Results 1 to 6 of 6

Thread: "Total Security" runs automatically

  1. 2009-08-27, 20:44 #1
    Dragaodacampineira
    Dragaodacampineira is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    7

    Default "Total Security" runs automatically

    Hi, there.
    I opened a topic called "'Total Security' installs automatcally", and was replying to it when i received a message "Sorry! This forum is not accepting new posts!". What happened? The topic got closed?
    I was replying to Katana. I installed and runned all tools indicated (MGADiag and RSIT). I am still troubled with this infection and willing to have your guidance. Should i post the logs created?
    I will take the liberty of posting the logs asked, for a (new) beginning.

    HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:51:49, on 27/8/2001
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\WindowsXP\Desktop\RSIT.exe
    C:\Documents and Settings\WindowsXP\Desktop\WindowsXP.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
    O4 - HKLM\..\Run: [Eac_Download] C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k
    O4 - HKLM\..\Run: [Sysres] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [regtmlp] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [KAZAA] C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [HotVideo_br] c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe
    O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
    O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
    O4 - HKLM\..\Run: [13843124] C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124.exe
    O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE" "C:\Arquivos de programas\McAfee\McAfee Shared Components\Guardian\"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [UltraDiscador iBest] "C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
    O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe (User '?')
    O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
    O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
    O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IG\igshop.dll (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    --
    End of file - 4555 bytes
  2. 2009-08-27, 20:46 #2
    Dragaodacampineira
    Dragaodacampineira is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    7

    Default

    Here goes the MGADiag log:

    Diagnostic Report (1.9.0011.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Clock sync error
    Validation Code: 10

    Cached Validation Code: N/A
    Windows Product Key: *****-*****-YXRKT-8TG6W-2B7Q8
    Windows Product Key Hash: RVvFciZMdQfJLyDpZteolhaqicQ=
    Windows Product ID: 55274-640-0000356-23309
    Windows Product ID Type: 1
    Windows License Type: Volume
    Windows OS version: 5.1.2600.2.00010100.0.0.pro
    ID: {7730CCCE-66D2-4ADC-8DD2-461451A35A85}(1)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: FCEE394C-458-80041001_025D1FF3-344-80041001_025D1FF3-229-80041001_025D1FF3-230-1_025D1FF3-238-2_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 101 Not Activated
    Microsoft Office XP Professional - 101 Not Activated
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-458-80041001_025D1FF3-344-80041001_025D1FF3-229-80041001_025D1FF3-230-1_025D1FF3-238-2

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    Default Browser: C:\Arquivos de programas\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7730CCCE-66D2-4ADC-8DD2-461451A35A85}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2B7Q8</PKey><PID>55274-640-0000356-23309</PID><PIDType>1</PIDType><SID>S-1-5-21-1202660629-1708537768-2146889571</SID><SYSTEM/><BIOS/><HWID>631D398F0184A049</HWID><UserLCID>0416</UserLCID><SystemLCID>0416</SystemLCID><TimeZone>Hora oficial do Brasil(GMT-03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>101</Result><Products><Product GUID="{91110416-6000-11D3-8CFE-0050048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>A110F76D971C7DC</Val><Hash>dVd/CksZKHMCpyWAuCWteTqQe6o=</Hash><Pid>54507-750-3144781-17921</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="10" Result="101"/><App Id="16" Version="10" Result="101"/><App Id="18" Version="10" Result="101"/><App Id="1A" Version="10" Result="101"/><App Id="1B" Version="10" Result="101"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: no
    Marker string from BIOS: N/A
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
  3. 2009-08-27, 20:48 #3
    Dragaodacampineira
    Dragaodacampineira is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    7

    Default

    This is RSIT's info.txt

    info.txt logfile of random's system information tool 1.06 2001-08-27 01:52:01

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe ActiveShare 1.5-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C}\setup.exe" UNINSTALL
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Agere Systems PCI Soft Modem-->agrsmdel
    AntiViral Toolkit Pro-->C:\ARQUIV~1\ANTIVI~1\UNWISE.EXE C:\ARQUIV~1\ANTIVI~1\INSTALL.LOG
    Barra do iG-->regsvr32.exe /u /s "C:\ARQUIV~1\IG\igshop.dll"
    Désinstaller Le Petit Robert de la langue française-->C:\WINDOWS\IsUn040c.exe -f"C:\Arquivos de programas\Le Robert\Le Petit Robert\Uninst.isu"
    DivX Codec 3.1alpha release-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
    Edição Eletrônica de Freud-->C:\WINDOWS\ST4UNST.EXE -n "C:\Arquivos de programas\freud\ST4UNST.LOG"
    EVEREST Ultimate Edition v5.02-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    Grand Theft Auto-->C:\Games\Uninstal.exe
    Half-Life: Opposing Force-->C:\GAMES\HALFLIFE\gearbox\UNWISE.EXE C:\GAMES\HALFLIFE\gearbox\INSTALL.LOG
    Half-Life-->C:\WINDOWS\IsUninst.exe -fc:\Games\Halflife\Uninst.isu -c"c:\Games\Halflife\HLUNINST.DLL"
    HijackThis 2.0.2-->"C:\Documents and Settings\WindowsXP\Desktop\HijackThis.exe" /uninstall
    HP PrecisionScan LTX-->C:\WINDOWS\IsUn0816.exe -f"C:\Arquivos de programas\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Arquivos de programas\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
    Kazaa Media Desktop 2.0.2-->RunDll32 C:\WINDOWS\System32\cd_clint.dll,ServiceRunDll u_291 "{A2756524-E9F9-4AC1-AF4E-15F3460ACB3E}"
    LiveReg (Symantec Corporation)-->C:\Arquivos de programas\Arquivos comuns\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    Macromedia Dreamweaver MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
    Macromedia Extension Manager-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
    Macromedia Fireworks MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
    Macromedia Flash MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
    Macromedia FreeHand 9-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Macromedia\FreeHand 9\Uninst.isu"
    Microsoft Office 2000 Premium-->MsiExec.exe /I{00000416-78E1-11D2-B60F-006097C998E7}
    Microsoft Office XP Professional-->MsiExec.exe /I{91110416-6000-11D3-8CFE-0050048383C9}
    mIRC-->"C:\Scoop2003\scoop.exe" -uninstall
    Outlook Express Update Q330994-->C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
    Sierra Utilities-->C:\Arquivos de programas\Sierra On-Line\sutil32.exe uninstall
    SiS Audio Driver-->C:\Progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
    Software para Impressoras EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\epupdate.exe /r
    Suplemento MSN para Windows Messenger-->rundll32.exe "C:\Arquivos de programas\Messenger\MSGSC.dll",UnregisterMSNExt
    SystemSecurity2009-->C:\Documents and Settings\WindowsXP\Menu Iniciar\Programas\Total Security\Total Security 2009.lnk
    UltraDiscador iBest-->"C:\Arquivos de programas\UltraDiscador iBest\uninst.exe"
    Winamp3 (remove only)-->C:\Arquivos de programas\Winamp3\uninst-wa3.EXE
    Windows XP Application Compatibility Update[Q319580]-->C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
    Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
    Windows XP Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
    Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe
    Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
    Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q309521 for more information]-->C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q311889 for more information]-->C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q311967 for more information]-->C:\WINDOWS\$NtUninstallQ311967$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q313450 for more information]-->C:\WINDOWS\$NtUninstallQ313450$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q314147 for more information]-->C:\WINDOWS\$NtUninstallQ314147$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q314862 for more information]-->C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q315000 for more information]-->C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q315403 for more information]-->C:\WINDOWS\$NtUninstallQ315403$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q317277 for more information]-->C:\WINDOWS\$NtUninstallQ317277$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q318138 for more information]-->C:\WINDOWS\$NtUninstallQ318138$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q323172 for more information]-->C:\WINDOWS\$NtUninstallQ323172$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q324096 for more information]-->C:\WINDOWS\$NtUninstallQ324096$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q324380 for more information]-->C:\WINDOWS\$NtUninstallQ324380$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q326830 for more information]-->C:\WINDOWS\$NtUninstallQ326830$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q329441 for more information]-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) Q328310-->C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) Q331953-->C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
    Windows XP Hotfix (SP1) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
    Windows XP Hotfix Package [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=0402
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SAFEBOOT_OPTION"=NETWORK

    -----------------EOF-----------------
  4. 2009-08-27, 21:09 #4
    Dragaodacampineira
    Dragaodacampineira is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    7

    Default

    This is the part 1 of RSIT's log.txt

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by WindowsXP at 2001-08-27 01:51:43
    WIN_XP
    System drive C: has 23 GB (58%) free of 39 GB
    Total RAM: 255 MB (62% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:51:49, on 27/8/2001
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\WindowsXP\Desktop\RSIT.exe
    C:\Documents and Settings\WindowsXP\Desktop\WindowsXP.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
    O4 - HKLM\..\Run: [Eac_Download] C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k
    O4 - HKLM\..\Run: [Sysres] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [regtmlp] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [KAZAA] C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [HotVideo_br] c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe
    O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
    O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
    O4 - HKLM\..\Run: [13843124] C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124.exe
    O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE" "C:\Arquivos de programas\McAfee\McAfee Shared Components\Guardian\"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [UltraDiscador iBest] "C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
    O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe (User '?')
    O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
    O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
    O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IG\igshop.dll (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    --
    End of file - 4555 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7EEF1E3D-FD97-4401-BCDB-5827F2D11709}]
    &iG - C:\ARQUIV~1\IG\igshop.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2001-08-27 846876]
    {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - &iG - C:\ARQUIV~1\IG\igshop.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Eac_Download"=C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k []
    "Sysres"=C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe []
    "regtmlp"=C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe []
    "WinampAgent"=C:\Arquivos de programas\Winamp3\winampa.exe []
    "KAZAA"=C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY []
    "HotVideo_br"=c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect []
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2002-02-01 87037]
    "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
    "odby"=C:\WINDOWS\odb.exe [2001-08-27 234496]
    "netc"=C:\WINDOWS\svc.exe [2001-08-27 233472]
    "lsass"=C:\WINDOWS\lsass.exe [2001-08-27 279552]
    "UpdateWin"=C:\WINDOWS\System32\2052t.exe [2001-08-27 41984]
    "13843124"=C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124 [2001-08-27 56]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "DELDIR0.EXE"=C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE [2003-10-16 32768]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2001-08-27 13312]
    "UltraDiscador iBest"=C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe [2003-01-17 16384]
    "MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2003-04-14 1491216]
    "Le Petit Robert Hyperappel"=C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe [2001-10-11 22560]
    "UpdateWin"=C:\WINDOWS\System32\2052t.exe [2001-08-27 41984]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
    Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
    EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .js - open - "C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

    ======List of files/folders created in the last 1 months======

    2006-08-18 11:54:04 ----SHD---- C:\FOUND.045
    2006-07-26 18:09:10 ----SHD---- C:\FOUND.044
    2006-07-10 15:52:54 ----SHD---- C:\FOUND.043
    2006-06-28 09:29:11 ----SHD---- C:\WINDOWS\CSC
    2006-05-17 15:22:20 ----SHD---- C:\FOUND.042
    2006-05-09 15:16:12 ----SHD---- C:\FOUND.041
    2006-04-26 11:26:23 ----A---- C:\WINDOWS\System32\ntdll.dll
    2005-12-14 14:09:11 ----A---- C:\WINDOWS\System32\MRT.exe
    2005-09-13 02:03:53 ----D---- C:\quake 1
    2005-09-11 13:23:52 ----SHD---- C:\FOUND.040
    2005-09-10 23:28:40 ----D---- C:\Show Chic Corea e Banda
    2005-09-10 23:21:43 ----HD---- C:\WINDOWS\$NtUninstallKB828741$
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\txflog.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\rpcss.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\rpcrt4.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\ole32.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\mtxoci.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\mtxclu.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\msdtctm.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\comuid.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\colbact.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\clbcatq.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\clbcatex.dll
    2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\catsrv.dll
    2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\msdtcprx.dll
    2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\es.dll
    2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\comsvcs.dll
    2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\catsrvut.dll
    2005-09-10 23:20:15 ----HD---- C:\WINDOWS\$NtUninstallKB835732$
    2005-09-10 23:20:14 ----A---- C:\WINDOWS\System32\rtcdll.dll
    2005-09-10 23:20:14 ----A---- C:\WINDOWS\System32\netapi32.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\schannel.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\msgina.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\msasn1.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\mf3216.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\lsasrv.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\ipnathlp.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\h323msp.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\gdi32.dll
    2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\browser.dll
    2005-09-10 23:19:17 ----HD---- C:\WINDOWS\$NtUninstallKB823559$
    2005-09-10 23:18:23 ----RA---- C:\WINDOWS\agrsmdel.exe
    2005-09-10 23:18:22 ----RA---- C:\WINDOWS\AGRSMMSG.exe
    2005-09-10 23:18:08 ----A---- C:\WINDOWS\System32\zipfldr.dll
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\WININET.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\URLMON.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\URL.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHLWAPI.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHDOCVW.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHDOCLC.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\PNGFILT.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\MSHTML.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\INSENG.DLL
    2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\BROWSEUI.DLL
    2005-09-10 23:17:08 ----HD---- C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$
    2005-09-10 23:15:48 ----HD---- C:\WINDOWS\$NtUninstallQ810833$
    2005-09-10 23:15:48 ----A---- C:\WINDOWS\System32\locator.exe
    2005-09-10 23:15:26 ----A---- C:\WINDOWS\System32\srrstr.dll
    2005-09-10 23:14:29 ----HD---- C:\WINDOWS\$NtUninstallQ817606$
    2005-08-22 15:37:30 ----D---- C:\WINDOWS\System32\SoftwareDistribution
    2005-07-13 20:18:07 ----D---- C:\Arquivos de programas\Arquivos comuns\Macromedia
    2005-07-13 20:02:07 ----N---- C:\WINDOWS\System32\cfperfmon_mx.dll
    2005-07-13 19:45:30 ----D---- C:\Arquivos de programas\Macromedia
    2005-05-26 04:16:30 ----A---- C:\WINDOWS\System32\wups2.dll
    2005-02-11 13:36:12 ----SHD---- C:\FOUND.039
    2005-01-21 14:48:57 ----D---- C:\NFS5
    2005-01-21 14:34:14 ----SHD---- C:\FOUND.038
    2005-01-05 11:42:22 ----D---- C:\Activision
    2004-11-08 17:34:25 ----HD---- C:\WINDOWS\$hf_mig$
    2004-10-16 14:48:35 ----D---- C:\WINDOWS\System32\bits
    2004-10-16 14:48:23 ----HD---- C:\WINDOWS\$NtUninstallKB842773$
    2004-09-16 12:26:39 ----N---- C:\WINDOWS\System32\bitsprx3.dll
    2004-09-16 12:26:39 ----N---- C:\WINDOWS\System32\bitsprx2.dll
    2004-09-16 12:26:39 ----A---- C:\WINDOWS\System32\winhttp.dll
    2004-09-16 12:26:38 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
    2004-09-14 14:38:00 ----D---- C:\WINDOWS\SoftwareDistribution
    2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuweb.dll
    2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wups.dll
    2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wucltui.dll
    2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuaueng1.dll
    2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuauclt1.exe
    2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuapi.dll
    2004-07-30 11:36:09 ----A---- C:\WINDOWS\PR1V2.INI
    2004-07-30 11:29:37 ----D---- C:\Arquivos de programas\Le Robert
    2004-07-30 11:28:39 ----A---- C:\WINDOWS\IsUn040c.exe
    2004-06-30 16:59:34 ----N---- C:\WINDOWS\System32\xpob2res.dll
    2003-11-01 11:54:06 ----H---- C:\WINDOWS\System32\MFCEH32.DLL
    2003-10-16 22:20:24 ----A---- C:\WINDOWS\AVPM.INI
    2003-10-16 22:20:24 ----A---- C:\WINDOWS\AVP32.INI
    2003-10-16 22:20:16 ----D---- C:\Arquivos de programas\Arquivos comuns\AVP Shared
    2003-10-16 22:20:16 ----D---- C:\Arquivos de programas\AntiViral Toolkit Pro
    2003-10-16 21:36:56 ----D---- C:\Arquivos de programas\McAfee VirusScan 6.01.2000 Retail
    2003-10-16 21:34:37 ----D---- C:\Arquivos de programas\Lavasoft
    2003-10-16 20:59:54 ----D---- C:\Arquivos de programas\Trojan Remover
    2003-09-27 14:01:16 ----SHD---- C:\FOUND.037
    2003-09-21 20:04:38 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Macromedia
    2003-09-21 15:00:06 ----SHD---- C:\FOUND.036
    2003-09-17 11:30:36 ----SHD---- C:\FOUND.035
    2003-08-16 15:22:44 ----SHD---- C:\FOUND.034
    2003-08-12 21:11:08 ----SHD---- C:\FOUND.033
    2003-07-21 15:03:40 ----D---- C:\Arquivos de programas\EMusic Download Manager
    2003-07-21 14:48:54 ----A---- C:\WINDOWS\Winamp.ini
    2003-07-21 14:48:15 ----D---- C:\Arquivos de programas\Winamp3
    2003-07-20 23:50:18 ----A---- C:\WINDOWS\Video.INI
    2003-07-19 13:22:38 ----SHD---- C:\FOUND.032
    2003-07-15 15:59:30 ----A---- C:\WINDOWS\Icon.INI
    2003-07-15 15:42:19 ----D---- C:\Arquivos de programas\UltraDiscador iBest
    2003-07-14 17:35:33 ----HD---- C:\WINDOWS\$NtUninstallQ815021$
    2003-07-14 17:34:12 ----A---- C:\WINDOWS\ieuninst.exe
    2003-07-14 17:31:04 ----SHD---- C:\FOUND.031
    2003-07-14 01:17:19 ----A---- C:\WINDOWS\uninst.exe
    2003-07-10 23:47:18 ----SHD---- C:\FOUND.030
    2003-06-24 21:12:28 ----SHD---- C:\FOUND.029
    2003-06-02 23:50:46 ----SHD---- C:\FOUND.028
    2003-05-27 17:55:41 ----HD---- C:\WINDOWS\$NtUninstallQ331953$
    2003-05-27 17:54:52 ----D---- C:\WINDOWS\RegisteredPackages
    2003-05-27 17:54:21 ----HD---- C:\WINDOWS\$NtUninstallQ811493$
    2003-05-27 17:53:01 ----A---- C:\WINDOWS\System32\inetcomm.dll
    2003-05-27 17:52:27 ----D---- C:\Arquivos de programas\Common Files
    2003-05-21 18:47:51 ----N---- C:\WINDOWS\KiG.exe
    2003-05-13 19:11:00 ----SHD---- C:\FOUND.027
    2003-05-13 19:07:24 ----A---- C:\WINDOWS\System32\jscript.dll
    2003-05-11 14:27:40 ----N---- C:\WINDOWS\Setup1.exe
    2003-05-11 14:27:38 ----A---- C:\WINDOWS\ST6UNST.EXE
    2003-05-11 14:21:19 ----A---- C:\WINDOWS\WORDPAD.INI
    2003-05-08 01:19:56 ----D---- C:\WINDOWS\aod
    2003-05-08 01:19:40 ----D---- C:\Arquivos de programas\ICQLite
    2003-04-30 12:13:59 ----D---- C:\WINDOWS\Minidump
    2003-04-22 18:43:24 ----SHD---- C:\FOUND.026
    2003-04-04 11:58:08 ----SHD---- C:\FOUND.025
    2003-03-21 15:17:26 ----SHD---- C:\FOUND.024
    2003-03-14 12:18:06 ----HD---- C:\WINDOWS\$NtUninstallQ329170$
    2003-03-14 12:15:57 ----HD---- C:\WINDOWS\$NtUninstallQ810577$
    2003-03-14 12:14:23 ----HD---- C:\WINDOWS\$NtUninstallQ328310$
    2003-03-14 12:14:23 ----A---- C:\WINDOWS\System32\winsrv.dll
    2003-03-14 12:14:23 ----A---- C:\WINDOWS\System32\user32.dll
    2003-03-14 12:13:02 ----HD---- C:\WINDOWS\$NtUninstallQ329115$
    2003-03-14 12:12:50 ----HD---- C:\WINDOWS\$NtUninstallQ329390$
    2003-03-14 12:12:16 ----HD---- C:\WINDOWS\$NtUninstallQ329441$
    2003-03-12 12:22:48 ----SHD---- C:\FOUND.023
    2003-03-03 15:26:12 ----A---- C:\WINDOWS\Q330994.exe
    2003-02-23 13:50:20 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
    2003-02-22 13:43:32 ----SHD---- C:\FOUND.022
    2003-01-28 16:11:32 ----SHD---- C:\FOUND.021
    2003-01-20 17:20:29 ----A---- C:\WINDOWS\ntbtlog.txt
    2003-01-20 16:51:37 ----D---- C:\WINDOWS\pss
    2003-01-08 14:40:24 ----SHD---- C:\FOUND.020
    2002-12-17 02:35:08 ----A---- C:\WINDOWS\nscstiu_error.txt
    2002-12-16 13:50:16 ----SHD---- C:\FOUND.019
    2002-12-12 12:54:18 ----A---- C:\WINDOWS\System32\wmv9dmod.dll
    2002-12-03 15:28:06 ----SHD---- C:\FOUND.018
    2002-11-19 13:48:52 ----SHD---- C:\FOUND.017
    2002-11-18 17:05:16 ----A---- C:\WINDOWS\System32\HotVideo_br-uninstall.exe
    2002-11-12 14:24:30 ----SHD---- C:\FOUND.016
    2002-11-08 19:23:28 ----SHD---- C:\FOUND.015
    2002-11-08 12:23:44 ----HD---- C:\WINDOWS\$NtUninstallQ329834$
    2002-11-08 12:23:07 ----HD---- C:\WINDOWS\$NtUninstallQ329048$
    2002-11-08 12:23:06 ----HD---- C:\WINDOWS\$xpsp1hfm$
    2002-11-08 12:23:06 ----A---- C:\WINDOWS\System32\xpsp1hfm.exe
    2002-11-08 12:22:33 ----HD---- C:\WINDOWS\$NtUninstallQ324096$
    2002-11-08 12:22:09 ----HD---- C:\WINDOWS\$NtUninstallQ323172$
    2002-11-08 12:21:41 ----HD---- C:\WINDOWS\$NtUninstallQ324380$
    2002-10-31 01:11:14 ----A---- C:\WINDOWS\System32\iuengine.dll
    2002-10-28 22:21:26 ----SHD---- C:\FOUND.014
    2002-10-18 20:43:22 ----HD---- C:\WINDOWS\$NtUninstallQ326830$
    2002-10-10 17:22:14 ----A---- C:\WINDOWS\System32\ibestutl.dll
    2002-10-08 16:33:27 ----A---- C:\WINDOWS\readme.txt
    2002-09-23 15:11:26 ----A---- C:\WINDOWS\System32\crypt32.dll
    2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\itss.dll
    2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\itircl.dll
    2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\hhsetup.dll
    2002-09-21 20:13:26 ----A---- C:\WINDOWS\hh.exe
    2002-09-19 11:29:58 ----A---- C:\WINDOWS\System32\shmedia.dll
    2002-09-17 16:02:50 ----SHD---- C:\FOUND.013
    2002-09-08 20:21:46 ----SHD---- C:\FOUND.012
    2002-08-30 16:14:22 ----D---- C:\WINDOWS\solcache
    2002-08-27 15:58:18 ----SHD---- C:\FOUND.011
    2002-08-20 21:08:17 ----HD---- C:\WINDOWS\$NtUninstallQ313450$
    2002-08-09 13:05:42 ----SHD---- C:\FOUND.010
    2002-07-27 13:36:30 ----SHD---- C:\FOUND.009
    2002-07-27 13:22:48 ----HD---- C:\WINDOWS\$NtUninstallQ318138$
    2002-07-27 13:22:39 ----A---- C:\WINDOWS\System32\dxmasf.dll
    2002-07-27 13:22:37 ----A---- C:\WINDOWS\System32\wmpcore.dll
    2002-07-26 22:56:44 ----SHD---- C:\FOUND.008
    2002-07-25 18:20:04 ----A---- C:\WINDOWS\System32\xactsrv.dll
    2002-07-25 17:21:47 ----A---- C:\WINDOWS\System32\MVBK14N.DLL
    2002-07-25 17:21:46 ----A---- C:\WINDOWS\System32\MVTL14N.DLL
    2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVSR14N.DLL
    2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVMG14N.DLL
    2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVMC14N.DLL
    2002-07-25 17:21:44 ----A---- C:\WINDOWS\System32\MVIX14N.DLL
    2002-07-25 17:21:44 ----A---- C:\WINDOWS\System32\MVFS14N.DLL
    2002-07-25 17:21:43 ----A---- C:\WINDOWS\System32\MVUT14N.DLL
    2002-07-25 17:21:43 ----A---- C:\WINDOWS\System32\MVCL14N.DLL
    2002-07-25 17:21:37 ----A---- C:\WINDOWS\System32\GRDKRN32.DLL
    2002-07-25 17:21:34 ----D---- C:\Arquivos de programas\freud
    2002-07-24 00:57:42 ----D---- C:\WINDOWS\LogFiles
    2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\WININET(3).DLL
    2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\WININET(2).DLL
    2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URLMON(3).DLL
    2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URLMON(2).DLL
    2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URL(3).DLL
    2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URL(2).DLL
    2002-07-23 08:58:14 ----A---- C:\WINDOWS\System32\SHDOCVW(2).DLL
    2002-07-23 08:58:14 ----A---- C:\WINDOWS\System32\shdoclc(2).dll
    2002-07-22 16:01:46 ----A---- C:\WINDOWS\System32\TrackerNET.dll
    2002-07-22 16:01:46 ----A---- C:\WINDOWS\System32\libmySQL.dll
    2002-07-18 18:54:20 ----A---- C:\WINDOWS\System32\rdpdd.dll
    2002-07-02 11:19:58 ----SHD---- C:\FOUND.007
    2002-06-27 13:26:24 ----SHD---- C:\FOUND.006
    2002-06-27 01:08:24 ----SHD---- C:\FOUND.005
    2002-06-22 14:06:53 ----A---- C:\WINDOWS\War3Unin.exe
    2002-06-19 16:23:12 ----SHD---- C:\FOUND.004
    2002-06-17 22:03:02 ----SHD---- C:\FOUND.003
    2002-06-11 15:46:56 ----HD---- C:\WINDOWS\$NtUninstallQ309521$
    2002-06-11 15:46:43 ----HD---- C:\WINDOWS\$NtUninstallQ311889$
    2002-06-11 15:46:30 ----HD---- C:\WINDOWS\$NtUninstallQ315000$
    2002-06-11 15:46:20 ----HD---- C:\WINDOWS\$NtUninstallQ314862$
    2002-06-11 15:46:08 ----HD---- C:\WINDOWS\$NtUninstallQ315403$
    2002-06-11 15:45:58 ----HD---- C:\WINDOWS\$NtUninstallQ314147$
    2002-06-11 15:45:46 ----HD---- C:\WINDOWS\$NtUninstallQ311967$
    2002-06-11 15:45:16 ----HD---- C:\WINDOWS\$NtUninstallQ319580$
    2002-06-11 15:44:49 ----N---- C:\WINDOWS\System32\spmsg.dll
    2002-06-11 15:44:29 ----HD---- C:\WINDOWS\$NtUninstallQ317277$
    2002-06-11 15:44:00 ----HD---- C:\WINDOWS\msdownld.tmp
    2002-05-27 00:41:18 ----SHD---- C:\FOUND.002
    2002-05-18 20:00:32 ----SHD---- C:\FOUND.001
    2002-04-29 12:40:50 ----SHD---- C:\FOUND.000
    2002-04-17 00:18:21 ----RA---- C:\WINDOWS\System32\qdcspi.dll
    2002-04-01 12:22:18 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\MSN6
    2002-04-01 12:22:18 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\MSN6
    2002-03-21 16:14:21 ----D---- C:\Arquivos de programas\ICQ
    2002-03-15 19:37:54 ----D---- C:\sierra
    2002-03-15 19:01:47 ----D---- C:\Temp
    2002-03-15 18:39:15 ----D---- C:\SAVE
    2002-03-15 16:43:21 ----A---- C:\WINDOWS\System32\SNWValid.dll
    2002-03-15 16:43:21 ----A---- C:\WINDOWS\System32\SierraNW.dll
    2002-03-15 16:43:18 ----D---- C:\Arquivos de programas\Sierra On-Line
    2002-03-15 16:43:17 ----D---- C:\Games
    2002-03-15 16:41:38 ----A---- C:\WINDOWS\SIERRA.INI
    2002-02-26 14:58:06 ----A---- C:\WINDOWS\System32\vbscript.dll
    2002-02-23 12:23:12 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Help
    2002-02-15 15:59:08 ----A---- C:\WINDOWS\System32\msxml3.dll
    2002-02-15 15:59:08 ----A---- C:\WINDOWS\System32\msxml3(2).dll
    2002-02-12 22:24:54 ----A---- C:\WINDOWS\System32\rasdlg.dll
    2002-02-12 22:24:52 ----A---- C:\WINDOWS\System32\rasapi32.dll
    2002-02-12 22:24:52 ----A---- C:\WINDOWS\System32\rasapi32(2).dll
    2002-02-12 22:03:02 ----A---- C:\WINDOWS\System32\snmpapi.dll
    2002-02-12 22:02:36 ----A---- C:\WINDOWS\System32\wsnmp32.dll
    2002-02-12 18:14:06 ----A---- C:\WINDOWS\System32\rassapi.dll
    2002-01-25 03:36:44 ----A---- C:\WINDOWS\Access.exe
    2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicutil4.exe
    2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicutil4.dll
    2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicunst.exe
    2002-01-22 15:38:56 ----A---- C:\WINDOWS\System32\qmgr.dll
    2002-01-22 15:38:56 ----A---- C:\WINDOWS\System32\qmgr(2).dll
    2002-01-07 17:15:34 ----A---- C:\WINDOWS\System32\msxml2.dll
    2001-12-19 18:20:12 ----A---- C:\WINDOWS\System32\termsrv.dll
    2001-12-19 18:20:12 ----A---- C:\WINDOWS\System32\termsrv(2).dll
    2001-12-18 15:10:56 ----A---- C:\WINDOWS\System32\netsetup.exe
    2001-12-18 13:33:14 ----D---- C:\WINDOWS\System32\appmgmt
    2001-12-17 18:02:20 ----A---- C:\WINDOWS\System32\upnp.dll
    2001-12-17 18:02:20 ----A---- C:\WINDOWS\System32\upnp(2).dll
    2001-12-11 22:09:10 ----D---- C:\WINDOWS\DIALPASS
    2001-12-09 03:17:53 ----D---- C:\Arquivos de programas\fotos-videos
    2001-12-05 10:17:06 ----A---- C:\WINDOWS\EPSTPLOG.TXT
    2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBUtil.dll
    2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\ebpthp.dll
    2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBPMON2.DLL
    2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBAPI.dll
    2001-12-05 10:16:56 ----D---- C:\Arquivos de programas\Arquivos comuns\EPSON
    2001-12-03 00:46:43 ----HD---- C:\WINDOWS\PIF
    2001-12-03 00:26:52 ----SD---- C:\WINDOWS\Temporary Internet Files
    2001-12-03 00:26:52 ----SD---- C:\WINDOWS\Hist¾rico
    2001-12-01 11:51:32 ----RA---- C:\WINDOWS\System32\hpsjvset.dll
    2001-12-01 11:46:15 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
    2001-12-01 11:44:45 ----D---- C:\Adobe Albums
    2001-12-01 11:43:22 ----D---- C:\sj645
    2001-12-01 11:39:14 ----A---- C:\WINDOWS\System32\Dc50v11_32.dll
    2001-12-01 11:39:14 ----A---- C:\WINDOWS\System32\Dc50ip32.dll
    2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\SC.dll
    2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixjpeg.dll
    2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixio130.dll
    2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixguid.dll
    2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekexifio.dll
    2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\DC265.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psParse.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psl350.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psdkReg.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\pscSetup.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\pscParse.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\F210.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixpsets.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixexif.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixaudio.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC280.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC240.dll
    2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC210.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscLL.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Pscl2STI.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscDvlp.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscDcd.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscCllct.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscAdimg.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Deimg603.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg602.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg401.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg301.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Comm32.dll
    2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Camapi32.dll
    2001-12-01 11:39:10 ----D---- C:\Arquivos de programas\Arquivos comuns\FotoNation
    2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\npplg10N.dll
    2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\lttwn10N.dll
    2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\ltthk10w.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltkrn10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltisi10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltimg10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltfil10N.DLL
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltefx10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltdlg10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\LTDIS10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltann10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfwmf10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lftif10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpsd10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpng10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpcd10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfgif10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lffax10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\LFCMP10N.DLL
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfbmp10N.dll
    2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfawd10N.dll
    2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\SfClientDLL.dll
    2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\PLUGIN.DLL
    2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\lfavi10N.dll
    2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\ioRdyRes.dll
    2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\Iordy.dll
    2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\ECircles.dll
    2001-12-01 11:38:47 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe
    2001-12-01 11:38:46 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
    2001-12-01 11:38:46 ----D---- C:\Arquivos de programas\Adobe
    2001-12-01 11:38:04 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\ltkrn70n.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\ltfil70n.DLL
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lftif70n.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfpng70n.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfpcx70n.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\Lfkodak.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfgif70n.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lffpx70n.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\Lffpx7.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\hpsj32.dll
    2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\hpgreg32.dll
    2001-12-01 11:37:36 ----A---- C:\WINDOWS\System32\lffax70n.dll
    2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\LFCMP70n.DLL
    2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipeistor12.dll
    2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipebase12.dll
    2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipeapi12.dll
    2001-12-01 11:37:14 ----D---- C:\Arquivos de programas\Hewlett-Packard
    2001-12-01 11:06:10 ----D---- C:\WINDOWS\System32\ReinstallBackups
    2001-12-01 11:03:29 ----A---- C:\WINDOWS\hppsapp.INI
    2001-12-01 10:53:31 ----A---- C:\WINDOWS\IsUn0816.exe
    2001-11-30 15:16:29 ----D---- C:\Clips
    2001-11-30 13:30:21 ----D---- C:\WINDOWS\System32\NtmsData
    2001-11-30 12:22:54 ----A---- C:\WINDOWS\IsUn0416.exe
    2001-11-30 12:17:43 ----A---- C:\WINDOWS\ODBC.INI
    2001-11-30 12:14:25 ----D---- C:\Arquivos de programas\Microsoft Visual Studio
    2001-11-30 12:14:25 ----D---- C:\Arquivos de programas\Arquivos comuns\Designer
    2001-11-30 12:11:03 ----D---- C:\WINDOWS\ShellNew
    2001-11-30 12:10:55 ----D---- C:\Arquivos de programas\Microsoft Office
    2001-11-30 11:49:41 ----SHD---- C:\RECYCLED
    2001-11-30 11:48:05 ----A---- C:\WINDOWS\System32\msjter35.dll
    2001-11-30 11:48:05 ----A---- C:\WINDOWS\System32\Msjint35.dll
    2001-11-30 11:48:03 ----A---- C:\WINDOWS\System32\msrd2x35.dll
    2001-11-30 11:48:01 ----A---- C:\WINDOWS\System32\vbar332.dll
    2001-11-30 11:48:01 ----A---- C:\WINDOWS\System32\msjet35.dll
    2001-11-30 11:45:39 ----SD---- C:\WINDOWS\System32\Microsoft
    2001-11-30 11:45:28 ----D---- C:\Arquivos de programas\Norton SystemWorks
    2001-11-30 11:45:19 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Symantec
    2001-11-30 11:45:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec
    2001-11-30 11:45:06 ----D---- C:\Arquivos de programas\Symantec
    2001-11-30 11:44:51 ----D---- C:\Arquivos de programas\Arquivos comuns\Symantec Shared
    2001-11-30 11:44:43 ----A---- C:\WINDOWS\System32\msstkprp.dll
    2001-11-30 11:44:36 ----A---- C:\WINDOWS\IsUninst.exe
    2001-11-30 11:41:42 ----SHD---- C:\WINDOWS\Installer
    2001-11-30 11:41:38 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Identities
    2001-11-30 11:41:34 ----HD---- C:\Arquivos de programas\Uninstall Information
    2001-11-30 11:41:23 ----SD---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Microsoft
    2001-11-30 11:41:23 ----ASH---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\desktop.ini
    2001-11-30 11:39:59 ----D---- C:\WINDOWS\Prefetch
    2001-11-30 11:39:58 ----A---- C:\WINDOWS\SchedLgU.Txt
    2001-11-30 11:33:34 ----D---- C:\Arquivos de programas\xerox
    2001-11-30 11:33:33 ----D---- C:\WINDOWS\System32\xircom
    2001-11-30 11:33:33 ----D---- C:\Arquivos de programas\microsoft frontpage
    2001-11-30 11:32:44 ----A---- C:\WINDOWS\control.ini
    2001-11-30 11:32:44 ----A---- C:\AUTOEXEC.BAT
    2001-11-30 11:32:28 ----A---- C:\WINDOWS\OEWABLog.txt
    2001-11-30 11:32:21 ----A---- C:\WINDOWS\System32\mapi32.dll
    2001-11-30 11:30:14 ----SD---- C:\WINDOWS\Downloaded Program Files
    2001-11-30 11:30:14 ----RD---- C:\WINDOWS\Offline Web Pages
    2001-11-30 11:30:14 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest
    2001-11-30 11:30:01 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest
    2001-11-30 11:29:26 ----D---- C:\WINDOWS\srchasst
    2001-11-30 11:29:20 ----D---- C:\WINDOWS\System32\Macromed
    2001-11-30 11:29:20 ----D---- C:\WINDOWS\System32\DirectX
    2001-11-30 11:29:10 ----D---- C:\Arquivos de programas\Movie Maker
    2001-11-30 11:29:00 ----A---- C:\WINDOWS\System32\safrslv.dll
    2001-11-30 11:29:00 ----A---- C:\WINDOWS\System32\safrdm.dll
    2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\safrcdlg.dll
    2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\racpldlg.dll
    2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\atrace.dll
    2001-11-30 11:28:56 ----A---- C:\WINDOWS\System32\desktop.ini
    2001-11-30 11:28:56 ----A---- C:\WINDOWS\desktop.ini
    2001-11-30 11:28:53 ----D---- C:\WINDOWS\System32\Restore
    2001-11-30 11:28:53 ----D---- C:\Arquivos de programas\Windows Media Player
    2001-11-30 11:28:53 ----A---- C:\WINDOWS\System32\srsvc.dll
    2001-11-30 11:28:53 ----A---- C:\WINDOWS\System32\srclient.dll
    2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\nmmkcert.dll
    2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\nmevtmsg.dll
    2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\msconf.dll
    2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
    2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\mnmdd.dll
    2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\isrdbg32.dll
    2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\ils.dll
    2001-11-30 11:28:50 ----D---- C:\WINDOWS\PCHEALTH
    2001-11-30 11:28:50 ----D---- C:\Arquivos de programas\NetMeeting
    2001-11-30 11:28:50 ----A---- C:\WINDOWS\System32\msoert2.dll
    2001-11-30 11:28:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Serviços
    2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\msoeacct.dll
    2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\inetres.dll
    2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\acctres.dll
    2001-11-30 11:28:46 ----SD---- C:\WINDOWS\Tasks
    2001-11-30 11:28:46 ----D---- C:\Arquivos de programas\Outlook Express
    2001-11-30 11:28:46 ----A---- C:\WINDOWS\System32\schedsvc.dll
    2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\mstinit.exe
    2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\mstask.dll
    2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\isign32.dll
    2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\inetcfg.dll
    2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icwphbk.dll
    2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icwdial.dll
    2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icfgnt5.dll
    2001-11-30 11:28:44 ----D---- C:\Arquivos de programas\Arquivos comuns\MSSoap
    2001-11-30 11:28:42 ----D---- C:\Arquivos de programas\Arquivos comuns\System
    2001-11-30 11:28:41 ----D---- C:\Arquivos de programas\Internet Explorer
    2001-11-30 11:27:14 ----D---- C:\Arquivos de programas\ComPlus Applications
    2001-11-30 11:27:11 ----A---- C:\WINDOWS\vbaddin.ini
    2001-11-30 11:27:11 ----A---- C:\WINDOWS\vb.ini
    2001-11-30 11:27:02 ----D---- C:\WINDOWS\Registration
    2001-11-30 11:26:45 ----HD---- C:\Arquivos de programas\WindowsUpdate
    2001-11-30 11:26:45 ----D---- C:\Arquivos de programas\Serviços on-line
    2001-11-30 11:26:32 ----D---- C:\Arquivos de programas\Messenger
    2001-11-30 11:26:25 ----D---- C:\Arquivos de programas\MSN
    2001-11-30 11:26:23 ----D---- C:\Arquivos de programas\MSN Gaming Zone
    2001-11-30 11:26:23 ----A---- C:\WINDOWS\System32\write.exe
    2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\sndvol32.exe
    2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\sndrec32.exe
    2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\mplay32.exe
    2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\hypertrm.dll
    2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\accwiz.exe
    2001-11-30 11:26:14 ----D---- C:\Arquivos de programas\Windows NT
    2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\winchat.exe
    2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\hticons.dll
    2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avwav.dll
    2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avtapi.dll
    2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avmeter.dll
    2001-11-30 11:26:13 ----A---- C:\WINDOWS\System32\mspaint.exe
    2001-11-30 11:26:10 ----A---- C:\WINDOWS\System32\getuname.dll
    2001-11-30 11:26:10 ----A---- C:\WINDOWS\System32\clipbrd.exe
    2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\winmine.exe
    2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\spider.exe
    2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\sol.exe
    2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\mshearts.exe
    2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\charmap.exe
    2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\calc.exe
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuauserv.dll
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuaueng.dll
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuauclt.exe
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\sessmgr.exe
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\reset.exe
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\remotepg.dll
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdshost.exe
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdsaddin.exe
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdchost.dll
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\mstscax.dll
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\mstsc.exe
    2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\freecell.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\usrlogon.cmd
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tsshutdn.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tslabels.ini
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tskill.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tsdiscon.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tscupgrd.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tscon.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\shadow.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rwinsta.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\regini.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpwsx.dll
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpsnd.dll
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpclip.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpcfgex.dll
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qwinsta.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qprocess.exe
    2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qappsrv.exe
    2001-11-30 11:26:06 ----D---- C:\WINDOWS\System32\MsDtc
    2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\xolehlp.dll
    2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\msg.exe
    2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\msdtcprf.ini
    2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\logoff.exe
    2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\icaapi.dll
    2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\cfgbkend.dll
    2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\cdmodem.dll
    2001-11-30 11:26:05 ----A---- C:\WINDOWS\System32\msdtclog.dll
    2001-11-30 11:26:05 ----A---- C:\WINDOWS\System32\msdtc.exe
    2001-11-30 11:26:04 ----D---- C:\WINDOWS\System32\Com
    2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\stclient.dll
    2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxlegih.dll
    2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxex.dll
    2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxdm.dll
    2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
    2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\comrepl.dll
    2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\comaddin.dll
    2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\catsrvps.dll
    2001-11-30 11:26:03 ----A---- C:\WINDOWS\System32\comsnap.dll
    2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\wmimgmt.msc
    2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\servdeps.dll
    2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\mmfutil.dll
    2001-11-30 11:25:55 ----A---- C:\WINDOWS\System32\licwmi.dll
    2001-11-30 11:25:55 ----A---- C:\WINDOWS\System32\cmprops.dll
    2001-11-30 11:23:54 ----A---- C:\WINDOWS\System32\h323log.txt
    2001-11-30 11:20:55 ----A---- C:\WINDOWS\System32\nv4.dll
    2001-11-30 11:20:43 ----A---- C:\WINDOWS\System32\usbui.dll
    2001-11-30 11:18:26 ----A---- C:\WINDOWS\imsins.BAK
    2001-11-30 11:18:18 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
    2001-11-30 11:18:16 ----D---- C:\Arquivos de programas\Arquivos comuns\ODBC
    2001-11-30 11:18:16 ----A---- C:\WINDOWS\ODBCINST.INI
    2001-11-30 11:18:11 ----D---- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
    2001-11-30 11:18:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
    2001-11-30 11:18:11 ----AD---- C:\Arquivos de programas\Arquivos comuns
    2001-11-30 11:18:11 ----AD---- C:\Arquivos de programas
    2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\spxcoins.dll
    2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\irclass.dll
    2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\EqnClass.Dll
    2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\dgsetup.dll
    2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\dgrpsetu.dll
    2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\batt.dll
    2001-11-30 11:18:01 ----N---- C:\WINDOWS\System32\CONFIG.TMP
    2001-11-30 11:18:01 ----A---- C:\WINDOWS\TASKMAN.EXE
    2001-11-30 11:18:01 ----A---- C:\WINDOWS\NOTEPAD.EXE
    2001-11-30 11:18:00 ----A---- C:\WINDOWS\System32\storprop.dll
    2001-11-30 11:17:44 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
    2001-11-30 11:17:23 ----D---- C:\WINDOWS\System32\CatRoot2
    2001-11-30 11:17:23 ----D---- C:\WINDOWS\System32\CatRoot
    2001-11-30 11:17:17 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
    2001-11-30 11:17:03 ----A---- C:\WINDOWS\setuplog.txt
    2001-11-30 11:16:54 ----D---- C:\Documents and Settings
    2001-11-30 11:12:09 ----RSHD---- C:\WINDOWS\System32\dllcache
    2001-11-30 11:12:09 ----RD---- C:\WINDOWS\Web
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\WinSxS
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\twain_32
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\Temp
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\wbem
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\usmt
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\ShellExt
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\Setup
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\oobe
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\npp
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\mui
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\inetsrv
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\IME
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\icsxml
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\ias
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\export
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\3com_dmi
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\3076
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\2052
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1054
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1046
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1042
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1041
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1037
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1033
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1031
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1028
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1025
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\security
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\Resources
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\mui
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\msapps
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\Media
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\java
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\ime
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\Driver Cache
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\Debug
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\Cursors
    2001-11-30 11:12:09 ----D---- C:\WINDOWS\Connection Wizard
  5. 2009-08-27, 21:20 #5
    Dragaodacampineira
    Dragaodacampineira is offline
    Junior Member
    Join Date
    Aug 2009
    Posts
    7

    Default

    qqqqqqqqq
  6. 2009-08-27, 21:24 #6
    tashi
    tashi is online now
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello

    Quote Originally Posted by Dragaodacampineira View Post
    Hi, there.
    I opened a topic called "'Total Security' installs automatcally", and was replying to it when i received a message "Sorry! This forum is not accepting new posts!". What happened? The topic got closed?
    I was replying to Katana. I installed and runned all tools indicated (MGADiag and RSIT). I am still troubled with this infection and willing to have your guidance. Should i post the logs created?
    I will take the liberty of posting the logs asked, for a (new) beginning.
    Your topic was archived, which is why you could not post to it.

    Due to inactivity, this thread will now be closed.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    http://forums.spybot.info/showthread.php?t=51009

    Please follow those instructions.

    Quote Originally Posted by Dragaodacampineira View Post
    qqqqqqqqq


    Due to the amount of posts in this thread helpers will think you are already being assisted, so this topic is closed.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules