other peoples and Admins posts i found out that this Virus type is highly dangerouse for people who make online banker transactions (?)
    I do conduct money transactions from this computer and store bank info in it as there is at the moment still. If i may ask for advise on this situation ill happily take them.
    thank you once again

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    You most likely have Bagle infection there. If you've used system with removable flash drive then don't plug those flash drives into other system or the infection will spread to that other system too. Let's see if you can create logs with RSIT.

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit\info.txt file)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Oct 2008
    Posts
    7

    Default

    hi and thanks for the reply here is the both
    Info :

    info.txt logfile of random's system information tool 1.04 2008-10-10 14:30:51

    ======Uninstall list======

    -->C:\Programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Programas\Creative\SBLive\Program\Ctzapxx.EXE /X /U /S /L:BRZ
    -->C:\Programas\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNNMP.exe /UNINSTALL
    -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x416
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x416 /remove
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x416
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x416 /remove
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x416
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x416 /remove
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x416
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x416 /remove
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x416
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x416 /remove
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x416
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x416 /remove
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x416
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x416 /remove
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x416
    -->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x416 /remove
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Actualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Actualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Actualização de segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Actualização de segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Actualização de segurança para Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Actualização de segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Actualização de segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Actualização de segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Actualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Age Of Pirates - Caribbean Tales 1.41-->"d:\Programas joao\Playlogic\Age of Pirates - Caribbean Tales\unins000.exe"
    AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    America's Army-->MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
    Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
    Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
    Arquivo do WinRAR-->C:\Programas\WinRAR\uninstall.exe
    Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Audacity 1.2.6-->"C:\Programas\Audacity\unins000.exe"
    AV Music Morpher Gold-->C:\Programas\AV Music Morpher Gold\uninstall.exe
    Avimator (remove only)-->C:\Programas\Avimator\Uninstall.exe
    AVS Audio Tools version 4.4-->"C:\Programas\AVSMedia\AudioTools\unins000.exe"
    AVS DVD Player version 2.4-->"C:\Programas\AVSMedia\DVDPlayer\unins000.exe"
    Blaze Audio Voice Cloak Plus Trial-->"C:\Programas\Blaze Audio\Voice Cloak Plus Trial\unins000.exe"
    Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
    Correcção para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    DDClip Pro 3.51-->"C:\Programas\DDClip Pro\unins000.exe"
    Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
    DivX Codec-->C:\Programas\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Programas\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Programas\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Programas\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
    EA SPORTS online 2008-->C:\Programas\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
    eMule-->"d:\Programas de joao\eMule4\Uninstall.exe"
    ER-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{C154CE55-1AEC-4917-B888-DFD22186E737}\setup.exe" -l0x9 -removeonly
    FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
    Football Manager 2008-->"D:\programas joao\fm2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
    Free MP3 WMA WAV Converter v2.0-->"C:\Programas\Free MP3 WMA WAV Converter\unins000.exe"
    GameShadow-->MsiExec.exe /I{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}
    GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
    GodFather 3.0-->"d:\GodFather\setup\uninst.exe"
    Hero_Online-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{41D5A562-2FE2-4CF2-AB03-62803FD7049F}\setup.exe"
    HijackThis 2.0.2-->"C:\Programas\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    ICQ6-->"C:\Programas\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Imagine Fashion Designer-->"C:\Programas\InstallShield Installation Information\{DAE76241-A047-407E-9237-26120C7BA6CE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
    Install(US)2-->C:\Programas\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
    iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Messenger Plus! Live-->"C:\Programas\Messenger Plus! Live\Uninstall.exe"
    Metacafe-->C:\Programas\Metacafe\uninstaller.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MindTwisteR Skript v4.5-->C:\WINDOWS\iun6002.exe "C:\mindtwister45\irunin.ini"
    mIRC-->"C:\Invincible\Invincible\mIRC.exe" -uninstall
    mkw Audio Compression Toolkit-->C:\WINDOWS\IsUninst.exe -fd:\compresser\Uninst.isu
    Monkey's Audio-->"C:\Programas\Monkey's Audio\unins000.exe"
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    Nero Suite-->C:\Programas\Ficheiros comuns\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    Netscape (7.2)-->C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    Poker Trillion-->C:\Programas\Poker Trillion\uninst.exe
    PowerISO-->"C:\Programas\PowerISO\uninstall.exe"
    PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
    QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
    RCA Digital Cable Modem-->URCACM.EXE
    SecondLife (remove only)-->"C:\Programas\SecondLife\uninst.exe" /P="SecondLife"
    SHOUTcast DNAS (remove only)-->"C:\Programas\SHOUTcast\uninst-dnas.exe"
    SHOUTcast Source DSP 1.9.0 (remove only)-->C:\Programas\Winamp\uninst-dsp.exe
    Sierra Utilities-->C:\Programas\Sierra On-Line\sutil32.exe uninstall
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Solid State ION Internet Explorer Plugin-->C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe /Uninstall activex
    Sound Blaster Live!-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x416
    Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
    Super Jigsaw Kinkade Holiday-->C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-KIN~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\KinkadeHoliday-INSTALL.LOG
    TeamSpeak 2 RC2-->C:\Programas\Teamspeak2_RC2\unins000.exe
    The Realm 3.0-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Realm3\Uninst.isu
    TWL AA Cheat Deterrent Client-->MsiExec.exe /I{A9BD391C-A3D7-47EC-847C-A22935AB0193}
    VeohTV BETA-->C:\Programas\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
    VIA Platform Device Manager-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    Virtual DJ - Atomix Productions-->D:\PROGRA~4\VIRTUA~1\UNWISE.EXE D:\PROGRA~4\VIRTUA~1\INSTALL.LOG
    Webroot AntiVirus with AntiSpyware-->"C:\Programas\Webroot\Spy Sweeper\unins000.exe"
    Winamp Toolbar for Internet Explorer-->"C:\Programas\Winamp Toolbar\uninstall.exe"
    Winamp-->"C:\Programas\Winamp\UninstWA.exe"
    Windows Live installer-->MsiExec.exe /X{0C69F74B-DA6A-4C56-8017-988B7D63993A}
    Windows Live Messenger-->MsiExec.exe /X{B98023FD-EC2A-404B-BFC3-49E7ECE4490E}
    Windows Media Format 11 runtime-->"C:\Programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Programas\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Creativity Fun Packs - Windows Movie Maker 2-->MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinXMedia AVI/WMV 3GP Converter 3.15-->C:\Programas\WinXMedia\WinXMedia AVI 3GP Converter\uninst.exe

