madinjection.rtk

**rokut** · 2009-02-16, 15:21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:57, on 16/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\WINDOWS\system32\clipsrv.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Spyware Doctor\pctsTray.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Eraser\Eraser.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\locator.exe
C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Eraser] C:\Arquivos de programas\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rokut\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Arquivos de programas\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c8e2ea1ccceec4) (gupdate1c8e2ea1ccceec4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--
End of file - 12755 bytes

**Blade81** · 2009-02-19, 16:45

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

**rokut** · 2009-02-21, 05:57

DDS (Ver_09-02-01.01) - NTFSx86
Run by Rokut at 1:42:53,04 on s*b 21/02/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10

============== Pseudo HJT Report ===============

uWindow Title = ROKUT
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\arquivos de programas\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre6\bin\ssv.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\arquivos de programas\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\arquivos de programas\ccleaner\CCleaner.exe" /AUTO
uRun: [Eraser] c:\arquivos de programas\eraser\Eraser.exe -hide
uRun: [Google Update] "c:\documents and settings\rokut\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe
mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [fssui] "c:\arquivos de programas\windows live\family safety\fsui.exe" -autorun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barra de Ferramentas do RF
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000
IE: Personalizar Menu
IE: Preencher
IE: Salvar Formulários
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\arquiv~1\google\google~4\GoogleDesktopNetwork3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rokut\dadosd~1\mozilla\firefox\profiles\36hcfqxh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\documents and settings\rokut\dados de aplicativos\mozilla\firefox\profiles\36hcfqxh.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\arquivos de programas\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\arquivos de programas\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa2.dll
FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NP_PR1.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NP_PR2.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NP_PR3.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NP_PR4.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NP_PR5.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NP_PR6.dll
FF - plugin: c:\arquivos de programas\opera\program\plugins\npjava11.dll
FF - plugin: c:\arquivos de programas\opera\program\plugins\npjava32.dll
FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\documents and settings\rokut\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\documents and settings\rokut\dados de aplicativos\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-02-21 00:39 <DIR> --d----- C:\~ERAFSWD.TMP
2009-02-20 17:35 1,922 a------- c:\windows\system32\tmp.reg
2009-02-18 20:08 6,200 ac------ c:\windows\system32\INT13EXT.VXD
2009-02-18 20:07 4,004,352 ac------ c:\arquivos de programas\Filerecovery.exe
2009-02-18 20:07 130,556 a------- c:\arquivos de programas\PCIFR4_7000.dat
2009-02-18 20:07 130,556 a------- c:\arquivos de programas\PCIFR4_5000.dat
2009-02-18 20:07 130,556 a------- c:\arquivos de programas\PCIFR4_3000.dat
2009-02-18 20:07 130,556 a------- c:\arquivos de programas\PCIFR4_1000.dat
2009-02-18 20:07 130,556 a------- c:\arquivos de programas\PCIFR4_13000.dat
2009-02-17 17:44 <DIR> --d----- c:\arquivos de programas\Marcos Velasco Security
2009-02-16 10:03 <DIR> --d----- c:\arquivos de programas\Trend Micro
2009-02-12 15:30 139,264 ac------ c:\windows\NeoUninstall.exe
2009-02-12 15:30 26 ac------ c:\windows\neosetup.INI
2009-02-11 21:10 <DIR> --d-h--- c:\docume~1\alluse~1\dadosd~1\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-02-11 21:10 <DIR> --d----- c:\arquivos de programas\Eraser
2009-02-11 19:49 <DIR> --d----- c:\windows\SQLTools9_KB960089_ENU
2009-02-11 19:48 <DIR> --d----- c:\windows\SQL9_KB960089_ENU
2009-02-09 12:39 55,136 ac------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-06 19:14 308,088 ac------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 ac------ c:\windows\system32\sirenacm.dll
2009-02-03 21:04 <DIR> --d----- c:\documents and settings\rokut\Tracing
2009-02-03 20:51 <DIR> --d----- c:\arquivos de programas\Microsoft Office Outlook Connector
2009-02-03 20:48 3,426,072 ac------ c:\windows\system32\d3dx9_32.dll
2009-02-03 20:48 <DIR> --d----- c:\arquivos de programas\Microsoft SQL Server Compact Edition
2009-02-03 20:44 <DIR> --d----- c:\arquivos de programas\Microsoft
2009-02-03 20:21 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Windows Live

==================== Find3M ====================

2009-02-10 09:43 517,952 ac------ c:\windows\system32\perfh016.dat
2009-02-10 09:43 96,502 ac------ c:\windows\system32\perfc016.dat
2009-01-13 19:47 154,868 ac------ c:\windows\hpwins16.dat
2009-01-09 20:54 97,996 ac--h--- c:\windows\system32\mlfcache.dat
2009-01-05 19:33 3,751,995 ac------ c:\windows\system32\GPhotos.scr
2008-12-08 10:00 23,040 ac------ c:\windows\system32\emptyregdb.dat
2008-11-02 01:35 528 ac------ c:\docume~1\rokut\dadosd~1\momento_log.dat
2008-02-24 13:18 32 ac------ c:\docume~1\alluse~1\dadosd~1\ezsid.dat
2005-03-10 11:06 1,394,366 a------- c:\arquivos de programas\help.chm
2005-03-10 08:50 159,406 a------- c:\arquivos de programas\Filerecovery.ico
2008-08-01 20:49 32,768 ac-sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008080120080802\index.dat

============= FINISH: 1:46:41,00 ===============

**rokut** · 2009-02-21, 06:00

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2008 11:07:01
System Uptime: 20/2/2009 23:15:43 (2 hours ago)

Motherboard: Standard | | L41II8 anf L41II9
Processor: Intel(R) Celeron(R) M CPU 430 @ 1.73GHz | U2E1 | 1733/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 10,906 GiB free.
D: is FIXED (NTFS) - 27 GiB total, 11,315 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Controlador de vídeo (Compatível com VGA)
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_99131584&REV_03\3&B1BFB68&0&10
Manufacturer:
Name: Controlador de vídeo (Compatível com VGA)
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_99131584&REV_03\3&B1BFB68&0&10
Service:

Class GUID: {00000000-0000-0000-0000-000000000000}
Description: Controlador de vídeo
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_99131584&REV_03\3&B1BFB68&0&11
Manufacturer:
Name: Controlador de vídeo
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_99131584&REV_03\3&B1BFB68&0&11
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Adaptador de rede 1394
Device ID: V1394\NIC1394\4108148430D49
Manufacturer: Microsoft
Name: Adaptador de rede 1394
PNP Device ID: V1394\NIC1394\4108148430D49
Service: NIC1394

Class GUID:
Description: Controlador de barramento SM
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_907B1584&REV_02\3&B1BFB68&0&FB
Manufacturer:
Name: Controlador de barramento SM
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_907B1584&REV_02\3&B1BFB68&0&FB
Service:

==== System Restore Points ===================

RP141: 19/2/2009 11:20:54 - Spybot-S&D System Internals
RP142: 20/2/2009 10:35:06 - Software Distribution Service 3.0
RP143: 20/2/2009 13:06:34 - Spybot-S&D System Internals
RP144: 20/2/2009 19:40:28 - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Reader 9
Adobe SVG Viewer 3.0
Advanced Browser (remove only)
ALUpdate
ALZip
Apple Software Update
Assistente de Conexão do Windows Live
AutoCAD 2000
AutoCAD 2000 Migration Assistance
Avant Browser (remove only)
avast! Antivirus
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BrOffice.org 2.4
BufferChm
CCleaner (remove only)
Choice Guard
CorelDRAW 10
Creative PC-CAM 900 Driver (1.01.01.0218)
Creative WebCam Center
CreativeProjects
CustomerResearchQFolder
D-Book 4.0.6
Defraggler (remove only)
Destinations
DeviceManagementQFolder
Director 8 Shockwave Studio
DocProc
DocProcQFolder
EasyCleaner
EasyPHP 1.8
Eraser
ERUNT 1.1j
eSupportQFolder
EVEREST Home Edition v2.20
Fax
Ferramenta de Carregamento do Windows Live
Ferramenta de Carregamento do Windows Live SkyDrive
FTP Explorer
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
Gimp 2.6.1
Google Chrome
Google Desktop
Google Earth
Google Earth Plugin
Google Gmail Notifier
Google SketchUp 6
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Image Zone 3.5
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet J3600 Series
HP Product Assistant
HP Smart Web Printing
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
HPSystemDiagnostics
HTML-Kit
InstantShare
J2SE Development Kit 5.0 Update 4
J2SE Runtime Environment 5.0 Update 4
Java Runtime Environment 1.2
Java(TM) 6 Update 10
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Junk Mail filter update
KnockOut 2
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
MarketResearch
Megaemail
Microsoft .NET Framework 2.0 Language Pack - PTB
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft ASP.NET Web Matrix
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Studio Web Authoring Component
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.17)
MPS PHP DESIGNER 1.0
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MV RegClean 5.9
O2Micro Flash Memory Card Windows Driver V2.04
Opera 9.63
Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0
PC Inspector File Recovery
Pdf995
PhotoGallery
Picasa 3
Puxa Rápido
Ralink Wireless LAN
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Safari
Scan
Segoe UI
SkinsHP1
SkinsHP2
Skype™ 3.8
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spyware Doctor 5.5
Status
Teleport Pro
Toolbox
TrayApp
Vibra Plus Driver (1.01.01.0906)
Vibra Plus User's Guide (English)
WebFldrs XP
WebReg
Windows Communication Foundation Language Pack - PTB
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Mail
Windows Live Messenger
Windows Live Proteção para a Família
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (PTB)
Windows Workflow Foundation BR Language Pack
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager

==== End Of File ===========================

**Blade81** · 2009-02-21, 13:53

Hi

You're probably getting that alert of madinjection.rtk cos one of your installed programs (Spyware Doctor I think) uses mchlnjdrv.sys file. That can be ignored

Anyway, your Java is outdated and must be updated.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 12.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
These must be uninstalled:
J2SE Development Kit 5.0 Update 4
J2SE Runtime Environment 5.0 Update 4
Java Runtime Environment 1.2
Java(TM) 6 Update 10
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

**rokut** · 2009-02-26, 18:18

Thank you so much for the support you expended with us.

**Blade81** · 2009-02-26, 20:24

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

Thread: madinjection.rtk

Thread Tools

Display

madinjection.rtk

We appreciate so much your effort...

Thanks for your help

You're welcome

Posting Permissions