Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed]Help Me, Please!

Started by debbee , Jul 12 2007 10:49 AM

  • This topic is locked This topic is locked
6 replies to this topic

#1 debbee

debbee

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 July 2007 - 10:49 AM

Mercado livre, softwares and other ads while I'm using internet explorer
Please help me!
thanks


Logfile of HijackThis v1.99.1
Scan saved at 13:39:39, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\WordWeb\wweb32.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Debee\Desktop\VundoFix.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Debee\Desktop\Hijackthis\HijackThis.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O2 - BHO: (no name) - {52211FDF-A66F-4AE1-B603-ED4680A750FD} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\ljdyiqtv.dll
O2 - BHO: (no name) - {C3B2903F-41D4-4295-9AAE-AE17025FA1CE} - (no file)
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\cbxyvur.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832211379926033AAC
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O17 - HKLM\System\CS2\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxyvur - C:\WINDOWS\SYSTEM32\cbxyvur.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Advertisements

Register to Remove

#2 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 12 July 2007 - 02:14 PM

Hello debbee :)

My name is SNOWHITE and I will be helping you with your Malware problem.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #2

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and attach extra.txt in your next reply.
In your next post please include the following reports:
  • Vundofix report
  • SDFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.


Regards,
SNOWHITE
Posted Image

#3 debbee

debbee

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 July 2007 - 07:38 PM

first of all Thanks for your help
here is the first step

VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 20:03:34 28/6/2007

Listing files found while scanning....

C:\windows\system32\aaddacnk.dll
C:\windows\system32\kncaddaa.ini
C:\windows\system32\llnmp.bak1
C:\windows\system32\llnmp.bak2
C:\windows\system32\llnmp.ini
C:\WINDOWS\system32\pmnll.dll

Beginning removal...

Attempting to delete C:\windows\system32\aaddacnk.dll
C:\windows\system32\aaddacnk.dll Has been deleted!

Attempting to delete C:\windows\system32\kncaddaa.ini
C:\windows\system32\kncaddaa.ini Has been deleted!

Attempting to delete C:\windows\system32\llnmp.bak1
C:\windows\system32\llnmp.bak1 Has been deleted!

Attempting to delete C:\windows\system32\llnmp.bak2
C:\windows\system32\llnmp.bak2 Has been deleted!

Attempting to delete C:\windows\system32\llnmp.ini
C:\windows\system32\llnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnll.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 20:11:04 28/6/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 08:49:46 11/7/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\eatponjw.dll
C:\windows\system32\wjnoptae.ini
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\eatponjw.dll
C:\WINDOWS\system32\eatponjw.dll Has been deleted!

Attempting to delete C:\windows\system32\wjnoptae.ini
C:\windows\system32\wjnoptae.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 13:27:28 12/7/2007

Listing files found while scanning....

C:\windows\system32\brhslkoq.dll
C:\windows\system32\qoklshrb.ini
C:\WINDOWS\system32\ssqpo.dll

Beginning removal...

Attempting to delete C:\windows\system32\brhslkoq.dll
C:\windows\system32\brhslkoq.dll Has been deleted!

Attempting to delete C:\windows\system32\qoklshrb.ini
C:\windows\system32\qoklshrb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 13:37:09 12/7/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 22:23:23 12/7/2007

Listing files found while scanning....

C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\ssqrp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.dll Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 22:37:50, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\WordWeb\wweb32.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Debee\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832211379926033AAC
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#4 debbee

debbee

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 July 2007 - 07:54 PM

Step 2


SDFix: Version 1.90

Run by Debee on qui 12/07/2007 at 22:45

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\retadpu2000352.exe - Deleted
C:\WINDOWS\wr.txt - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\DOCUME~1\\Debee\\CONFIG~1\\Temp\\win141.tmp.exe"="C:\\DOCUME~1\\Debee\\CONFIG~1\\Temp\\win141.tmp.exe:*:Enabled:win141.tmp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Debee\Configura‡äes locais\Dados de aplicativos\Microsoft\Messenger\dede_vianna@hotmail.com\Sharing Folders\junoen1981@hotmail.com\Thumbs.db
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe
C:\WINDOWS\SoftwareDistribution\Download\2dd79403bdffcbbcc75c816dc9e37db0\download\BIT35.tmp
C:\WINDOWS\SoftwareDistribution\Download\d3ba2bba3a26b43053265147e2db3b19\BIT32.tmp

Finished



Logfile of HijackThis v1.99.1
Scan saved at 22:51:07, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\WordWeb\wweb32.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Debee\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#5 debbee

debbee

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 July 2007 - 08:01 PM

step 3

Deckard's System Scanner v20070711.54
Run by Debee on 2007-07-12 at 22:56:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2007-07-13 01:56:22 UTC - RP41 - Deckard's System Scanner Restore Point
16: 2007-07-12 17:05:08 UTC - RP40 - Ponto de verificação do sistema
15: 2007-07-11 12:04:30 UTC - RP39 - now
14: 2007-07-10 21:07:50 UTC - RP38 - Instalado Nero 7 Ultra Edition
13: 2007-07-09 21:02:45 UTC - RP37 - Installed Windows Media Player 11


-- First Restore Point --
1: 2007-07-01 18:02:59 UTC - RP25 - Ponto de verificação do sistema


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Debee.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:57:01, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\WordWeb\wweb32.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Debee\Desktop\dss.exe
C:\DOCUME~1\Debee\Desktop\HIJACK~1\Debee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O2 - BHO: (no name) - {1CDD8185-7921-4AB2-91AA-F172233E5A25} - C:\WINDOWS\system32\jkkjg.dll
O2 - BHO: (no name) - {52211FDF-A66F-4AE1-B603-ED4680A750FD} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\ljdyiqtv.dll
O2 - BHO: (no name) - {B0D56E38-1DF9-4C94-9DB7-1C07B1D3628E} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: (no name) - {C3B2903F-41D4-4295-9AAE-AE17025FA1CE} - (no file)
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\cbxyvur.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{28745F56-B354-47B6-8CCE-137A7592D12F}: NameServer = 200.149.55.142 200.165.132.154
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxyvur - C:\WINDOWS\SYSTEM32\cbxyvur.dll
O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Debee\Desktop\HIJACK~1\backups\) ------

backup-20070701-150023-411 O20 - Winlogon Notify: awttsrp - awttsrp.dll (file missing)
backup-20070701-150023-493 O2 - BHO: (no name) - {84212EA1-D631-457A-916B-D072D00D2FB2} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\arquivos de programas\nero\nero 7\nero backitup\nbservice.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-07-12 22:31:00 272 --a------ C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job


-- Files created between 2007-06-12 and 2007-07-12 -----------------------------

2007-07-12 22:44:54 0 d-------- C:\WINDOWS\ERUNT
2007-07-12 22:37:08 6369 ---hs---- C:\WINDOWS\system32\gjkkj.bak1
2007-07-12 22:36:54 266336 --a------ C:\WINDOWS\system32\jkkjg.dll
2007-07-11 21:06:42 66624 --a------ C:\WINDOWS\system32\ljdyiqtv.dll
2007-07-11 21:02:34 1019913 ---hs---- C:\WINDOWS\system32\opqss.bak2
2007-07-11 09:20:14 0 dr-h----- C:\Documents and Settings\Debee\Recent
2007-07-11 09:19:11 0 d-------- C:\Arquivos de programas\CCleaner
2007-07-11 09:06:59 0 d-------- C:\avenger
2007-07-11 09:02:13 6409 ---hs---- C:\WINDOWS\system32\opqss.bak1
2007-07-10 23:34:54 66624 --a------ C:\WINDOWS\system32\tnjtptxt.dll
2007-07-10 22:09:12 0 d-------- C:\Arquivos de programas\eMule
2007-07-09 20:02:03 31254 --a------ C:\WINDOWS\system32\qomlifc.dll
2007-07-09 19:57:31 2 --a------ C:\470520088
2007-07-09 19:56:44 31254 --a------ C:\WINDOWS\system32\cbxyvur.dll
2007-07-06 13:56:53 0 d--h----- C:\WINDOWS\PIF
2007-07-05 12:55:57 0 d-------- C:\Arquivos de programas\WordWeb
2007-06-28 20:03:34 0 d-------- C:\VundoFix Backups
2007-06-26 17:25:35 0 d-------- C:\Documents and Settings\Debee\Application Data
2007-06-26 13:00:30 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-24 13:09:06 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2007-06-24 13:09:05 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2007-06-24 13:09:05 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2007-06-24 13:09:00 0 d-------- C:\Arquivos de programas\VSO
2007-06-23 19:04:57 0 dr-h----- C:\$VAULT$.AVG
2007-06-23 18:21:35 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-06-22 03:06:40 0 d-------- C:\Arquivos de programas\Windows Live Toolbar
2007-06-22 03:05:35 0 d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2
2007-06-22 03:03:00 0 d-------- C:\Arquivos de programas\MSXML 4.0
2007-06-21 22:21:06 0 d-------- C:\Arquivos de programas\Nero
2007-06-21 22:20:16 0 d-------- C:\WINDOWS\RegisteredPackages
2007-06-21 21:24:54 0 d-------- C:\WINDOWS\system32\appmgmt
2007-06-21 03:00:38 0 d-------- C:\WINDOWS\system32\PreInstall
2007-06-21 03:00:35 0 d--h----- C:\WINDOWS\$hf_mig$
2007-06-20 21:58:59 0 d---s---- C:\Documents and Settings\Debee\UserData
2007-06-20 18:06:15 0 d-------- C:\Arquivos de programas\uTorrent
2007-06-20 17:37:22 0 d-------- C:\Documents and Settings\Debee\Contacts
2007-06-20 17:04:33 0 d-------- C:\Arquivos de programas\Arquivos comuns\HP
2007-06-20 17:03:16 0 d-------- C:\Arquivos de programas\Hewlett-Packard
2007-06-20 17:02:25 0 d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard
2007-06-20 17:00:15 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2007-06-20 17:00:15 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2007-06-20 17:00:15 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2007-06-20 17:00:15 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2007-06-20 17:00:15 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2007-06-20 17:00:15 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2007-06-20 17:00:15 0 d-------- C:\Program Files
2007-06-20 17:00:14 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-06-20 16:58:20 0 d-------- C:\Arquivos de programas\HP
2007-06-20 16:57:15 21124 -----n--- C:\WINDOWS\hpomdl07.dat
2007-06-20 16:57:15 113107 --a------ C:\WINDOWS\hpoins07.dat
2007-06-20 16:49:52 0 d-------- C:\Arquivos de programas\XP Codec Pack
2007-06-20 16:42:47 0 d-------- C:\Arquivos de programas\Microsoft.NET
2007-06-20 16:42:12 0 d-------- C:\Arquivos de programas\Arquivos comuns\DESIGNER
2007-06-20 16:42:08 0 d-------- C:\Arquivos de programas\Microsoft Works
2007-06-20 16:41:33 0 d-------- C:\WINDOWS\SHELLNEW
2007-06-20 16:30:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-20 16:24:37 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-06-20 16:24:16 0 d-------- C:\Arquivos de programas\MSN Messenger
2007-06-20 16:19:22 0 d-------- C:\Arquivos de programas\Turbo Navigator
2007-06-20 16:05:50 0 d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2007-06-20 16:04:15 0 d-------- C:\Arquivos de programas\CyberLink
2007-06-20 16:03:58 0 d-------- C:\MyWorks
2007-06-20 16:03:49 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe
2007-06-20 16:03:48 0 d-------- C:\Arquivos de programas\CyberLink DVD Solution
2007-06-20 16:00:26 0 d-------- C:\Arquivos de programas\Arquivos comuns\Adobe
2007-06-20 15:59:27 1309 --a------ C:\WINDOWS\mozver.dat
2007-06-20 15:58:27 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 15:52:31 65536 -----n--- C:\Amcap532.exe
2007-06-20 15:52:30 36864 --a------ C:\WINDOWS\system32\ICMSetup532.dll <Not Verified; ; ICMSetup532 Module>
2007-06-20 15:52:30 0 d-------- C:\Arquivos de programas\IC Media Corp
2007-06-20 15:40:29 0 d-------- C:\WINDOWS\NV584976.TMP
2007-06-20 15:39:58 0 d-------- C:\WINDOWS\system32\Lang
2007-06-20 15:39:02 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-06-20 15:38:48 0 d-------- C:\WINDOWS\system32\RTCOM
2007-06-20 15:37:56 0 d-------- C:\Arquivos de programas\Realtek
2007-06-20 15:37:55 0 d--h----- C:\Arquivos de programas\InstallShield Installation Information
2007-06-20 15:37:51 487424 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-06-20 15:36:17 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-06-20 15:33:40 0 d-------- C:\WINDOWS\nview
2007-06-20 15:32:52 0 d-------- C:\WINDOWS\system32\Tools
2007-06-20 15:32:46 0 d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield
2007-06-20 15:32:23 17505 -ra------ C:\DBI.EXE
2007-06-20 15:30:30 0 dr-h----- C:\Documents and Settings\Debee\SendTo
2007-06-20 15:30:30 2883584 --ah----- C:\Documents and Settings\Debee\NTUSER.DAT
2007-06-20 15:30:30 0 d--h----- C:\Documents and Settings\Debee\Modelos
2007-06-20 15:30:30 0 dr------- C:\Documents and Settings\Debee\Menu Iniciar
2007-06-20 15:30:30 0 dr------- C:\Documents and Settings\Debee\Favoritos
2007-06-20 15:30:30 0 d-------- C:\Documents and Settings\Debee\Desktop
2007-06-20 15:30:30 0 dr-h----- C:\Documents and Settings\Debee\Dados de aplicativos
2007-06-20 15:30:30 0 d---s---- C:\Documents and Settings\Debee\Cookies
2007-06-20 15:30:30 0 d--h----- C:\Documents and Settings\Debee\Configurações locais
2007-06-20 15:30:30 0 d--h----- C:\Documents and Settings\Debee\Ambiente de rede
2007-06-20 15:30:30 0 d--h----- C:\Documents and Settings\Debee\Ambiente de impressão
2007-06-20 15:29:48 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-06-20 15:29:47 0 d-------- C:\WINDOWS\Prefetch
2007-06-20 15:29:46 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-06-20 15:26:23 0 d-------- C:\WINDOWS\system32\xircom
2007-06-20 15:26:22 0 d-------- C:\Arquivos de programas\microsoft frontpage
2007-06-20 15:26:04 0 -rahs---- C:\MSDOS.SYS
2007-06-20 15:26:04 0 -rahs---- C:\IO.SYS
2007-06-20 15:26:04 0 --a------ C:\CONFIG.SYS
2007-06-20 15:26:04 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 15:24:50 0 dr------- C:\WINDOWS\Offline Web Pages
2007-06-20 15:24:50 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-06-20 15:24:39 0 d--h----- C:\Arquivos de programas\WindowsUpdate
2007-06-20 15:24:35 0 d-------- C:\Arquivos de programas\Serviços on-line
2007-06-20 15:24:17 0 d-------- C:\WINDOWS\system32\DirectX
2007-06-20 15:23:48 0 d-------- C:\Arquivos de programas\Arquivos comuns\Serviços
2007-06-20 15:23:44 0 d---s---- C:\WINDOWS\Tasks
2007-06-20 15:23:44 0 d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap
2007-06-20 15:23:40 0 d-------- C:\WINDOWS\system32\Macromed
2007-06-20 15:23:40 0 d-------- C:\WINDOWS\srchasst
2007-06-20 15:23:32 0 d-------- C:\Arquivos de programas\Movie Maker
2007-06-20 15:23:25 0 d-------- C:\WINDOWS\system32\Restore
2007-06-20 15:23:13 0 d-------- C:\Arquivos de programas\Arquivos comuns\System
2007-06-20 15:22:47 21844 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 15:22:33 0 d-------- C:\WINDOWS\Registration
2007-06-20 15:22:21 0 d-------- C:\Arquivos de programas\Messenger
2007-06-20 15:22:17 0 d-------- C:\Arquivos de programas\MSN Gaming Zone
2007-06-20 15:21:48 0 d-------- C:\Arquivos de programas\Windows NT
2007-06-20 15:21:45 0 d-------- C:\WINDOWS\system32\MsDtc
2007-06-20 15:21:43 0 d-------- C:\WINDOWS\system32\Com
2007-06-20 12:16:20 0 d--hs---- C:\WINDOWS\Installer
2007-06-20 12:16:19 0 d-------- C:\Arquivos de programas\Arquivos comuns\ODBC
2007-06-20 12:16:16 0 dr------- C:\Arquivos de programas
2007-06-20 12:16:16 0 d-------- C:\Arquivos de programas\Arquivos comuns
2007-06-20 12:16:16 0 d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
2007-06-20 12:16:16 0 d-------- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
2007-06-20 12:15:39 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-06-20 12:15:39 0 d-------- C:\WINDOWS\system32\CatRoot
2007-06-20 12:15:14 0 d-------- C:\Documents and Settings
2007-06-20 12:15:13 0 d--hs---- C:\System Volume Information
2007-06-20 12:09:54 0 d-------- C:\WINDOWS
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\WinSxS
2007-06-20 12:09:54 0 dr------- C:\WINDOWS\Web
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\twain_32
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\wins
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\wbem
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\usmt
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\spool
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\ShellExt
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\Setup
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\ras
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\oobe
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\npp
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\mui
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\inetsrv
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\IME
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\icsxml
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\ias
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\export
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\drivers
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-06-20 12:09:54 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\dhcp
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\config
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\3076
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\2052
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1054
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1046
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1042
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1041
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1037
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1033
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1031
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1028
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system32\1025
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\system
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\security
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Resources
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\repair
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Provisioning
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\PeerNet
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\pchealth
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\mui
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\msapps
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\msagent
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Media
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\java
2007-06-20 12:09:54 0 d--h----- C:\WINDOWS\inf
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\ime
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Help
2007-06-20 12:09:54 0 dr--s---- C:\WINDOWS\Fonts
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\ehome
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Driver Cache
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Debug
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Cursors
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Connection Wizard
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\Config
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\AppPatch
2007-06-20 12:09:54 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-07-12 22:28:37 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\uTorrent
2007-07-12 13:20:31 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\AVG7
2007-07-10 19:46:20 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Ahead
2007-07-10 17:57:49 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Vso
2007-07-08 10:01:12 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\WordWeb
2007-07-06 10:26:50 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Google
2007-06-26 22:59:15 347294 --a------ C:\WINDOWS\system32\perfh016.dat
2007-06-26 22:59:15 49586 --a------ C:\WINDOWS\system32\perfc016.dat
2007-06-24 13:09:36 34 --a------ C:\Documents and Settings\Debee\Dados de aplicativos\pcouffin.log
2007-06-24 13:09:24 47360 --a------ C:\Documents and Settings\Debee\Dados de aplicativos\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-06-24 13:09:24 7887 --a------ C:\Documents and Settings\Debee\Dados de aplicativos\pcouffin.cat
2007-06-24 13:09:23 1144 --a------ C:\Documents and Settings\Debee\Dados de aplicativos\pcouffin.inf
2007-06-24 00:22:06 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\HP
2007-06-22 11:24:37 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\AdobeUM
2007-06-21 23:12:50 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\WinRAR
2007-06-20 23:04:49 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Image Zone Express
2007-06-20 17:48:12 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\CyberLink
2007-06-20 16:52:28 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Media Player Classic
2007-06-20 16:07:38 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Adobe
2007-06-20 15:59:54 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Macromedia
2007-06-20 15:58:23 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Mozilla
2007-06-20 15:30:38 0 d-------- C:\Documents and Settings\Debee\Dados de aplicativos\Identities
2007-06-20 12:15:52 62 --ahs---- C:\Documents and Settings\Debee\Dados de aplicativos\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1CDD8185-7921-4AB2-91AA-F172233E5A25} C:\WINDOWS\system32\jkkjg.dll
{52211FDF-A66F-4AE1-B603-ED4680A750FD} C:\WINDOWS\system32\ssqpo.dll [x]
{938A8A03-A938-4019-B764-03FF8D167D79} C:\WINDOWS\system32\ljdyiqtv.dll
{B0D56E38-1DF9-4C94-9DB7-1C07B1D3628E} C:\WINDOWS\system32\ssqrp.dll [x]
{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} C:\WINDOWS\system32\cbxyvur.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\ARQUIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"RemoteControl"="\"C:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"!AVG Anti-Spyware"="\"C:\\Arquivos de programas\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"HP Software Update"="C:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Arquivos de programas\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PowerBar"=""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{CFDE1CF9-75B3-4B1E-B9A7-B5FB88A171E6}"=""
"{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyvur
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\



-- End of Deckard's System Scanner: finished at 2007-07-12 at 22:57:59 ---------



Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Portuguese

CPU 0: AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 382.42 MiB / 99.73 MiB
Pagefile Memory (total/avail): 921.11 MiB / 587.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.78 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 58.32 GiB total, 36.43 GiB free.
D: is Fixed (NTFS) - 16.21 GiB total, 6.31 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\DOCUME~1\\Debee\\CONFIG~1\\Temp\\win141.tmp.exe"="C:\\DOCUME~1\\Debee\\CONFIG~1\\Temp\\win141.tmp.exe:*:Enabled:win141.tmp"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Debee\Dados de aplicativos
CLIENTNAME=Console
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=DEBORA-114F9C8F
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Debee
ICM_532_INF_PATH=C:\WINDOWS\INF\oem6.inf
ICM_532_INSTALL_DIR=C:\Arquivos de programas\IC Media Corp.\ICM532\Driver
ICM_532_PNF_PATH=C:\WINDOWS\INF\oem6.pnf
ICM_532_PRODUCT_VER=1.1.0.0
LOGONSERVER=\\DEBORA-114F9C8F
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Debee\CONFIG~1\Temp
TMP=C:\DOCUME~1\Debee\CONFIG~1\Temp
USERDOMAIN=DEBORA-114F9C8F
USERNAME=Debee
USERPROFILE=C:\Documents and Settings\Debee
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Debee (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Arquivo do WinRAR --> C:\Arquivos de programas\WinRAR\uninstall.exe
µTorrent --> "C:\Arquivos de programas\uTorrent\uTorrent.exe" /UNINSTALL
Atualização de Segurança para Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Atualização de Segurança para Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Atualização para Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Atualização para Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Atualização para Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Atualização para Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Atualização para Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Atualização para Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Atualização para Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Atualização para Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Atualização para Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Atualização para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Atualização para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Atualização para Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
AVG 7.5 --> C:\Arquivos de programas\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Arquivos de programas\CCleaner\uninst.exe"
ConvertXtoDVD 2.2.3.258 --> "C:\Arquivos de programas\VSO\ConvertXtoDVD\unins000.exe"
DVD Solution --> "C:\Arquivos de programas\Uninstall_CDS.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Debee\Desktop\Hijackthis\HijackThis.exe /uninstall
Hotfix para Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3 --> C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Arquivos de programas\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Arquivos de programas\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ICM532 --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}\Setup.exe" -l0x9
Microsoft Office Professional Edição 2003 --> MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.4) --> C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
Multimedia Launcher --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1046}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
PowerDVD --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Realtek High Definition Audio Driver --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Turbo Navigator 1.46 RC2 --> "C:\Arquivos de programas\Turbo Navigator\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Arquivos de programas\Windows Live Toolbar\UnInstall.exe" {0487AB16-B9BA-41CE-B349-2BC7F0D94DFB}
Windows Live Toolbar --> MsiExec.exe /X{0487AB16-B9BA-41CE-B349-2BC7F0D94DFB}
WordWeb --> C:\Arquivos de programas\WordWeb\uninst.exe
XP Codec Pack --> C:\Arquivos de programas\XP Codec Pack\Uninstall.exe


-- End of Deckard's System Scanner: finished at 2007-07-12 at 22:57:59 ---------

#6 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 13 July 2007 - 06:01 PM

Hello debbee :)

Please follow the steps below exactly in the order they are written:

Step #1

Download this program:

suspicious files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\ljdyiqtv.dll
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\tnjtptxt.dll
C:\WINDOWS\system32\qomlifc.dll
C:\WINDOWS\system32\cbxyvur.dll

Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

It will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to debbee.cab


Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: debbee.cab
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
Step #2

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {1CDD8185-7921-4AB2-91AA-F172233E5A25} - C:\WINDOWS\system32\jkkjg.dll
O2 - BHO: (no name) - {52211FDF-A66F-4AE1-B603-ED4680A750FD} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\ljdyiqtv.dll
O2 - BHO: (no name) - {B0D56E38-1DF9-4C94-9DB7-1C07B1D3628E} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: (no name) - {C3B2903F-41D4-4295-9AAE-AE17025FA1CE} - (no file)
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\cbxyvur.dll
O20 - Winlogon Notify: cbxyvur - C:\WINDOWS\SYSTEM32\cbxyvur.dll
O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.


Step #3

First we'll need to backup registry:

Start -> Run -> type: regedit -> press OK button. Then click on My Computer to highlight it, right click on it and select Export. Give it a name and press Save.
Save text below as fixme.reg on Notepad. Save it as All Files and save it on your Desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CFDE1CF9-75B3-4B1E-B9A7-B5FB88A171E6}"=-
"{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}"=-

[-HKEY_CLASSES_ROOT\CLSID\{CFDE1CF9-75B3-4B1E-B9A7-B5FB88A171E6}]

[-HKEY_CLASSES_ROOT\CLSID\{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}]
The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!


Locate fixme.reg on your Desktop and double-click on it. It should look like this -> Posted Image
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Step #4

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\gjkkj.bak1
    C:\WINDOWS\system32\jkkjg.dll
    C:\WINDOWS\system32\ljdyiqtv.dll
    C:\WINDOWS\system32\opqss.bak2
    C:\WINDOWS\system32\opqss.bak1
    C:\WINDOWS\system32\tnjtptxt.dll
    C:\WINDOWS\system32\qomlifc.dll
    C:\WINDOWS\system32\cbxyvur.dll

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #5

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next post please include the following reports:
  • OTMoveIt report
  • Combofix report
  • Run new scan with HijackThis and post the report here
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#7 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 30 July 2007 - 12:57 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
SNOWHITE
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·