    ======Security center information======

    AV: AVG Anti-Virus (outdated)
    AV: Webroot AntiVirus with AntiSpyware (disabled) (outdated)

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programas\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
    "QTJAVA"=C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip

    -----------------EOF-----------------

  6. #6
    Junior Member
    Join Date
    Oct 2008
    Posts
    7

    Default

    and the Log :

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by danger at 2008-10-10 14:30:44
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 7 GB (19%) free of 35 GB
    Total RAM: 2047 MB (72% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:30:15, on 10-10-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programas\PowerISO\PWRISOVM.EXE
    C:\Programas\DAP\DAP.EXE
    C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\DAEMON Tools\daemon.exe
    C:\Programas\Metacafe\MetacafeAgent.exe
    C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programas\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Programas\Windows Live\Messenger\usnsvc.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Webroot\Spy Sweeper\SSU.EXE
    D:\RSIT.exe
    C:\Programas\trend micro\danger.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programas\Winamp Toolbar\winamptb.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll (file missing)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programas\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] "C:\WINDOWS\system32\CTHELPER.EXE"
    O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
    O4 - HKLM\..\Run: [Jet Detection] "C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] "C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE" /run
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programas\Ficheiros comuns\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
    O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Programas\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programas\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
    O4 - HKLM\..\Run: [Cleanup] c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Veoh] "C:\Programas\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Metacafe.lnk = C:\Programas\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Metacafe.lnk = C:\Programas\Metacafe\MetacafeAgent.exe
    O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powerchallenge.com/applet/PowerLoader.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198790402609
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 10082 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\wrSpySweeperFullSweep.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    Winamp Toolbar BHO - C:\Programas\Winamp Toolbar\winamptb.dll [2007-12-13 1185120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Programas\AVG\AVG8\avgssie.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programa Auxiliar de Início de Sessão do Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\Programas\AVG\AVG8\avgtoolbar.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programas\Winamp Toolbar\winamptb.dll [2007-12-13 1185120]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\Programas\AVG\AVG8\avgtoolbar.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
    "nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
    "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
    "Jet Detection"=C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
    "CTStartup"=C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE [2001-12-20 28672]
    "Corel Photo Downloader"=C:\Programas\Ficheiros comuns\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe -startup []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
    "Adobe Reader Speed Launcher"=C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "PWRISOVM.EXE"=C:\Programas\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
    "DownloadAccelerator"=C:\Programas\DAP\DAP.EXE [2008-05-27 3053056]
    "AppleSyncNotifier"=C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
    "QuickTime Task"=C:\Programas\QuickTime\qttask.exe [2008-05-27 413696]
    "iTunesHelper"=C:\Programas\iTunes\iTunesHelper.exe [2008-07-10 289064]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep.exe [2008-04-14 10752]
    "Cleanup"=c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup []
    "SpySweeper"=C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "DAEMON Tools"=C:\Programas\DAEMON Tools\daemon.exe [2007-04-03 165784]
    "Veoh"=C:\Programas\Veoh Networks\Veoh\VeohClient.exe [2008-08-13 3660848]
    ""= []

