"Total Security" runs automatically

Dragaodacampineira · Aug 27, 2009

Hi, there.
I opened a topic called "'Total Security' installs automatcally", and was replying to it when i received a message "Sorry! This forum is not accepting new posts!". What happened? The topic got closed?
I was replying to Katana. I installed and runned all tools indicated (MGADiag and RSIT). I am still troubled with this infection and willing to have your guidance. Should i post the logs created?
I will take the liberty of posting the logs asked, for a (new) beginning.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:51:49, on 27/8/2001
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\WindowsXP\Desktop\RSIT.exe
C:\Documents and Settings\WindowsXP\Desktop\WindowsXP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O4 - HKLM\..\Run: [Eac_Download] C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k
O4 - HKLM\..\Run: [Sysres] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [regtmlp] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [HotVideo_br] c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\Run: [13843124] C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE" "C:\Arquivos de programas\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UltraDiscador iBest] "C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

--
End of file - 4555 bytes

Dragaodacampineira · Aug 27, 2009

Here goes the MGADiag log:

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Clock sync error
Validation Code: 10

Cached Validation Code: N/A
Windows Product Key: *****-*****-YXRKT-8TG6W-2B7Q8
Windows Product Key Hash: RVvFciZMdQfJLyDpZteolhaqicQ=
Windows Product ID: 55274-640-0000356-23309
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.0.0.pro
ID: {7730CCCE-66D2-4ADC-8DD2-461451A35A85}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: FCEE394C-458-80041001_025D1FF3-344-80041001_025D1FF3-229-80041001_025D1FF3-230-1_025D1FF3-238-2_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 101 Not Activated
Microsoft Office XP Professional - 101 Not Activated
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-458-80041001_025D1FF3-344-80041001_025D1FF3-229-80041001_025D1FF3-230-1_025D1FF3-238-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Arquivos de programas\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7730CCCE-66D2-4ADC-8DD2-461451A35A85}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2B7Q8</PKey><PID>55274-640-0000356-23309</PID><PIDType>1</PIDType><SID>S-1-5-21-1202660629-1708537768-2146889571</SID><SYSTEM/><BIOS/><HWID>631D398F0184A049</HWID><UserLCID>0416</UserLCID><SystemLCID>0416</SystemLCID><TimeZone>Hora oficial do Brasil(GMT-03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>101</Result><Products><Product GUID="{91110416-6000-11D3-8CFE-0050048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>A110F76D971C7DC</Val><Hash>dVd/CksZKHMCpyWAuCWteTqQe6o=</Hash><Pid>54507-750-3144781-17921</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="10" Result="101"/><App Id="16" Version="10" Result="101"/><App Id="18" Version="10" Result="101"/><App Id="1A" Version="10" Result="101"/><App Id="1B" Version="10" Result="101"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Dragaodacampineira · Aug 27, 2009

This is RSIT's info.txt

info.txt logfile of random's system information tool 1.06 2001-08-27 01:52:01

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe ActiveShare 1.5-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C}\setup.exe" UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Agere Systems PCI Soft Modem-->agrsmdel
AntiViral Toolkit Pro-->C:\ARQUIV~1\ANTIVI~1\UNWISE.EXE C:\ARQUIV~1\ANTIVI~1\INSTALL.LOG
Barra do iG-->regsvr32.exe /u /s "C:\ARQUIV~1\IG\igshop.dll"
Désinstaller Le Petit Robert de la langue française-->C:\WINDOWS\IsUn040c.exe -f"C:\Arquivos de programas\Le Robert\Le Petit Robert\Uninst.isu"
DivX Codec 3.1alpha release-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
Edição Eletrônica de Freud-->C:\WINDOWS\ST4UNST.EXE -n "C:\Arquivos de programas\freud\ST4UNST.LOG"
EVEREST Ultimate Edition v5.02-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Grand Theft Auto-->C:\Games\Uninstal.exe
Half-Life: Opposing Force-->C:\GAMES\HALFLIFE\gearbox\UNWISE.EXE C:\GAMES\HALFLIFE\gearbox\INSTALL.LOG
Half-Life-->C:\WINDOWS\IsUninst.exe -fc:\Games\Halflife\Uninst.isu -c"c:\Games\Halflife\HLUNINST.DLL"
HijackThis 2.0.2-->"C:\Documents and Settings\WindowsXP\Desktop\HijackThis.exe" /uninstall
HP PrecisionScan LTX-->C:\WINDOWS\IsUn0816.exe -f"C:\Arquivos de programas\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Arquivos de programas\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
Kazaa Media Desktop 2.0.2-->RunDll32 C:\WINDOWS\System32\cd_clint.dll,ServiceRunDll u_291 "{A2756524-E9F9-4AC1-AF4E-15F3460ACB3E}"
LiveReg (Symantec Corporation)-->C:\Arquivos de programas\Arquivos comuns\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Macromedia Dreamweaver MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 9-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Macromedia\FreeHand 9\Uninst.isu"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000416-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Professional-->MsiExec.exe /I{91110416-6000-11D3-8CFE-0050048383C9}
mIRC-->"C:\Scoop2003\scoop.exe" -uninstall
Outlook Express Update Q330994-->C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
Sierra Utilities-->C:\Arquivos de programas\Sierra On-Line\sutil32.exe uninstall
SiS Audio Driver-->C:\Progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
Software para Impressoras EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\epupdate.exe /r
Suplemento MSN para Windows Messenger-->rundll32.exe "C:\Arquivos de programas\Messenger\MSGSC.dll",UnregisterMSNExt
SystemSecurity2009-->C:\Documents and Settings\WindowsXP\Menu Iniciar\Programas\Total Security\Total Security 2009.lnk
UltraDiscador iBest-->"C:\Arquivos de programas\UltraDiscador iBest\uninst.exe"
Winamp3 (remove only)-->C:\Arquivos de programas\Winamp3\uninst-wa3.EXE
Windows XP Application Compatibility Update[Q319580]-->C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows XP Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe
Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q309521 for more information]-->C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q311889 for more information]-->C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q311967 for more information]-->C:\WINDOWS\$NtUninstallQ311967$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q313450 for more information]-->C:\WINDOWS\$NtUninstallQ313450$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q314147 for more information]-->C:\WINDOWS\$NtUninstallQ314147$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q314862 for more information]-->C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q315000 for more information]-->C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q315403 for more information]-->C:\WINDOWS\$NtUninstallQ315403$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q317277 for more information]-->C:\WINDOWS\$NtUninstallQ317277$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q318138 for more information]-->C:\WINDOWS\$NtUninstallQ318138$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q323172 for more information]-->C:\WINDOWS\$NtUninstallQ323172$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q324096 for more information]-->C:\WINDOWS\$NtUninstallQ324096$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q324380 for more information]-->C:\WINDOWS\$NtUninstallQ324380$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q326830 for more information]-->C:\WINDOWS\$NtUninstallQ326830$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329441 for more information]-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q328310-->C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q331953-->C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
Windows XP Hotfix Package [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Dragaodacampineira · Aug 27, 2009

This is the part 1 of RSIT's log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by WindowsXP at 2001-08-27 01:51:43
WIN_XP
System drive C: has 23 GB (58%) free of 39 GB
Total RAM: 255 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:51:49, on 27/8/2001
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\WindowsXP\Desktop\RSIT.exe
C:\Documents and Settings\WindowsXP\Desktop\WindowsXP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O4 - HKLM\..\Run: [Eac_Download] C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k
O4 - HKLM\..\Run: [Sysres] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [regtmlp] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [HotVideo_br] c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\Run: [13843124] C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE" "C:\Arquivos de programas\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UltraDiscador iBest] "C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

--
End of file - 4555 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7EEF1E3D-FD97-4401-BCDB-5827F2D11709}]
&iG - C:\ARQUIV~1\IG\igshop.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2001-08-27 846876]
{7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - &iG - C:\ARQUIV~1\IG\igshop.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Eac_Download"=C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k []
"Sysres"=C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe []
"regtmlp"=C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe []
"WinampAgent"=C:\Arquivos de programas\Winamp3\winampa.exe []
"KAZAA"=C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY []
"HotVideo_br"=c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2002-02-01 87037]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"odby"=C:\WINDOWS\odb.exe [2001-08-27 234496]
"netc"=C:\WINDOWS\svc.exe [2001-08-27 233472]
"lsass"=C:\WINDOWS\lsass.exe [2001-08-27 279552]
"UpdateWin"=C:\WINDOWS\System32\2052t.exe [2001-08-27 41984]
"13843124"=C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124 [2001-08-27 56]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DELDIR0.EXE"=C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE [2003-10-16 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2001-08-27 13312]
"UltraDiscador iBest"=C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe [2003-01-17 16384]
"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2003-04-14 1491216]
"Le Petit Robert Hyperappel"=C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe [2001-10-11 22560]
"UpdateWin"=C:\WINDOWS\System32\2052t.exe [2001-08-27 41984]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2006-08-18 11:54:04 ----SHD---- C:\FOUND.045
2006-07-26 18:09:10 ----SHD---- C:\FOUND.044
2006-07-10 15:52:54 ----SHD---- C:\FOUND.043
2006-06-28 09:29:11 ----SHD---- C:\WINDOWS\CSC
2006-05-17 15:22:20 ----SHD---- C:\FOUND.042
2006-05-09 15:16:12 ----SHD---- C:\FOUND.041
2006-04-26 11:26:23 ----A---- C:\WINDOWS\System32\ntdll.dll
2005-12-14 14:09:11 ----A---- C:\WINDOWS\System32\MRT.exe
2005-09-13 02:03:53 ----D---- C:\quake 1
2005-09-11 13:23:52 ----SHD---- C:\FOUND.040
2005-09-10 23:28:40 ----D---- C:\Show Chic Corea e Banda
2005-09-10 23:21:43 ----HD---- C:\WINDOWS\$NtUninstallKB828741$
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\txflog.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\rpcss.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\rpcrt4.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\ole32.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\mtxoci.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\mtxclu.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\msdtctm.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\comuid.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\colbact.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\clbcatq.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\clbcatex.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\catsrv.dll
2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\es.dll
2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\comsvcs.dll
2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\catsrvut.dll
2005-09-10 23:20:15 ----HD---- C:\WINDOWS\$NtUninstallKB835732$
2005-09-10 23:20:14 ----A---- C:\WINDOWS\System32\rtcdll.dll
2005-09-10 23:20:14 ----A---- C:\WINDOWS\System32\netapi32.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\schannel.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\msgina.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\msasn1.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\mf3216.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\lsasrv.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\ipnathlp.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\h323msp.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\gdi32.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\browser.dll
2005-09-10 23:19:17 ----HD---- C:\WINDOWS\$NtUninstallKB823559$
2005-09-10 23:18:23 ----RA---- C:\WINDOWS\agrsmdel.exe
2005-09-10 23:18:22 ----RA---- C:\WINDOWS\AGRSMMSG.exe
2005-09-10 23:18:08 ----A---- C:\WINDOWS\System32\zipfldr.dll
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\WININET.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\URLMON.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\URL.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHLWAPI.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHDOCVW.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHDOCLC.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\PNGFILT.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\MSHTML.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\INSENG.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\BROWSEUI.DLL
2005-09-10 23:17:08 ----HD---- C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$
2005-09-10 23:15:48 ----HD---- C:\WINDOWS\$NtUninstallQ810833$
2005-09-10 23:15:48 ----A---- C:\WINDOWS\System32\locator.exe
2005-09-10 23:15:26 ----A---- C:\WINDOWS\System32\srrstr.dll
2005-09-10 23:14:29 ----HD---- C:\WINDOWS\$NtUninstallQ817606$
2005-08-22 15:37:30 ----D---- C:\WINDOWS\System32\SoftwareDistribution
2005-07-13 20:18:07 ----D---- C:\Arquivos de programas\Arquivos comuns\Macromedia
2005-07-13 20:02:07 ----N---- C:\WINDOWS\System32\cfperfmon_mx.dll
2005-07-13 19:45:30 ----D---- C:\Arquivos de programas\Macromedia
2005-05-26 04:16:30 ----A---- C:\WINDOWS\System32\wups2.dll
2005-02-11 13:36:12 ----SHD---- C:\FOUND.039
2005-01-21 14:48:57 ----D---- C:\NFS5
2005-01-21 14:34:14 ----SHD---- C:\FOUND.038
2005-01-05 11:42:22 ----D---- C:\Activision
2004-11-08 17:34:25 ----HD---- C:\WINDOWS\$hf_mig$
2004-10-16 14:48:35 ----D---- C:\WINDOWS\System32\bits
2004-10-16 14:48:23 ----HD---- C:\WINDOWS\$NtUninstallKB842773$
2004-09-16 12:26:39 ----N---- C:\WINDOWS\System32\bitsprx3.dll
2004-09-16 12:26:39 ----N---- C:\WINDOWS\System32\bitsprx2.dll
2004-09-16 12:26:39 ----A---- C:\WINDOWS\System32\winhttp.dll
2004-09-16 12:26:38 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2004-09-14 14:38:00 ----D---- C:\WINDOWS\SoftwareDistribution
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuweb.dll
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wups.dll
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wucltui.dll
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuaueng1.dll
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuauclt1.exe
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuapi.dll
2004-07-30 11:36:09 ----A---- C:\WINDOWS\PR1V2.INI
2004-07-30 11:29:37 ----D---- C:\Arquivos de programas\Le Robert
2004-07-30 11:28:39 ----A---- C:\WINDOWS\IsUn040c.exe
2004-06-30 16:59:34 ----N---- C:\WINDOWS\System32\xpob2res.dll
2003-11-01 11:54:06 ----H---- C:\WINDOWS\System32\MFCEH32.DLL
2003-10-16 22:20:24 ----A---- C:\WINDOWS\AVPM.INI
2003-10-16 22:20:24 ----A---- C:\WINDOWS\AVP32.INI
2003-10-16 22:20:16 ----D---- C:\Arquivos de programas\Arquivos comuns\AVP Shared
2003-10-16 22:20:16 ----D---- C:\Arquivos de programas\AntiViral Toolkit Pro
2003-10-16 21:36:56 ----D---- C:\Arquivos de programas\McAfee VirusScan 6.01.2000 Retail
2003-10-16 21:34:37 ----D---- C:\Arquivos de programas\Lavasoft
2003-10-16 20:59:54 ----D---- C:\Arquivos de programas\Trojan Remover
2003-09-27 14:01:16 ----SHD---- C:\FOUND.037
2003-09-21 20:04:38 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Macromedia
2003-09-21 15:00:06 ----SHD---- C:\FOUND.036
2003-09-17 11:30:36 ----SHD---- C:\FOUND.035
2003-08-16 15:22:44 ----SHD---- C:\FOUND.034
2003-08-12 21:11:08 ----SHD---- C:\FOUND.033
2003-07-21 15:03:40 ----D---- C:\Arquivos de programas\EMusic Download Manager
2003-07-21 14:48:54 ----A---- C:\WINDOWS\Winamp.ini
2003-07-21 14:48:15 ----D---- C:\Arquivos de programas\Winamp3
2003-07-20 23:50:18 ----A---- C:\WINDOWS\Video.INI
2003-07-19 13:22:38 ----SHD---- C:\FOUND.032
2003-07-15 15:59:30 ----A---- C:\WINDOWS\Icon.INI
2003-07-15 15:42:19 ----D---- C:\Arquivos de programas\UltraDiscador iBest
2003-07-14 17:35:33 ----HD---- C:\WINDOWS\$NtUninstallQ815021$
2003-07-14 17:34:12 ----A---- C:\WINDOWS\ieuninst.exe
2003-07-14 17:31:04 ----SHD---- C:\FOUND.031
2003-07-14 01:17:19 ----A---- C:\WINDOWS\uninst.exe
2003-07-10 23:47:18 ----SHD---- C:\FOUND.030
2003-06-24 21:12:28 ----SHD---- C:\FOUND.029
2003-06-02 23:50:46 ----SHD---- C:\FOUND.028
2003-05-27 17:55:41 ----HD---- C:\WINDOWS\$NtUninstallQ331953$
2003-05-27 17:54:52 ----D---- C:\WINDOWS\RegisteredPackages
2003-05-27 17:54:21 ----HD---- C:\WINDOWS\$NtUninstallQ811493$
2003-05-27 17:53:01 ----A---- C:\WINDOWS\System32\inetcomm.dll
2003-05-27 17:52:27 ----D---- C:\Arquivos de programas\Common Files
2003-05-21 18:47:51 ----N---- C:\WINDOWS\KiG.exe
2003-05-13 19:11:00 ----SHD---- C:\FOUND.027
2003-05-13 19:07:24 ----A---- C:\WINDOWS\System32\jscript.dll
2003-05-11 14:27:40 ----N---- C:\WINDOWS\Setup1.exe
2003-05-11 14:27:38 ----A---- C:\WINDOWS\ST6UNST.EXE
2003-05-11 14:21:19 ----A---- C:\WINDOWS\WORDPAD.INI
2003-05-08 01:19:56 ----D---- C:\WINDOWS\aod
2003-05-08 01:19:40 ----D---- C:\Arquivos de programas\ICQLite
2003-04-30 12:13:59 ----D---- C:\WINDOWS\Minidump
2003-04-22 18:43:24 ----SHD---- C:\FOUND.026
2003-04-04 11:58:08 ----SHD---- C:\FOUND.025
2003-03-21 15:17:26 ----SHD---- C:\FOUND.024
2003-03-14 12:18:06 ----HD---- C:\WINDOWS\$NtUninstallQ329170$
2003-03-14 12:15:57 ----HD---- C:\WINDOWS\$NtUninstallQ810577$
2003-03-14 12:14:23 ----HD---- C:\WINDOWS\$NtUninstallQ328310$
2003-03-14 12:14:23 ----A---- C:\WINDOWS\System32\winsrv.dll
2003-03-14 12:14:23 ----A---- C:\WINDOWS\System32\user32.dll
2003-03-14 12:13:02 ----HD---- C:\WINDOWS\$NtUninstallQ329115$
2003-03-14 12:12:50 ----HD---- C:\WINDOWS\$NtUninstallQ329390$
2003-03-14 12:12:16 ----HD---- C:\WINDOWS\$NtUninstallQ329441$
2003-03-12 12:22:48 ----SHD---- C:\FOUND.023
2003-03-03 15:26:12 ----A---- C:\WINDOWS\Q330994.exe
2003-02-23 13:50:20 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2003-02-22 13:43:32 ----SHD---- C:\FOUND.022
2003-01-28 16:11:32 ----SHD---- C:\FOUND.021
2003-01-20 17:20:29 ----A---- C:\WINDOWS\ntbtlog.txt
2003-01-20 16:51:37 ----D---- C:\WINDOWS\pss
2003-01-08 14:40:24 ----SHD---- C:\FOUND.020
2002-12-17 02:35:08 ----A---- C:\WINDOWS\nscstiu_error.txt
2002-12-16 13:50:16 ----SHD---- C:\FOUND.019
2002-12-12 12:54:18 ----A---- C:\WINDOWS\System32\wmv9dmod.dll
2002-12-03 15:28:06 ----SHD---- C:\FOUND.018
2002-11-19 13:48:52 ----SHD---- C:\FOUND.017
2002-11-18 17:05:16 ----A---- C:\WINDOWS\System32\HotVideo_br-uninstall.exe
2002-11-12 14:24:30 ----SHD---- C:\FOUND.016
2002-11-08 19:23:28 ----SHD---- C:\FOUND.015
2002-11-08 12:23:44 ----HD---- C:\WINDOWS\$NtUninstallQ329834$
2002-11-08 12:23:07 ----HD---- C:\WINDOWS\$NtUninstallQ329048$
2002-11-08 12:23:06 ----HD---- C:\WINDOWS\$xpsp1hfm$
2002-11-08 12:23:06 ----A---- C:\WINDOWS\System32\xpsp1hfm.exe
2002-11-08 12:22:33 ----HD---- C:\WINDOWS\$NtUninstallQ324096$
2002-11-08 12:22:09 ----HD---- C:\WINDOWS\$NtUninstallQ323172$
2002-11-08 12:21:41 ----HD---- C:\WINDOWS\$NtUninstallQ324380$
2002-10-31 01:11:14 ----A---- C:\WINDOWS\System32\iuengine.dll
2002-10-28 22:21:26 ----SHD---- C:\FOUND.014
2002-10-18 20:43:22 ----HD---- C:\WINDOWS\$NtUninstallQ326830$
2002-10-10 17:22:14 ----A---- C:\WINDOWS\System32\ibestutl.dll
2002-10-08 16:33:27 ----A---- C:\WINDOWS\readme.txt
2002-09-23 15:11:26 ----A---- C:\WINDOWS\System32\crypt32.dll
2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\itss.dll
2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\itircl.dll
2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\hhsetup.dll
2002-09-21 20:13:26 ----A---- C:\WINDOWS\hh.exe
2002-09-19 11:29:58 ----A---- C:\WINDOWS\System32\shmedia.dll
2002-09-17 16:02:50 ----SHD---- C:\FOUND.013
2002-09-08 20:21:46 ----SHD---- C:\FOUND.012
2002-08-30 16:14:22 ----D---- C:\WINDOWS\solcache
2002-08-27 15:58:18 ----SHD---- C:\FOUND.011
2002-08-20 21:08:17 ----HD---- C:\WINDOWS\$NtUninstallQ313450$
2002-08-09 13:05:42 ----SHD---- C:\FOUND.010
2002-07-27 13:36:30 ----SHD---- C:\FOUND.009
2002-07-27 13:22:48 ----HD---- C:\WINDOWS\$NtUninstallQ318138$
2002-07-27 13:22:39 ----A---- C:\WINDOWS\System32\dxmasf.dll
2002-07-27 13:22:37 ----A---- C:\WINDOWS\System32\wmpcore.dll
2002-07-26 22:56:44 ----SHD---- C:\FOUND.008
2002-07-25 18:20:04 ----A---- C:\WINDOWS\System32\xactsrv.dll
2002-07-25 17:21:47 ----A---- C:\WINDOWS\System32\MVBK14N.DLL
2002-07-25 17:21:46 ----A---- C:\WINDOWS\System32\MVTL14N.DLL
2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVSR14N.DLL
2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVMG14N.DLL
2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVMC14N.DLL
2002-07-25 17:21:44 ----A---- C:\WINDOWS\System32\MVIX14N.DLL
2002-07-25 17:21:44 ----A---- C:\WINDOWS\System32\MVFS14N.DLL
2002-07-25 17:21:43 ----A---- C:\WINDOWS\System32\MVUT14N.DLL
2002-07-25 17:21:43 ----A---- C:\WINDOWS\System32\MVCL14N.DLL
2002-07-25 17:21:37 ----A---- C:\WINDOWS\System32\GRDKRN32.DLL
2002-07-25 17:21:34 ----D---- C:\Arquivos de programas\freud
2002-07-24 00:57:42 ----D---- C:\WINDOWS\LogFiles
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\WININET(3).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\WININET(2).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URLMON(3).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URLMON(2).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URL(3).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URL(2).DLL
2002-07-23 08:58:14 ----A---- C:\WINDOWS\System32\SHDOCVW(2).DLL
2002-07-23 08:58:14 ----A---- C:\WINDOWS\System32\shdoclc(2).dll
2002-07-22 16:01:46 ----A---- C:\WINDOWS\System32\TrackerNET.dll
2002-07-22 16:01:46 ----A---- C:\WINDOWS\System32\libmySQL.dll
2002-07-18 18:54:20 ----A---- C:\WINDOWS\System32\rdpdd.dll
2002-07-02 11:19:58 ----SHD---- C:\FOUND.007
2002-06-27 13:26:24 ----SHD---- C:\FOUND.006
2002-06-27 01:08:24 ----SHD---- C:\FOUND.005
2002-06-22 14:06:53 ----A---- C:\WINDOWS\War3Unin.exe
2002-06-19 16:23:12 ----SHD---- C:\FOUND.004
2002-06-17 22:03:02 ----SHD---- C:\FOUND.003
2002-06-11 15:46:56 ----HD---- C:\WINDOWS\$NtUninstallQ309521$
2002-06-11 15:46:43 ----HD---- C:\WINDOWS\$NtUninstallQ311889$
2002-06-11 15:46:30 ----HD---- C:\WINDOWS\$NtUninstallQ315000$
2002-06-11 15:46:20 ----HD---- C:\WINDOWS\$NtUninstallQ314862$
2002-06-11 15:46:08 ----HD---- C:\WINDOWS\$NtUninstallQ315403$
2002-06-11 15:45:58 ----HD---- C:\WINDOWS\$NtUninstallQ314147$
2002-06-11 15:45:46 ----HD---- C:\WINDOWS\$NtUninstallQ311967$
2002-06-11 15:45:16 ----HD---- C:\WINDOWS\$NtUninstallQ319580$
2002-06-11 15:44:49 ----N---- C:\WINDOWS\System32\spmsg.dll
2002-06-11 15:44:29 ----HD---- C:\WINDOWS\$NtUninstallQ317277$
2002-06-11 15:44:00 ----HD---- C:\WINDOWS\msdownld.tmp
2002-05-27 00:41:18 ----SHD---- C:\FOUND.002
2002-05-18 20:00:32 ----SHD---- C:\FOUND.001
2002-04-29 12:40:50 ----SHD---- C:\FOUND.000
2002-04-17 00:18:21 ----RA---- C:\WINDOWS\System32\qdcspi.dll
2002-04-01 12:22:18 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\MSN6
2002-04-01 12:22:18 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\MSN6
2002-03-21 16:14:21 ----D---- C:\Arquivos de programas\ICQ
2002-03-15 19:37:54 ----D---- C:\sierra
2002-03-15 19:01:47 ----D---- C:\Temp
2002-03-15 18:39:15 ----D---- C:\SAVE
2002-03-15 16:43:21 ----A---- C:\WINDOWS\System32\SNWValid.dll
2002-03-15 16:43:21 ----A---- C:\WINDOWS\System32\SierraNW.dll
2002-03-15 16:43:18 ----D---- C:\Arquivos de programas\Sierra On-Line
2002-03-15 16:43:17 ----D---- C:\Games
2002-03-15 16:41:38 ----A---- C:\WINDOWS\SIERRA.INI
2002-02-26 14:58:06 ----A---- C:\WINDOWS\System32\vbscript.dll
2002-02-23 12:23:12 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Help
2002-02-15 15:59:08 ----A---- C:\WINDOWS\System32\msxml3.dll
2002-02-15 15:59:08 ----A---- C:\WINDOWS\System32\msxml3(2).dll
2002-02-12 22:24:54 ----A---- C:\WINDOWS\System32\rasdlg.dll
2002-02-12 22:24:52 ----A---- C:\WINDOWS\System32\rasapi32.dll
2002-02-12 22:24:52 ----A---- C:\WINDOWS\System32\rasapi32(2).dll
2002-02-12 22:03:02 ----A---- C:\WINDOWS\System32\snmpapi.dll
2002-02-12 22:02:36 ----A---- C:\WINDOWS\System32\wsnmp32.dll
2002-02-12 18:14:06 ----A---- C:\WINDOWS\System32\rassapi.dll
2002-01-25 03:36:44 ----A---- C:\WINDOWS\Access.exe
2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicutil4.exe
2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicutil4.dll
2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicunst.exe
2002-01-22 15:38:56 ----A---- C:\WINDOWS\System32\qmgr.dll
2002-01-22 15:38:56 ----A---- C:\WINDOWS\System32\qmgr(2).dll
2002-01-07 17:15:34 ----A---- C:\WINDOWS\System32\msxml2.dll
2001-12-19 18:20:12 ----A---- C:\WINDOWS\System32\termsrv.dll
2001-12-19 18:20:12 ----A---- C:\WINDOWS\System32\termsrv(2).dll
2001-12-18 15:10:56 ----A---- C:\WINDOWS\System32\netsetup.exe
2001-12-18 13:33:14 ----D---- C:\WINDOWS\System32\appmgmt
2001-12-17 18:02:20 ----A---- C:\WINDOWS\System32\upnp.dll
2001-12-17 18:02:20 ----A---- C:\WINDOWS\System32\upnp(2).dll
2001-12-11 22:09:10 ----D---- C:\WINDOWS\DIALPASS
2001-12-09 03:17:53 ----D---- C:\Arquivos de programas\fotos-videos
2001-12-05 10:17:06 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBUtil.dll
2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\ebpthp.dll
2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBPMON2.DLL
2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBAPI.dll
2001-12-05 10:16:56 ----D---- C:\Arquivos de programas\Arquivos comuns\EPSON
2001-12-03 00:46:43 ----HD---- C:\WINDOWS\PIF
2001-12-03 00:26:52 ----SD---- C:\WINDOWS\Temporary Internet Files
2001-12-03 00:26:52 ----SD---- C:\WINDOWS\Hist¾rico
2001-12-01 11:51:32 ----RA---- C:\WINDOWS\System32\hpsjvset.dll
2001-12-01 11:46:15 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2001-12-01 11:44:45 ----D---- C:\Adobe Albums
2001-12-01 11:43:22 ----D---- C:\sj645
2001-12-01 11:39:14 ----A---- C:\WINDOWS\System32\Dc50v11_32.dll
2001-12-01 11:39:14 ----A---- C:\WINDOWS\System32\Dc50ip32.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\SC.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixjpeg.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixio130.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixguid.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekexifio.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\DC265.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psParse.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psl350.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psdkReg.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\pscSetup.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\pscParse.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\F210.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixpsets.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixexif.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixaudio.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC280.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC240.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC210.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscLL.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Pscl2STI.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscDvlp.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscDcd.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscCllct.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscAdimg.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Deimg603.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg602.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg401.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg301.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Comm32.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Camapi32.dll
2001-12-01 11:39:10 ----D---- C:\Arquivos de programas\Arquivos comuns\FotoNation
2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\npplg10N.dll
2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\lttwn10N.dll
2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\ltthk10w.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltkrn10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltisi10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltimg10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltfil10N.DLL
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltefx10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltdlg10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\LTDIS10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltann10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfwmf10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lftif10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpsd10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpng10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpcd10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfgif10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lffax10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\LFCMP10N.DLL
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfbmp10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfawd10N.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\SfClientDLL.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\PLUGIN.DLL
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\lfavi10N.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\ioRdyRes.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\Iordy.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\ECircles.dll
2001-12-01 11:38:47 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe
2001-12-01 11:38:46 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2001-12-01 11:38:46 ----D---- C:\Arquivos de programas\Adobe
2001-12-01 11:38:04 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\ltkrn70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\ltfil70n.DLL
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lftif70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfpng70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfpcx70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\Lfkodak.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfgif70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lffpx70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\Lffpx7.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\hpsj32.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\hpgreg32.dll
2001-12-01 11:37:36 ----A---- C:\WINDOWS\System32\lffax70n.dll
2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\LFCMP70n.DLL
2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipeistor12.dll
2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipebase12.dll
2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipeapi12.dll
2001-12-01 11:37:14 ----D---- C:\Arquivos de programas\Hewlett-Packard
2001-12-01 11:06:10 ----D---- C:\WINDOWS\System32\ReinstallBackups
2001-12-01 11:03:29 ----A---- C:\WINDOWS\hppsapp.INI
2001-12-01 10:53:31 ----A---- C:\WINDOWS\IsUn0816.exe
2001-11-30 15:16:29 ----D---- C:\Clips
2001-11-30 13:30:21 ----D---- C:\WINDOWS\System32\NtmsData
2001-11-30 12:22:54 ----A---- C:\WINDOWS\IsUn0416.exe
2001-11-30 12:17:43 ----A---- C:\WINDOWS\ODBC.INI
2001-11-30 12:14:25 ----D---- C:\Arquivos de programas\Microsoft Visual Studio
2001-11-30 12:14:25 ----D---- C:\Arquivos de programas\Arquivos comuns\Designer
2001-11-30 12:11:03 ----D---- C:\WINDOWS\ShellNew
2001-11-30 12:10:55 ----D---- C:\Arquivos de programas\Microsoft Office
2001-11-30 11:49:41 ----SHD---- C:\RECYCLED
2001-11-30 11:48:05 ----A---- C:\WINDOWS\System32\msjter35.dll
2001-11-30 11:48:05 ----A---- C:\WINDOWS\System32\Msjint35.dll
2001-11-30 11:48:03 ----A---- C:\WINDOWS\System32\msrd2x35.dll
2001-11-30 11:48:01 ----A---- C:\WINDOWS\System32\vbar332.dll
2001-11-30 11:48:01 ----A---- C:\WINDOWS\System32\msjet35.dll
2001-11-30 11:45:39 ----SD---- C:\WINDOWS\System32\Microsoft
2001-11-30 11:45:28 ----D---- C:\Arquivos de programas\Norton SystemWorks
2001-11-30 11:45:19 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Symantec
2001-11-30 11:45:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec
2001-11-30 11:45:06 ----D---- C:\Arquivos de programas\Symantec
2001-11-30 11:44:51 ----D---- C:\Arquivos de programas\Arquivos comuns\Symantec Shared
2001-11-30 11:44:43 ----A---- C:\WINDOWS\System32\msstkprp.dll
2001-11-30 11:44:36 ----A---- C:\WINDOWS\IsUninst.exe
2001-11-30 11:41:42 ----SHD---- C:\WINDOWS\Installer
2001-11-30 11:41:38 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Identities
2001-11-30 11:41:34 ----HD---- C:\Arquivos de programas\Uninstall Information
2001-11-30 11:41:23 ----SD---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Microsoft
2001-11-30 11:41:23 ----ASH---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\desktop.ini
2001-11-30 11:39:59 ----D---- C:\WINDOWS\Prefetch
2001-11-30 11:39:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2001-11-30 11:33:34 ----D---- C:\Arquivos de programas\xerox
2001-11-30 11:33:33 ----D---- C:\WINDOWS\System32\xircom
2001-11-30 11:33:33 ----D---- C:\Arquivos de programas\microsoft frontpage
2001-11-30 11:32:44 ----A---- C:\WINDOWS\control.ini
2001-11-30 11:32:44 ----A---- C:\AUTOEXEC.BAT
2001-11-30 11:32:28 ----A---- C:\WINDOWS\OEWABLog.txt
2001-11-30 11:32:21 ----A---- C:\WINDOWS\System32\mapi32.dll
2001-11-30 11:30:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2001-11-30 11:30:14 ----RD---- C:\WINDOWS\Offline Web Pages
2001-11-30 11:30:14 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest
2001-11-30 11:30:01 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest
2001-11-30 11:29:26 ----D---- C:\WINDOWS\srchasst
2001-11-30 11:29:20 ----D---- C:\WINDOWS\System32\Macromed
2001-11-30 11:29:20 ----D---- C:\WINDOWS\System32\DirectX
2001-11-30 11:29:10 ----D---- C:\Arquivos de programas\Movie Maker
2001-11-30 11:29:00 ----A---- C:\WINDOWS\System32\safrslv.dll
2001-11-30 11:29:00 ----A---- C:\WINDOWS\System32\safrdm.dll
2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\safrcdlg.dll
2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\racpldlg.dll
2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\atrace.dll
2001-11-30 11:28:56 ----A---- C:\WINDOWS\System32\desktop.ini
2001-11-30 11:28:56 ----A---- C:\WINDOWS\desktop.ini
2001-11-30 11:28:53 ----D---- C:\WINDOWS\System32\Restore
2001-11-30 11:28:53 ----D---- C:\Arquivos de programas\Windows Media Player
2001-11-30 11:28:53 ----A---- C:\WINDOWS\System32\srsvc.dll
2001-11-30 11:28:53 ----A---- C:\WINDOWS\System32\srclient.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\nmevtmsg.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\msconf.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\mnmdd.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\isrdbg32.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\ils.dll
2001-11-30 11:28:50 ----D---- C:\WINDOWS\PCHEALTH
2001-11-30 11:28:50 ----D---- C:\Arquivos de programas\NetMeeting
2001-11-30 11:28:50 ----A---- C:\WINDOWS\System32\msoert2.dll
2001-11-30 11:28:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Serviços
2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\msoeacct.dll
2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\inetres.dll
2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\acctres.dll
2001-11-30 11:28:46 ----SD---- C:\WINDOWS\Tasks
2001-11-30 11:28:46 ----D---- C:\Arquivos de programas\Outlook Express
2001-11-30 11:28:46 ----A---- C:\WINDOWS\System32\schedsvc.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\mstinit.exe
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\mstask.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\isign32.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\inetcfg.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icwphbk.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icwdial.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icfgnt5.dll
2001-11-30 11:28:44 ----D---- C:\Arquivos de programas\Arquivos comuns\MSSoap
2001-11-30 11:28:42 ----D---- C:\Arquivos de programas\Arquivos comuns\System
2001-11-30 11:28:41 ----D---- C:\Arquivos de programas\Internet Explorer
2001-11-30 11:27:14 ----D---- C:\Arquivos de programas\ComPlus Applications
2001-11-30 11:27:11 ----A---- C:\WINDOWS\vbaddin.ini
2001-11-30 11:27:11 ----A---- C:\WINDOWS\vb.ini
2001-11-30 11:27:02 ----D---- C:\WINDOWS\Registration
2001-11-30 11:26:45 ----HD---- C:\Arquivos de programas\WindowsUpdate
2001-11-30 11:26:45 ----D---- C:\Arquivos de programas\Serviços on-line
2001-11-30 11:26:32 ----D---- C:\Arquivos de programas\Messenger
2001-11-30 11:26:25 ----D---- C:\Arquivos de programas\MSN
2001-11-30 11:26:23 ----D---- C:\Arquivos de programas\MSN Gaming Zone
2001-11-30 11:26:23 ----A---- C:\WINDOWS\System32\write.exe
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\sndvol32.exe
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\sndrec32.exe
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\mplay32.exe
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\hypertrm.dll
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\accwiz.exe
2001-11-30 11:26:14 ----D---- C:\Arquivos de programas\Windows NT
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\winchat.exe
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\hticons.dll
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avwav.dll
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avtapi.dll
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avmeter.dll
2001-11-30 11:26:13 ----A---- C:\WINDOWS\System32\mspaint.exe
2001-11-30 11:26:10 ----A---- C:\WINDOWS\System32\getuname.dll
2001-11-30 11:26:10 ----A---- C:\WINDOWS\System32\clipbrd.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\winmine.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\spider.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\sol.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\mshearts.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\charmap.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\calc.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuauserv.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuaueng.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuauclt.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\sessmgr.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\reset.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\remotepg.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdshost.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdchost.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\mstscax.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\mstsc.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\freecell.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\usrlogon.cmd
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tsshutdn.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tslabels.ini
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tskill.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tsdiscon.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tscon.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\shadow.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rwinsta.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\regini.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpclip.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpcfgex.dll
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qwinsta.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qprocess.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qappsrv.exe
2001-11-30 11:26:06 ----D---- C:\WINDOWS\System32\MsDtc
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\xolehlp.dll
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\msg.exe
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\msdtcprf.ini
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\logoff.exe
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\icaapi.dll
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\cdmodem.dll
2001-11-30 11:26:05 ----A---- C:\WINDOWS\System32\msdtclog.dll
2001-11-30 11:26:05 ----A---- C:\WINDOWS\System32\msdtc.exe
2001-11-30 11:26:04 ----D---- C:\WINDOWS\System32\Com
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\stclient.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxlegih.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxex.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxdm.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\comrepl.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\comaddin.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\catsrvps.dll
2001-11-30 11:26:03 ----A---- C:\WINDOWS\System32\comsnap.dll
2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\wmimgmt.msc
2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\servdeps.dll
2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\mmfutil.dll
2001-11-30 11:25:55 ----A---- C:\WINDOWS\System32\licwmi.dll
2001-11-30 11:25:55 ----A---- C:\WINDOWS\System32\cmprops.dll
2001-11-30 11:23:54 ----A---- C:\WINDOWS\System32\h323log.txt
2001-11-30 11:20:55 ----A---- C:\WINDOWS\System32\nv4.dll
2001-11-30 11:20:43 ----A---- C:\WINDOWS\System32\usbui.dll
2001-11-30 11:18:26 ----A---- C:\WINDOWS\imsins.BAK
2001-11-30 11:18:18 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2001-11-30 11:18:16 ----D---- C:\Arquivos de programas\Arquivos comuns\ODBC
2001-11-30 11:18:16 ----A---- C:\WINDOWS\ODBCINST.INI
2001-11-30 11:18:11 ----D---- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
2001-11-30 11:18:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
2001-11-30 11:18:11 ----AD---- C:\Arquivos de programas\Arquivos comuns
2001-11-30 11:18:11 ----AD---- C:\Arquivos de programas
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\spxcoins.dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\irclass.dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\EqnClass.Dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\dgsetup.dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\dgrpsetu.dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\batt.dll
2001-11-30 11:18:01 ----N---- C:\WINDOWS\System32\CONFIG.TMP
2001-11-30 11:18:01 ----A---- C:\WINDOWS\TASKMAN.EXE
2001-11-30 11:18:01 ----A---- C:\WINDOWS\NOTEPAD.EXE
2001-11-30 11:18:00 ----A---- C:\WINDOWS\System32\storprop.dll
2001-11-30 11:17:44 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
2001-11-30 11:17:23 ----D---- C:\WINDOWS\System32\CatRoot2
2001-11-30 11:17:23 ----D---- C:\WINDOWS\System32\CatRoot
2001-11-30 11:17:17 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
2001-11-30 11:17:03 ----A---- C:\WINDOWS\setuplog.txt
2001-11-30 11:16:54 ----D---- C:\Documents and Settings
2001-11-30 11:12:09 ----RSHD---- C:\WINDOWS\System32\dllcache
2001-11-30 11:12:09 ----RD---- C:\WINDOWS\Web
2001-11-30 11:12:09 ----D---- C:\WINDOWS\WinSxS
2001-11-30 11:12:09 ----D---- C:\WINDOWS\twain_32
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Temp
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\wbem
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\usmt
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\ShellExt
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\Setup
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\oobe
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\npp
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\mui
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\inetsrv
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\IME
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\icsxml
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\ias
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\export
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\3com_dmi
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\3076
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\2052
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1054
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1046
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1042
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1041
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1037
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1033
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1031
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1028
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1025
2001-11-30 11:12:09 ----D---- C:\WINDOWS\security
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Resources
2001-11-30 11:12:09 ----D---- C:\WINDOWS\mui
2001-11-30 11:12:09 ----D---- C:\WINDOWS\msapps
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Media
2001-11-30 11:12:09 ----D---- C:\WINDOWS\java
2001-11-30 11:12:09 ----D---- C:\WINDOWS\ime
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Driver Cache
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Debug
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Cursors
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Connection Wizard

Dragaodacampineira · Aug 27, 2009

qqqqqqqqq

tashi · Aug 27, 2009

Hello

Dragaodacampineira said:
Hi, there.
I opened a topic called "'Total Security' installs automatcally", and was replying to it when i received a message "Sorry! This forum is not accepting new posts!". What happened? The topic got closed?
I was replying to Katana. I installed and runned all tools indicated (MGADiag and RSIT). I am still troubled with this infection and willing to have your guidance. Should i post the logs created?
I will take the liberty of posting the logs asked, for a (new) beginning.

Your topic was archived, which is why you could not post to it.

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

http://forums.spybot.info/showthread.php?t=51009

Please follow those instructions.

Dragaodacampineira said:
qqqqqqqqq

:scratch:

Due to the amount of posts in this thread helpers will think you are already being assisted, so this topic is closed.

Best regards.

"Total Security" runs automatically

Dragaodacampineira

New member

Dragaodacampineira

New member

Dragaodacampineira

New member

Dragaodacampineira

New member

Dragaodacampineira

New member

tashi

Member of Team Spybot