Virus infection

[.Fallen.]

Hi,
My computer have been recently infected with a virus(?) hldrrr.exe , i digged up the web for info on how to remove it and the solutions posted in forums are mostly confuse for me as im not an expert in operating systems, so i tought id come to professional help, my anti virus been disabled and wont install at all, i also runned an online scan and it found virus sources in the computer but wasnt able to clean them, im slightly desperated and seek for professional help

thanks in advance

 

[.Fallen.]

Hi,
My computer have been recently infected with a virus(?) hldrrr.exe , i digged up the web for info on how to remove it and the solutions posted in forums are mostly confuse for me as im not an expert in operating systems, so i tought id come to professional help, my anti virus been disabled and wont install at all, i also runned an online scan and it found virus sources in the computer but wasnt able to clean them, im slightly desperated and seek for professional help

thanks in advance

Also to add to this and i read the forum posts about first time posts, i tryed to instal spybot and the virus blocks it like it does witht the anti-virus , i cant also start in safe-mode and the same goes to Hijack this all says " .. aint a win32 valid aplication.." =(

 

[.Fallen.]

More Info

More info that may help , wille i was reading other users problems similar to mine, i found out i can get the log with Autoruns (?) i dl it and managed to get the log :


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\programas\adobe\reader 8.0\reader\reader_sl.exe
+ AppleSyncNotifier AppleSyncNotifier (Verified) Apple Inc. c:\programas\ficheiros comuns\apple\mobile device support\bin\applesyncnotifier.exe
+ Cleanup File not found: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup
+ Corel Photo Downloader File not found: C:\Programas\Ficheiros comuns\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
+ CTStartup Startup Splash (Not verified) Creative Technology Ltd. c:\programas\creative\splash screen\cteaxspl.exe
+ DownloadAccelerator Download Accelerator Plus (DAP) (Verified) Speed-Bit LTD c:\programas\dap\dap.exe
+ iTunesHelper iTunesHelper Module (Verified) Apple Inc. c:\programas\itunes\ituneshelper.exe
+ Jet Detection Creative JetDetect c:\programas\creative\sblive\program\adgjdet.exe
+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe
+ nwiz NVIDIA nView Wizard, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe
+ PWRISOVM.EXE PowerISO Virtual Drive Manager (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisovm.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\programas\quicktime\qttask.exe
+ SpySweeper Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\spysweeperui.exe
+ UpdReg Creative UpdReg (Not verified) Creative Technology Ltd. c:\windows\updreg.exe
+ WINDVDPatch CtHelper Application (Not verified) Creative Technology Ltd c:\windows\system32\cthelper.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
+ Metacafe.lnk (Verified) Metacafe c:\programas\metacafe\metacafeagent.exe
C:\Documents and Settings\danger\Menu Iniciar\Programas\Arranque
+ Metacafe.lnk (Verified) Metacafe c:\programas\metacafe\metacafeagent.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ DAEMON Tools Virtual DAEMON Manager (Verified) DAEMON Tools Code Signing Services c:\programas\daemon tools\daemon.exe
+ Veoh Veoh Client (Verified) Veoh Networks c:\programas\veoh networks\veoh\veohclient.exe
HKLM\SOFTWARE\Classes\Protocols\Handler
+ linkscanner File not found: C:\Programas\AVG\AVG8\avgpp.dll
+ skype4com Skype for COM API (Verified) Skype Technologies SA c:\programas\ficheiros comuns\skype\skype4com.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ DAP_ShredMenu DAPCtxMenuShell Module (Verified) Speed-Bit LTD c:\programas\dap\privacy package\dapctxmenushell.dll
+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisosh.dll
+ WinRAR c:\programas\winrar\rarext.dll
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ SpySweeper Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\ssctxmnu.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ DAP_ShredMenu DAPCtxMenuShell Module (Verified) Speed-Bit LTD c:\programas\dap\privacy package\dapctxmenushell.dll
+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisosh.dll
+ WinRAR c:\programas\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinRAR c:\programas\winrar\rarext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\programas\ficheiros comuns\adobe\acrobat\activex\pdfshell.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisosh.dll
+ SpySweeper Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\ssctxmnu.dll
+ WinRAR c:\programas\winrar\rarext.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ 00nView NVIDIA Desktop Explorer, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Apresentar extensão de panorâmica CPL File not found: deskpan.dll
+ Desktop Explorer NVIDIA Desktop Explorer, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ iTunes iTunes Mini Player DLL (Verified) Apple Inc. c:\programas\itunes\itunesminiplayer.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 111.32 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\programas\poweriso\pwrisosh.dll
+ Webroot Spy Sweeper Context Menu Integration Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\ssctxmnu.dll
+ WinRAR shell extension c:\programas\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\programas\ficheiros comuns\adobe\acrobat\activex\acroiehelper.dll
+ AVG Safe Search File not found: C:\Programas\AVG\AVG8\avgssie.dll
+ AVG Security Toolbar File not found: C:\Programas\AVG\AVG8\avgtoolbar.dll
+ Skype add-on (mastermind) Skype add-on for IE (Not verified) Skype Technologies S.A. c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
+ SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\programas\java\jre1.6.0_03\bin\ssv.dll
+ Winamp Toolbar BHO Winamp IE Toolbar Dynamic Link Library (Verified) AOL LLC c:\programas\winamp toolbar\winamptb.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Winamp Toolbar Winamp IE Toolbar Dynamic Link Library (Verified) AOL LLC c:\programas\winamp toolbar\winamptb.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ ICQ6 ICQ Library (Verified) ICQ c:\programas\icq6\icq.exe
+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe
Task Scheduler
+ AppleSoftwareUpdate.job Apple Software Update (Verified) Apple Inc. c:\programas\apple software update\softwareupdate.exe
+ wrSpySweeperFullSweep.job Spy Sweeper Client Executable (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\spysweeperui.exe
HKLM\System\CurrentControlSet\Services
+ Akamai Provides networking protocol and file transfer technologies. If the service is stopped, those applications that depend on the service may fail to transfer files or otherwise function properly. c:\programas\ficheiros comuns\akamai\rswin_3409.dll
+ Apple Mobile Device Fornece a interface para dispositivos móveis da Apple. (Verified) Apple Inc. c:\programas\ficheiros comuns\apple\mobile device support\bin\applemobiledeviceservice.exe
+ Bonjour Service Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration. (Not verified) Apple Inc. c:\programas\bonjour\mdnsresponder.exe
+ Creative Service for CDROM Access Creative Service for CDROM Access (Not verified) Creative Technology Ltd c:\windows\system32\ctsvccda.exe
+ PnkBstrA PunkBuster Service Component [v1029] http://www.evenbalance.com (Verified) Even Balance, Inc. c:\windows\system32\pnkbstra.exe
+ ProtexisLicensing Protexis Licensing Service (Verified) Corel Corporation c:\windows\system32\psiservice.exe
+ WebrootSpySweeperService Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function. (Verified) Webroot Software, Inc. c:\programas\webroot\spy sweeper\spysweeper.exe
+ WMDM PMSP Service WMDM PMSP Service (Not verified) Microsoft Corporation c:\windows\system32\mspmspsv.exe
HKLM\System\CurrentControlSet\Services
+ a7kxd5sx File not found: C:\WINDOWS\System32\Drivers\a7kxd5sx.sys
+ a7kxd5sx File not found: C:\WINDOWS\System32\Drivers\a7kxd5sx.sys
+ ASPI32 ASPI for WIN32 Kernel Driver (Not verified) Adaptec c:\windows\system32\drivers\aspi32.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ EagleNT File not found: C:\WINDOWS\system32\drivers\EagleNT.sys
+ GEARAspiWDM CD DVD Filter (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ PciCon File not found: E:\PciCon.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ SCDEmu PowerISO Virtual Drive (Not verified) PowerISO Computing, Inc. c:\windows\system32\drivers\scdemu.sys
+ sptd c:\windows\system32\drivers\sptd.sys
+ ssfs0bbc Spy Sweeper File System Filter Driver (Verified) Webroot Software, Inc. c:\windows\system32\drivers\ssfs0bbc.sys
+ sshrmd Spy Sweeper Hookrack MiniDriver (Verified) Webroot Software, Inc. c:\windows\system32\drivers\sshrmd.sys
+ ssidrv Spy Sweeper Interdiction Driver (Verified) Webroot Software, Inc. c:\windows\system32\drivers\ssidrv.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ XDva076 File not found: C:\WINDOWS\system32\XDva076.sys
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider (Not verified) Apple Inc. c:\programas\bonjour\mdnsnsp.dll


----
Also reading other peoples and Admins posts i found out that this Virus type is highly dangerouse for people who make online banker transactions (?)
I do conduct money transactions from this computer and store bank info in it as there is at the moment still. If i may ask for advise on this situation ill happily take them.
thank you once again

 

[Blade81]

Hi

You most likely have Bagle infection there. If you've used system with removable flash drive then don't plug those flash drives into other system or the infection will spread to that other system too. Let's see if you can create logs with RSIT.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit\info.txt file)

 

[.Fallen.]

hi and thanks for the reply here is the both
Info :

info.txt logfile of random's system information tool 1.04 2008-10-10 14:30:51

======Uninstall list======

-->C:\Programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Programas\Creative\SBLive\Program\Ctzapxx.EXE /X /U /S /L:BRZ
-->C:\Programas\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x416
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x416 /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x416
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x416 /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x416
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x416 /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x416
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x416 /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x416
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x416 /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x416
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x416 /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x416
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x416 /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x416
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x416 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Actualização de segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Actualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Actualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Actualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age Of Pirates - Caribbean Tales 1.41-->"d:\Programas joao\Playlogic\Age of Pirates - Caribbean Tales\unins000.exe"
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
America's Army-->MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Arquivo do WinRAR-->C:\Programas\WinRAR\uninstall.exe
Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Audacity 1.2.6-->"C:\Programas\Audacity\unins000.exe"
AV Music Morpher Gold-->C:\Programas\AV Music Morpher Gold\uninstall.exe
Avimator (remove only)-->C:\Programas\Avimator\Uninstall.exe
AVS Audio Tools version 4.4-->"C:\Programas\AVSMedia\AudioTools\unins000.exe"
AVS DVD Player version 2.4-->"C:\Programas\AVSMedia\DVDPlayer\unins000.exe"
Blaze Audio Voice Cloak Plus Trial-->"C:\Programas\Blaze Audio\Voice Cloak Plus Trial\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Correcção para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
DDClip Pro 3.51-->"C:\Programas\DDClip Pro\unins000.exe"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec-->C:\Programas\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Programas\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Programas\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programas\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
EA SPORTS online 2008-->C:\Programas\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
eMule-->"d:\Programas de joao\eMule4\Uninstall.exe"
ER-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{C154CE55-1AEC-4917-B888-DFD22186E737}\setup.exe" -l0x9 -removeonly
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Football Manager 2008-->"D:\programas joao\fm2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Free MP3 WMA WAV Converter v2.0-->"C:\Programas\Free MP3 WMA WAV Converter\unins000.exe"
GameShadow-->MsiExec.exe /I{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GodFather 3.0-->"d:\GodFather\setup\uninst.exe"
Hernline-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{41D5A562-2FE2-4CF2-AB03-62803FD7049F}\setup.exe"
HijackThis 2.0.2-->"C:\Programas\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ6-->"C:\Programas\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Imagine Fashion Designer-->"C:\Programas\InstallShield Installation Information\{DAE76241-A047-407E-9237-26120C7BA6CE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Install(US)2-->C:\Programas\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Messenger Plus! Live-->"C:\Programas\Messenger Plus! Live\Uninstall.exe"
Metacafe-->C:\Programas\Metacafe\uninstaller.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MindTwisteR Skript v4.5-->C:\WINDOWS\iun6002.exe "C:\mindtwister45\irunin.ini"
mIRC-->"C:\Invincible\Invincible\mIRC.exe" -uninstall
mkw Audio Compression Toolkit-->C:\WINDOWS\IsUninst.exe -fd:\compresser\Uninst.isu
Monkey's Audio-->"C:\Programas\Monkey's Audio\unins000.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero Suite-->C:\Programas\Ficheiros comuns\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Netscape (7.2)-->C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Poker Trillion-->C:\Programas\Poker Trillion\uninst.exe
PowerISO-->"C:\Programas\PowerISO\uninstall.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RCA Digital Cable Modem-->URCACM.EXE
SecondLife (remove only)-->"C:\Programas\SecondLife\uninst.exe" /P="SecondLife"
SHOUTcast DNAS (remove only)-->"C:\Programas\SHOUTcast\uninst-dnas.exe"
SHOUTcast Source DSP 1.9.0 (remove only)-->C:\Programas\Winamp\uninst-dsp.exe
Sierra Utilities-->C:\Programas\Sierra On-Line\sutil32.exe uninstall
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Solid State ION Internet Explorer Plugin-->C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe /Uninstall activex
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x416
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Super Jigsaw Kinkade Holiday-->C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-KIN~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\KinkadeHoliday-INSTALL.LOG
TeamSpeak 2 RC2-->C:\Programas\Teamspeak2_RC2\unins000.exe
The Realm 3.0-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Realm3\Uninst.isu
TWL AA Cheat Deterrent Client-->MsiExec.exe /I{A9BD391C-A3D7-47EC-847C-A22935AB0193}
VeohTV BETA-->C:\Programas\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VIA Platform Device Manager-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Virtual DJ - Atomix Productions-->D:\PROGRA~4\VIRTUA~1\UNWISE.EXE D:\PROGRA~4\VIRTUA~1\INSTALL.LOG
Webroot AntiVirus with AntiSpyware-->"C:\Programas\Webroot\Spy Sweeper\unins000.exe"
Winamp Toolbar for Internet Explorer-->"C:\Programas\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Programas\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{0C69F74B-DA6A-4C56-8017-988B7D63993A}
Windows Live Messenger-->MsiExec.exe /X{B98023FD-EC2A-404B-BFC3-49E7ECE4490E}
Windows Media Format 11 runtime-->"C:\Programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Creativity Fun Packs - Windows Movie Maker 2-->MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinXMedia AVI/WMV 3GP Converter 3.15-->C:\Programas\WinXMedia\WinXMedia AVI 3GP Converter\uninst.exe

======Security center information======

AV: AVG Anti-Virus (outdated)
AV: Webroot AntiVirus with AntiSpyware (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programas\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

 

[.Fallen.]

and the Log :

Logfile of random's system information tool 1.04 (written by random/random)
Run by danger at 2008-10-10 14:30:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (19%) free of 35 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:15, on 10-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\PowerISO\PWRISOVM.EXE
C:\Programas\DAP\DAP.EXE
C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\Programas\Metacafe\MetacafeAgent.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programas\Windows Live\Messenger\usnsvc.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Webroot\Spy Sweeper\SSU.EXE
D:\RSIT.exe
C:\Programas\trend micro\danger.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programas\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programas\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [WINDVDPatch] "C:\WINDOWS\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [Jet Detection] "C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programas\Ficheiros comuns\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Programas\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programas\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [Cleanup] c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Veoh] "C:\Programas\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Programas\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Metacafe.lnk = C:\Programas\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1198790402609
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10082 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar BHO - C:\Programas\Winamp Toolbar\winamptb.dll [2007-12-13 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programas\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\Programas\AVG\AVG8\avgtoolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programas\Winamp Toolbar\winamptb.dll [2007-12-13 1185120]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\Programas\AVG\AVG8\avgtoolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Programas\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"CTStartup"=C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE [2001-12-20 28672]
"Corel Photo Downloader"=C:\Programas\Ficheiros comuns\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe -startup []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"Adobe Reader Speed Launcher"=C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"PWRISOVM.EXE"=C:\Programas\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
"DownloadAccelerator"=C:\Programas\DAP\DAP.EXE [2008-05-27 3053056]
"AppleSyncNotifier"=C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Programas\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Programas\iTunes\iTunesHelper.exe [2008-07-10 289064]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep.exe [2008-04-14 10752]
"Cleanup"=c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup []
"SpySweeper"=C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Programas\DAEMON Tools\daemon.exe [2007-04-03 165784]
"Veoh"=C:\Programas\Veoh Networks\Veoh\VeohClient.exe [2008-08-13 3660848]
""= []

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
Metacafe.lnk - C:\Programas\Metacafe\MetacafeAgent.exe

C:\Documents and Settings\danger\Menu Iniciar\Programas\Arranque
Metacafe.lnk - C:\Programas\Metacafe\MetacafeAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\programas joao\eMule\emule.exe"="D:\programas joao\eMule\emule.exe:*:Enabled:eMule"
"C:\Programas\Messenger\msmsgs.exe"="C:\Programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\programas joao\fm2008\fm.exe"="D:\programas joao\fm2008\fm.exe:*:Enabled:Football Manager 2008"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Programas\DNA\btdna.exe"="C:\Programas\DNA\btdna.exe:*:EnabledNA"
"C:\Programas\BitTorrent\bittorrent.exe"="C:\Programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Programas\SHOUTcast\sc_serv.exe"="C:\Programas\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv"
"D:\programas joao\eMule2\emule.exe"="D:\programas joao\eMule2\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\danger\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\danger\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:EnabledowerSoccer"
"C:\Programas\America's Army\System\ArmyOps.exe"="C:\Programas\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Programas\SecondLife\SLVoice.exe"="C:\Programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Programas\uTorrent\uTorrent.exe"="C:\Programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"C:\Programas\Ficheiros comuns\McAfee\MNA\McNASvc.exe"="C:\Programas\Ficheiros comuns\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Programas\Bonjour\mDNSResponder.exe"="C:\Programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programas\iTunes\iTunes.exe"="C:\Programas\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programas\ICQ6\ICQ.exe"="C:\Programas\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programas\Skype\Phone\Skype.exe"="C:\Programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a763f680-d321-11dc-8a64-00138ff8e34d}]
shell\AutoRun\command - G:\PortableVault.exe


======List of files/folders created in the last 1 months======

2008-10-10 14:30:04 ----D---- C:\rsit
2008-10-09 19:05:53 ----A---- C:\WINDOWS\system32\ban_list.txt
2008-10-09 12:43:24 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-09 12:24:57 ----D---- C:\Documents and Settings\danger\Application Data\AVGTOOLBAR
2008-10-09 12:24:41 ----D---- C:\Programas\AVG
2008-10-09 12:24:40 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 03:04:44 ----D---- C:\Documents and Settings\danger\Application Data\InstallShield
2008-10-08 22:09:07 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-10-08 22:09:02 ----D---- C:\Programas\Alwil Software
2008-10-08 21:20:41 ----HD---- C:\Documents and Settings\danger\Application Data\m
2008-10-08 03:44:41 ----D---- C:\Documents and Settings\danger\Application Data\Skype
2008-10-06 00:26:23 ----D---- C:\Programas\Skype
2008-10-06 00:26:23 ----D---- C:\Programas\Ficheiros comuns\Skype
2008-10-06 00:26:13 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-06 00:15:35 ----D---- C:\Documents and Settings\danger\Application Data\ICQ
2008-10-06 00:15:02 ----D---- C:\Programas\ICQ6
2008-10-01 16:07:23 ----D---- C:\Programas\Trend Micro
2008-10-01 16:05:30 ----D---- C:\Programas\Spybot - Search & Destroy
2008-10-01 14:10:53 ----D---- C:\WINDOWS\BDOSCAN8
2008-10-01 14:10:48 ----D---- C:\WINDOWS\LastGood.Tmp
2008-10-01 13:16:38 ----D---- C:\WINDOWS\pss
2008-10-01 13:07:06 ----D---- C:\Programas\Webroot
2008-10-01 13:07:06 ----D---- C:\Documents and Settings\danger\Application Data\Webroot
2008-10-01 13:07:06 ----A---- C:\WINDOWS\WRSetup.dll
2008-09-26 12:06:35 ----D---- C:\Documents and Settings\danger\Application Data\Dreamlords
2008-09-25 03:04:30 ----D---- C:\AeriaGames
2008-09-23 00:22:42 ----D---- C:\Programas\Poker Trillion

======List of files/folders modified in the last 1 months======

2008-10-10 14:29:38 ----D---- C:\WINDOWS\Prefetch
2008-10-10 14:12:53 ----D---- C:\Documents and Settings\danger\Application Data\Metacafe
2008-10-10 14:12:53 ----D---- C:\Documents and Settings\All Users\Application Data\Metacafe
2008-10-10 14:09:32 ----D---- C:\WINDOWS\system32
2008-10-10 14:07:16 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-10 13:55:53 ----D---- C:\Programas\Ficheiros comuns\Akamai
2008-10-10 13:55:47 ----D---- C:\WINDOWS\Temp
2008-10-09 19:03:36 ----HD---- C:\WINDOWS\system32\drivers
2008-10-09 12:39:42 ----SD---- C:\Documents and Settings\danger\Application Data\Microsoft
2008-10-09 12:36:46 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-09 12:36:30 ----D---- C:\Programas\McAfee.com
2008-10-09 12:36:27 ----D---- C:\Programas\Ficheiros comuns
2008-10-06 00:16:42 ----HD---- C:\Programas\InstallShield Installation Information
2008-10-03 01:26:44 ----D---- C:\WINDOWS\Minidump
2008-10-01 23:12:55 ----D---- C:\Programas\ReflexiveArcade
2008-10-01 22:38:59 ----D---- C:\WINDOWS\system32\config
2008-10-01 16:56:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 16:55:24 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-01 16:55:15 ----A---- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80651102}.BAK
2008-10-01 16:54:49 ----HD---- C:\WINDOWS\inf
2008-10-01 16:26:08 ----D---- C:\WINDOWS
2008-10-01 16:25:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-01 16:07:23 ----RD---- C:\Programas
2008-10-01 14:30:36 ----D---- C:\mindtwister45
2008-10-01 14:11:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-01 13:07:26 ----SD---- C:\WINDOWS\Tasks
2008-10-01 13:07:21 ----SHD---- C:\WINDOWS\Installer
2008-09-27 00:57:59 ----D---- C:\Programas\Messenger Plus! Live
2008-09-25 07:12:43 ----D---- C:\WINDOWS\network diagnostic
2008-09-25 03:08:33 ----D---- C:\WINDOWS\system32\DirectX
2008-09-23 22:16:01 ----D---- C:\WINDOWS\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R2 irda;Protocolo IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 FETNDIS;Controlador de placa Fast Ethernet VIA PCI 10/100Mb para NT; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 irsir;Controlador de infravermelhos série da Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Microsoft - controlador MPU-401 MIDI UART; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 Rasirda;Miniport WAN (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a7kxd5sx;a7kxd5sx; C:\WINDOWS\system32\drivers\a7kxd5sx.sys []
S3 a7kxd5sx;a7kxd5sx; C:\WINDOWS\system32\drivers\a7kxd5sx.sys []
S3 ctljystk;Creative SB Live! - porta de jogos; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 PciCon;PciCon; \??\E:\PciCon.sys []
S3 USB_RNDIS;RCA Digital Cable Modem; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Programas\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 Irmon;Monitor de infravermelhos; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-29 66872]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 usnjsvc;Pastas Partilhadas do Messenger - USN Journal Reader Service; C:\Programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 iPod Service;Serviço iPod; C:\Programas\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2007-01-05 915968]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

 

[Blade81]

Hi

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

 

[.Fallen.]

*sighs* Tought so =(
If i format it will be all clean and fine wihtout any risks anymore or will still be there traces of my comp over the web?
I do have the OS cd's and stuff to format and reiinstal if you advise me that its the best way ill do so rather than try and clean up..

 

[Blade81]

If i format it will be all clean and fine wihtout any risks anymore or will still be there traces of my comp over the web?

Hi

Complete reformat will wipe the system totally clean. Remember though that you're still advised to change your passwords using clean system since some of that information may have already ended up to outsiders.

 

[.Fallen.]

Thank you for the advise and information and also for the fairly fast response time, i will take your advice and reformat as well as change the passwords.
I will surely be more carefull in future.


Thank you once again and wish of good weekend
Fallen

 

[Blade81]

Thanks. I hope your weekend goes well too despite of this piece of negative news. Safer surfing in the future! :bigthumb:


Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.