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
    Metacafe.lnk - C:\Programas\Metacafe\MetacafeAgent.exe

    C:\Documents and Settings\danger\Menu Iniciar\Programas\Arranque
    Metacafe.lnk - C:\Programas\Metacafe\MetacafeAgent.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableLUA"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=95

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    ""=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\programas joao\eMule\emule.exe"="D:\programas joao\eMule\emule.exe:*:Enabled:eMule"
    "C:\Programas\Messenger\msmsgs.exe"="C:\Programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "D:\programas joao\fm2008\fm.exe"="D:\programas joao\fm2008\fm.exe:*:Enabled:Football Manager 2008"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Programas\DNA\btdna.exe"="C:\Programas\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Programas\BitTorrent\bittorrent.exe"="C:\Programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Programas\SHOUTcast\sc_serv.exe"="C:\Programas\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv"
    "D:\programas joao\eMule2\emule.exe"="D:\programas joao\eMule2\emule.exe:*:Enabled:eMule"
    "C:\Documents and Settings\danger\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\danger\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
    "C:\Programas\America's Army\System\ArmyOps.exe"="C:\Programas\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
    "C:\Programas\SecondLife\SLVoice.exe"="C:\Programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
    "C:\Programas\uTorrent\uTorrent.exe"="C:\Programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Programas\Ficheiros comuns\McAfee\MNA\McNASvc.exe"="C:\Programas\Ficheiros comuns\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\Programas\Bonjour\mDNSResponder.exe"="C:\Programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Programas\iTunes\iTunes.exe"="C:\Programas\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Programas\ICQ6\ICQ.exe"="C:\Programas\ICQ6\ICQ.exe:*:Enabled:ICQ6"
    "C:\Programas\Skype\Phone\Skype.exe"="C:\Programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a763f680-d321-11dc-8a64-00138ff8e34d}]
    shell\AutoRun\command - G:\PortableVault.exe


    ======List of files/folders created in the last 1 months======

    2008-10-10 14:30:04 ----D---- C:\rsit
    2008-10-09 19:05:53 ----A---- C:\WINDOWS\system32\ban_list.txt
    2008-10-09 12:43:24 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
    2008-10-09 12:24:57 ----D---- C:\Documents and Settings\danger\Application Data\AVGTOOLBAR
    2008-10-09 12:24:41 ----D---- C:\Programas\AVG
    2008-10-09 12:24:40 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-10-09 03:04:44 ----D---- C:\Documents and Settings\danger\Application Data\InstallShield
    2008-10-08 22:09:07 ----A---- C:\WINDOWS\system32\MFC71.dll
    2008-10-08 22:09:02 ----D---- C:\Programas\Alwil Software
    2008-10-08 21:20:41 ----HD---- C:\Documents and Settings\danger\Application Data\m
    2008-10-08 03:44:41 ----D---- C:\Documents and Settings\danger\Application Data\Skype
    2008-10-06 00:26:23 ----D---- C:\Programas\Skype
    2008-10-06 00:26:23 ----D---- C:\Programas\Ficheiros comuns\Skype
    2008-10-06 00:26:13 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2008-10-06 00:15:35 ----D---- C:\Documents and Settings\danger\Application Data\ICQ
    2008-10-06 00:15:02 ----D---- C:\Programas\ICQ6
    2008-10-01 16:07:23 ----D---- C:\Programas\Trend Micro
    2008-10-01 16:05:30 ----D---- C:\Programas\Spybot - Search & Destroy
    2008-10-01 14:10:53 ----D---- C:\WINDOWS\BDOSCAN8
    2008-10-01 14:10:48 ----D---- C:\WINDOWS\LastGood.Tmp
    2008-10-01 13:16:38 ----D---- C:\WINDOWS\pss
    2008-10-01 13:07:06 ----D---- C:\Programas\Webroot
    2008-10-01 13:07:06 ----D---- C:\Documents and Settings\danger\Application Data\Webroot
    2008-10-01 13:07:06 ----A---- C:\WINDOWS\WRSetup.dll
    2008-09-26 12:06:35 ----D---- C:\Documents and Settings\danger\Application Data\Dreamlords
    2008-09-25 03:04:30 ----D---- C:\AeriaGames
    2008-09-23 00:22:42 ----D---- C:\Programas\Poker Trillion

    ======List of files/folders modified in the last 1 months======

    2008-10-10 14:29:38 ----D---- C:\WINDOWS\Prefetch
    2008-10-10 14:12:53 ----D---- C:\Documents and Settings\danger\Application Data\Metacafe
    2008-10-10 14:12:53 ----D---- C:\Documents and Settings\All Users\Application Data\Metacafe
    2008-10-10 14:09:32 ----D---- C:\WINDOWS\system32
    2008-10-10 14:07:16 ----A---- C:\WINDOWS\NeroDigital.ini
    2008-10-10 13:55:53 ----D---- C:\Programas\Ficheiros comuns\Akamai
    2008-10-10 13:55:47 ----D---- C:\WINDOWS\Temp
    2008-10-09 19:03:36 ----HD---- C:\WINDOWS\system32\drivers
    2008-10-09 12:39:42 ----SD---- C:\Documents and Settings\danger\Application Data\Microsoft
    2008-10-09 12:36:46 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
    2008-10-09 12:36:30 ----D---- C:\Programas\McAfee.com
    2008-10-09 12:36:27 ----D---- C:\Programas\Ficheiros comuns
    2008-10-06 00:16:42 ----HD---- C:\Programas\InstallShield Installation Information
    2008-10-03 01:26:44 ----D---- C:\WINDOWS\Minidump
    2008-10-01 23:12:55 ----D---- C:\Programas\ReflexiveArcade
    2008-10-01 22:38:59 ----D---- C:\WINDOWS\system32\config
    2008-10-01 16:56:10 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-10-01 16:55:24 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-01 16:55:15 ----A---- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80651102}.BAK
    2008-10-01 16:54:49 ----HD---- C:\WINDOWS\inf
    2008-10-01 16:26:08 ----D---- C:\WINDOWS
    2008-10-01 16:25:37 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-01 16:07:23 ----RD---- C:\Programas
    2008-10-01 14:30:36 ----D---- C:\mindtwister45
    2008-10-01 14:11:00 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-10-01 13:07:26 ----SD---- C:\WINDOWS\Tasks
    2008-10-01 13:07:21 ----SHD---- C:\WINDOWS\Installer
    2008-09-27 00:57:59 ----D---- C:\Programas\Messenger Plus! Live
    2008-09-25 07:12:43 ----D---- C:\WINDOWS\network diagnostic
    2008-09-25 03:08:33 ----D---- C:\WINDOWS\system32\DirectX
    2008-09-23 22:16:01 ----D---- C:\WINDOWS\Downloaded Installations

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
    R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
    R2 irda;Protocolo IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
    R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
    R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
    R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
    R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
    R3 FETNDIS;Controlador de placa Fast Ethernet VIA PCI 10/100Mb para NT; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
    R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
    R3 irsir;Controlador de infravermelhos série da Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
    R3 ms_mpu401;Microsoft - controlador MPU-401 MIDI UART; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
    R3 Rasirda;Miniport WAN (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 a7kxd5sx;a7kxd5sx; C:\WINDOWS\system32\drivers\a7kxd5sx.sys []
    S3 a7kxd5sx;a7kxd5sx; C:\WINDOWS\system32\drivers\a7kxd5sx.sys []
    S3 ctljystk;Creative SB Live! - porta de jogos; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
    S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
    S3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 PciCon;PciCon; \??\E:\PciCon.sys []
    S3 USB_RNDIS;RCA Digital Cable Modem; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Akamai;Akamai; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
    R2 Bonjour Service;Bonjour Service; C:\Programas\Bonjour\mDNSResponder.exe [2007-07-24 229376]
    R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
    R2 Irmon;Monitor de infravermelhos; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-29 66872]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
    R3 usnjsvc;Pastas Partilhadas do Messenger - USN Journal Reader Service; C:\Programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 iPod Service;Serviço iPod; C:\Programas\iPod\bin\iPodService.exe [2008-07-10 532264]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2007-01-05 915968]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    One or more of the identified infections is a backdoor trojan.

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    When Should I Format, How Should I Reinstall

    However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
    Should you have any questions, please feel free to ask.

    Please let us know what you have decided to do in your next post.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    Oct 2008
    Posts
    7

    Default

    *sighs* Tought so =(
    If i format it will be all clean and fine wihtout any risks anymore or will still be there traces of my comp over the web?
    I do have the OS cd's and stuff to format and reiinstal if you advise me that its the best way ill do so rather than try and clean up..

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    If i format it will be all clean and fine wihtout any risks anymore or will still be there traces of my comp over the web?
    Hi

    Complete reformat will wipe the system totally clean. Remember though that you're still advised to change your passwords using clean system since some of that information may have already ended up to outsiders.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Junior Member
    Join Date
    Oct 2008
    Posts
    7

    Default

    Thank you for the advise and information and also for the fairly fast response time, i will take your advice and reformat as well as change the passwords.
    I will surely be more carefull in future.


    Thank you once again and wish of good weekend
    Fallen

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •