Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Lot's of problems. Please help. Thanks

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Lot's of problems. Please help. Thanks

Unread postby DaRox » April 11th, 2010, 10:38 am

Hi. I'm running on Win XP SP3, and lately i had lot's of problems with my computer. I have error messages when I start Windows and my computer is very slow, with lot's of errors appearing when running (mainly errors with "explorer.exe") I had already ran "Malwarebytes Anti-Malware" and "Kaspersky Virus Removal" in windows safe mode, but it didn't resolve the problem.

Your help will be very apreciated!



HijackThis.log
Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:02, on 11-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tiago Gomes\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'SYSTEM')
O4 - .DEFAULT Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'Default user')
O4 - .DEFAULT User Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'Default user')
O4 - Startup: Chi_DESTROYS_XpWGA.lnk = ?
O4 - Startup: setup_9.0.0.722_11.04.2010_13-11.lnk = C:\Documents and Settings\Tiago Gomes\Ambiente de trabalho\Virus Removal Tool\setup_9.0.0.722_11.04.2010_13-11\startup.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O21 - SSODL: GootkitSSO - {B4B2FD16-DFEC-4E4F-9316-09058E071239} - C:\WINDOWS\System32\msxsltsso.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8862 bytes





uninstall_list.txt
µTorrent
A Geeks Toy
Actualização de Segurança para o Windows Media Player (KB954155)
Actualização de Segurança para o Windows Media Player (KB968816)
Actualização de Segurança para o Windows Media Player (KB973540)
Actualização de Segurança para o Windows Media Player 11 (KB954154)
Actualização de segurança para Windows Internet Explorer 8 (KB971961)
Actualização de segurança para Windows Internet Explorer 8 (KB978207)
Actualização de Segurança para Windows XP (KB941569)
Actualização de segurança para Windows XP (KB956744)
Actualização de segurança para Windows XP (KB956844)
Actualização de segurança para Windows XP (KB958869)
Actualização de segurança para Windows XP (KB960859)
Actualização de segurança para Windows XP (KB961501)
Actualização de segurança para Windows XP (KB969059)
Actualização de segurança para Windows XP (KB969947)
Actualização de segurança para Windows XP (KB970238)
Actualização de segurança para Windows XP (KB970430)
Actualização de segurança para Windows XP (KB971468)
Actualização de segurança para Windows XP (KB971486)
Actualização de segurança para Windows XP (KB971657)
Actualização de segurança para Windows XP (KB972270)
Actualização de segurança para Windows XP (KB973354)
Actualização de segurança para Windows XP (KB973507)
Actualização de segurança para Windows XP (KB973869)
Actualização de segurança para Windows XP (KB973904)
Actualização de segurança para Windows XP (KB974112)
Actualização de segurança para Windows XP (KB974318)
Actualização de segurança para Windows XP (KB974392)
Actualização de segurança para Windows XP (KB974571)
Actualização de segurança para Windows XP (KB975025)
Actualização de segurança para Windows XP (KB975467)
Actualização de segurança para Windows XP (KB975560)
Actualização de segurança para Windows XP (KB975561)
Actualização de segurança para Windows XP (KB975713)
Actualização de segurança para Windows XP (KB977165)
Actualização de segurança para Windows XP (KB977914)
Actualização de segurança para Windows XP (KB978037)
Actualização de segurança para Windows XP (KB978251)
Actualização de segurança para Windows XP (KB978262)
Actualização de segurança para Windows XP (KB978706)
Actualização para Windows Internet Explorer 8 (KB976662)
Actualização para Windows Internet Explorer 8 (KB980182)
Actualização para Windows XP (KB955759)
Actualização para Windows XP (KB961503)
Actualização para Windows XP (KB968389)
Actualização para Windows XP (KB971737)
Actualização para Windows XP (KB973687)
Actualização para Windows XP (KB973815)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assistente de Início de Sessão do Windows Live
Bonjour
CCleaner
Compressor WinRAR
Correcção para o Windows Media Player 11 (KB939683)
Creative Audio Console
Creative Software AutoUpdate
DAEMON Tools Lite 4.12.3
Ferramenta de Carregamento do Windows Live
ffdshow [rev 3255] [2010-02-08]
Free Mp3 Wma Converter V 1.9
Gobulling Pro
GOM Player
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix para Windows XP (KB961118)
Hotfix para Windows XP (KB976098-v2)
Hotfix para Windows XP (KB979306)
iTunes
Java(TM) 6 Update 19
Malwarebytes' Anti-Malware
Medieval CUE Splitter
MetaTrader 4.00
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.6.3)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
NVIDIA Drivers
Plus500
QuickTime
Real Alternative 2.0.2
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Segoe UI
Spybot - Search & Destroy
Subtitle Workshop 2.51
System Requirements Lab
TidySongs
TidySongs
TidySongs (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
WD Diagnostics
Winamp
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
DaRox
Active Member
 
Posts: 6
Joined: April 11th, 2010, 10:29 am
Advertisement
Register to Remove

Re: Lot's of problems. Please help. Thanks

Unread postby MWR 3 day Mod » April 14th, 2010, 11:43 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Lot's of problems. Please help. Thanks

Unread postby muppy03 » April 18th, 2010, 4:13 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

I'm running on Win XP SP3, and lately i had lot's of problems with my computer. I have error messages when I start Windows

Can you tell me what the error messages are?

WGA Diagnostic Tool

Please follow this WGA troubleshooting procedure:

Please post (reply) with the results.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.

Please run a new HJT scan when finished and post the log back here.

Please reply with:-
  • Wga results.txt
  • New HJT log
  • Information on errors received
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Lot's of problems. Please help. Thanks

Unread postby DaRox » April 18th, 2010, 6:47 am

Hi,

When I start Windows, I get about 2 or 3 error messages about a file called rundll32.exe (Rundll32.exe have found an error and it needs to be closed). They still appear randomly when I'm using the computer. When I first posted, I was also receiving a explorer.exe error, but right now it's not showing anymore. But I haven't changed nothing in the meanwhile.

When I'm using IE, I also receive some IE error messages about some webpages that can provoke a malfunction. On that error message there's a box with a name of some files, and I've noticed it's always about loading *.js files. It also have a link to a webpage, that I never visited before and didn't want to visit. I can make a screenshot if you want despite of being in portuguese language.

Thanks for yout help.

WGA Diagnostic Tool Log:
Code: Select all
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-BH6W4-3PDCQ-6XBFJ
Windows Product Key Hash: u6YopsEU+gWE5Qr3N4rZ62ePHsg=
Windows Product ID: 55729-640-0054156-23637
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {AAA30BAC-61E0-467D-B65E-F7C83366D72F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Documents and Settings\Tiago Gomes\Definições locais\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{AAA30BAC-61E0-467D-B65E-F7C83366D72F}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6XBFJ</PKey><PID>55729-640-0054156-23637</PID><PIDType>1</PIDType><SID>S-1-5-21-861567501-1788223648-1606980848</SID><SYSTEM><Manufacturer>P4V8p</Manufacturer><Model>P4V88+</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.70</Version><SMBIOSVersion major="2" minor="3"/><Date>20060213000000.000000+000</Date></BIOS><HWID>69EB396F01842E63</HWID><UserLCID>0816</UserLCID><SystemLCID>0816</SystemLCID><TimeZone>Hora padrão de GMT(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65228</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>  

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 135FC:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:03, on 18-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tiago Gomes\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Tiago Gomes\reader_s.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'SYSTEM')
O4 - .DEFAULT Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'Default user')
O4 - .DEFAULT User Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'Default user')
O4 - Startup: Chi_DESTROYS_XpWGA.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O21 - SSODL: GootkitSSO - {201A38E9-B58A-4D00-A15C-AAA5BA8B4E3C} - C:\WINDOWS\System32\msxsltsso.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9304 bytes
DaRox
Active Member
 
Posts: 6
Joined: April 11th, 2010, 10:29 am

Re: Lot's of problems. Please help. Thanks

Unread postby muppy03 » April 19th, 2010, 4:49 am

Unfortunately, your Microsoft Office Enterprise 2007 does not appear to be genuine and I am unable to continue with any help while this is installed on your computer.

Please visit:

http://www.microsoft.com/genuine/

Click on Validate Office. Then when validation fails - click on Get Genuine to find out how to get a WGA Kit.

Once you've made your your version of Office genuine then I will be able to continue assisting you.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Lot's of problems. Please help. Thanks

Unread postby DaRox » April 19th, 2010, 6:04 am

So, I've unistalled Microsoft Office.

Can you help me this way?

Thanks
DaRox
Active Member
 
Posts: 6
Joined: April 11th, 2010, 10:29 am

Re: Lot's of problems. Please help. Thanks

Unread postby muppy03 » April 19th, 2010, 7:45 am

So, I've unistalled Microsoft Office.

Take note that if you have any other pirated software on board it will be removed.

1. Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    Spybot - Search & Destroy

This program can be reinstalled after the computer is clean.

2. IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.




3. Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please update and run Malwarebytes' Anti-Malware NORMAL mode and post the log it produces

5. NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • CKFiles.txt
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Lot's of problems. Please help. Thanks

Unread postby DaRox » April 19th, 2010, 4:57 pm

CKFiles.txt
Code: Select all
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
 ----- EOF ----- 



MBAM log
Code: Select all
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4007

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19-04-2010 21:48:28
mbam-log-2010-04-19 (21-48-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 157128
Time elapsed: 50 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 48

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk38.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk39.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk4.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk40B.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk8.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk80.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk81.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk82.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk7.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk1786.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk7AE.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk2.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk3.tmp (Spyware.Passwords) -> No action taken.
C:\Documents and Settings\Tiago Gomes\Definições locais\Temp\gtk5.tmp (Spyware.Passwords) -> No action taken.
C:\RECYCLER\S-1-5-21-2374517953-7396097829-756020767-9552\mgrls32.exe (Worm.Autorun.B) -> No action taken.
C:\RECYCLER\S-1-5-21-9095648388-1438783481-071772075-9364\mgrls32.exe (Worm.Autorun.B) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0016632.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0015607.exe (Trojan.VirTool) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0015623.exe (Trojan.VirTool) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0016622.exe (Trojan.VirTool) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0016625.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0016630.exe (Trojan.VirTool) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0016646.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0016655.exe (Trojan.VirTool) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0017664.exe (Trojan.VirTool) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0017847.exe (Trojan.VirTool) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0017850.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0017859.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0017860.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP64\A0017993.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP65\A0019205.dll (Trojan.GootKit) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP65\A0019379.dll (Trojan.GootKit) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP66\A0020378.dll (Trojan.GootKit) -> No action taken.
C:\System Volume Information\_restore{65B9F8B7-EF20-4D68-9DAD-98CE43256B09}\RP68\A0024544.dll (Trojan.GootKit) -> No action taken.
C:\WINDOWS\system32\drivers\tgbnyynh.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\gtk8.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk82.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk84.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk9.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk3.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk5.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk7.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk1785.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk2.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk6.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk3B.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\Temp\gtk4.tmp (Spyware.Passwords) -> No action taken.



RSIT logs (log.txt)
Code: Select all
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tiago Gomes at 2010-04-19 21:49:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (13%) free of 38 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:49, on 19-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Tiago Gomes\Ambiente de trabalho\RSIT.exe
C:\Programas\Trend Micro\HijackThis\Tiago Gomes.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tiago Gomes\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Tiago Gomes\reader_s.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'SYSTEM')
O4 - .DEFAULT Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'Default user')
O4 - .DEFAULT User Startup: Daemon.Tools.Lite.lnk = C:\Programas\DAEMON Tools Lite\Daemon.Tools.Lite.cmd (User 'Default user')
O4 - Startup: Chi_DESTROYS_XpWGA.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O21 - SSODL: GootkitSSO - {9DA6357F-8A5A-4B6E-86E5-D9B22EA0E838} - C:\WINDOWS\System32\msxsltsso.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7955 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1788223648-1606980848-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1788223648-1606980848-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programas\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe [2010-02-18 248040]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"QuickTime Task"=C:\Programas\QuickTime\QTTask.exe [2009-11-11 417792]
"P17Helper"=Rundll32 SPIRun.dll,RunDLLEntry []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Adobe Acrobat Speed Launcher"=C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"iTunesHelper"=C:\Programas\iTunes\iTunesHelper.exe [2010-02-15 141608]
"Acrobat Assistant 8.0"=C:\Programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Tiago Gomes\Definições locais\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
"reader_s"=C:\Documents and Settings\Tiago Gomes\reader_s.exe []

C:\Documents and Settings\Tiago Gomes\Menu Iniciar\Programas\Arranque
Chi_DESTROYS_XpWGA.lnk - C:\WINDOWS\validation.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
antiwpa.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
GootkitSSO - {9DA6357F-8A5A-4B6E-86E5-D9B22EA0E838} - C:\WINDOWS\System32\msxsltsso.dll [2010-04-19 42496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programas\Java\jre6\bin\javaw.exe"="C:\Programas\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programas\Bonjour\mDNSResponder.exe"="C:\Programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programas\iTunes\iTunes.exe"="C:\Programas\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Tiago Gomes\Ambiente de trabalho\NRPG RatioMaster.exe"="C:\Documents and Settings\Tiago Gomes\Ambiente de trabalho\NRPG RatioMaster.exe:*:Enabled:NRPG RatioMaster"
"C:\Documents and Settings\Tiago Gomes\Ambiente de trabalho\uTorrent.exe"="C:\Documents and Settings\Tiago Gomes\Ambiente de trabalho\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2010-04-19 21:49:45 ----D---- C:\rsit
2010-04-19 20:39:08 ----SHD---- C:\Config.Msi
2010-04-19 10:46:35 ----A---- C:\WINDOWS\system32\OGACheckControl.DLL
2010-04-18 11:10:11 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-04-15 00:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 00:29:24 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 00:29:09 ----A---- C:\WINDOWS\system32\MRT.INI
2010-04-15 00:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 00:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-15 00:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-15 00:25:21 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 00:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-12 12:11:54 ----D---- C:\WINDOWS\Minidump
2010-04-11 18:12:18 ----A---- C:\WINDOWS\system32\valid_ftp.txt
2010-04-11 15:24:39 ----A---- C:\WINDOWS\system32\msxsltsso.dll
2010-04-11 15:16:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-11 11:41:20 ----D---- C:\Programas\Malwarebytes' Anti-Malware
2010-04-11 11:39:07 ----D---- C:\Programas\Trend Micro
2010-04-11 10:52:01 ----D---- C:\Documents and Settings\Tiago Gomes\Application Data\Malwarebytes
2010-04-11 10:51:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-11 10:50:28 ----D---- C:\Documents and Settings\Tiago Gomes\Application Data\SUPERAntiSpyware.com
2010-04-11 02:24:55 ----D---- C:\Programas\Spybot - Search & Destroy
2010-04-11 02:24:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-11 02:20:09 ----D---- C:\Programas\CCleaner
2010-04-11 02:12:51 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-11 00:58:52 ----D---- C:\WINDOWS\pss
2010-04-10 19:44:32 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-10 19:34:44 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-10 19:30:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-10 17:57:14 ----AH---- C:\WINDOWS\evenlpq.dll
2010-04-10 17:56:42 ----AH---- C:\WINDOWS\system32\evenlpq.dll
2010-04-10 17:56:26 ----D---- C:\Documents and Settings\Tiago Gomes\Application Data\UDC Profiles
2010-04-03 22:25:19 ----D---- C:\Programas\ASIO4ALL v2
2010-04-02 01:30:57 ----HD---- C:\WINDOWS\PIF
2010-03-31 11:39:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-31 11:39:33 ----D---- C:\Programas\Ficheiros comuns\Java
2010-03-31 11:39:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-31 11:39:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-31 11:39:20 ----A---- C:\WINDOWS\system32\java.exe
2010-03-29 19:02:20 ----D---- C:\Go Bulling
2010-03-23 08:43:25 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-20 13:42:55 ----D---- C:\Programas\Virtualdub

======List of files/folders modified in the last 1 months======

2010-04-19 20:55:48 ----D---- C:\WINDOWS\Temp
2010-04-19 20:44:46 ----SHD---- C:\WINDOWS\Installer
2010-04-19 20:44:45 ----D---- C:\WINDOWS\WinSxS
2010-04-19 20:43:12 ----RSD---- C:\WINDOWS\assembly
2010-04-19 20:42:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-19 20:42:51 ----RD---- C:\Programas
2010-04-19 20:42:50 ----D---- C:\WINDOWS\system32
2010-04-19 20:42:50 ----D---- C:\Programas\Ficheiros comuns\Microsoft Shared
2010-04-19 20:42:47 ----D---- C:\Programas\Ficheiros comuns
2010-04-19 20:42:41 ----D---- C:\WINDOWS
2010-04-19 20:42:08 ----D---- C:\Programas\MSBuild
2010-04-19 20:41:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-04-19 20:39:25 ----A---- C:\WINDOWS\win.ini
2010-04-19 10:49:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-19 10:49:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-18 11:13:55 ----SH---- C:\boot.ini
2010-04-18 11:13:55 ----A---- C:\WINDOWS\system.ini
2010-04-18 11:07:10 ----D---- C:\Documents and Settings\Tiago Gomes\Application Data\uTorrent
2010-04-15 10:54:05 ----D---- C:\WINDOWS\Prefetch
2010-04-15 00:29:35 ----D---- C:\WINDOWS\system32\dllcache
2010-04-15 00:29:30 ----HD---- C:\WINDOWS\inf
2010-04-15 00:29:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 00:29:25 ----D---- C:\WINDOWS\system32\drivers
2010-04-15 00:27:02 ----D---- C:\WINDOWS\Debug
2010-04-15 00:25:54 ----D---- C:\WINDOWS\ie8updates
2010-04-11 15:16:53 ----SHD---- C:\System Volume Information
2010-04-11 15:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-04-11 02:05:11 ----SHD---- C:\RECYCLER
2010-04-10 19:39:22 ----D---- C:\Programas\Ficheiros comuns\InstallShield
2010-04-10 19:35:22 ----D---- C:\Documents and Settings
2010-04-10 17:53:50 ----HD---- C:\Programas\InstallShield Installation Information
2010-04-06 18:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-05 12:09:58 ----D---- C:\Programas\MetaTrader 4
2010-04-03 21:53:50 ----D---- C:\Documents and Settings\Tiago Gomes\Application Data\Winamp
2010-04-03 11:59:18 ----D---- C:\Programas\Mozilla Firefox
2010-04-01 00:48:12 ----D---- C:\Programas\Internet Explorer
2010-03-31 11:38:48 ----D---- C:\Programas\Java
2010-03-31 11:38:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\SuperAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\SuperAntiSpyware\SASKUTIL.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 FETNDIS;Controlador de placa Fast Ethernet VIA PCI 10/100Mb para NT; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-04-18 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS\system32\drivers\P17xfi.sys [2007-11-21 1174528]
R3 p17xfilt;p17xfilt; C:\WINDOWS\system32\drivers\p17xfilt.sys [2007-10-10 1664384]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 azbxa3wn;azbxa3wn; C:\WINDOWS\system32\drivers\azbxa3wn.sys []
S3 SASENUM;SASENUM; \??\C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\SuperAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;Controlador de scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Programas\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programas\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R3 iPod Service;Serviço iPod; C:\Programas\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-25 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2007-01-05 915968]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




RSIT logs (info.txt)
Code: Select all
info.txt logfile of random's system information tool 1.06 2010-04-19 21:49:51

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x416 
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x416 
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x416  /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x416 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A Geeks Toy-->MsiExec.exe /I{64264EA0-707C-467A-942E-127A3C415E49}
Actualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Actualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Actualização para Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Actualização para Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Actualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Actualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Actualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Actualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Actualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Actualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe AIR-->C:\Programas\Ficheiros comuns\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{2BD2FA21-B51D-4F01-94A7-AC16737B2163}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->MsiExec.exe /X{54E4B63C-D252-454C-BE4F-468F102B331C}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Programas\CCleaner\uninst.exe"
Compressor WinRAR-->C:\Programas\WinRAR\uninstall.exe
Correcção para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Creative Audio Console-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x416  /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x416  /remove
DAEMON Tools Lite 4.12.3-->C:\Programas\DAEMON Tools Lite\uninst.exe
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
ffdshow [rev 3255] [2010-02-08]-->"C:\Programas\ffdshow\unins000.exe"
Free Mp3 Wma Converter V 1.9-->"C:\Programas\Free Audio Pack\unins000.exe"
Gobulling Pro-->MsiExec.exe /X{605440E4-1124-4C80-A5F1-BC8168E77D03}
GOM Player-->"C:\Programas\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"C:\Programas\Malwarebytes' Anti-Malware\unins000.exe"
Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7}
MetaTrader 4.00-->"C:\Programas\MetaTrader 4\Uninstall.exe" "C:\Programas\MetaTrader 4\install.log"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.6.3)-->C:\Programas\Mozilla Firefox\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad)-->"C:\Programas\GNU\MPEG2\Uninstall.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Plus500-->C:\Programas\Plus500\Plus500.exe /uninstall
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Real Alternative 2.0.2-->"C:\Programas\Real Alternative\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Subtitle Workshop 2.51-->"C:\Programas\URUSoft\Subtitle Workshop\uninstall.exe"
System Requirements Lab-->C:\Programas\SystemRequirementsLab\Uninstall.exe
TidySongs (remove only)-->"C:\Programas\TidySongs\uninstall.exe"
TidySongs-->msiexec /qb /x {02828774-BEAF-39B4-E4F5-F093D6184402}
TidySongs-->MsiExec.exe /I{02828774-BEAF-39B4-E4F5-F093D6184402}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp-->"C:\Programas\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{418001D0-F48E-4910-966C-0DCCC996A87A}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{50CEA963-2745-46A8-BE71-767F2B36FEF2}
Windows Live Messenger-->MsiExec.exe /X{20B05668-C9F0-4469-AEF4-14DF41D6ACB6}
Windows Media Format 11 runtime-->"C:\Programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [oo] C:\WINDOWS\ndll.exe [2010-04-11]

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======System event log======

Computer Name: XP-COMPUTADOR
Event Code: 7036
Message: O serviço Serviço COM de gravação de CD de IMAPI entrou no estado pausado.

Record Number: 1679
Source Name: Service Control Manager
Time Written: 20100313112113.000000+000
Event Type: Informações
User: 

Computer Name: XP-COMPUTADOR
Event Code: 7036
Message: O serviço Adaptador de desempenho WMI entrou no estado execução.

Record Number: 1678
Source Name: Service Control Manager
Time Written: 20100313112110.000000+000
Event Type: Informações
User: 

Computer Name: XP-COMPUTADOR
Event Code: 7035
Message: Foi enviado com êxito para o serviço Adaptador de desempenho WMI um controlo Iniciar.

Record Number: 1677
Source Name: Service Control Manager
Time Written: 20100313112110.000000+000
Event Type: Informações
User: NT AUTHORITY\SYSTEM

Computer Name: XP-COMPUTADOR
Event Code: 7036
Message: O serviço Gestor de ligação de acesso remoto entrou no estado execução.

Record Number: 1676
Source Name: Service Control Manager
Time Written: 20100313112108.000000+000
Event Type: Informações
User: 

Computer Name: XP-COMPUTADOR
Event Code: 7035
Message: Foi enviado com êxito para o serviço Gestor de ligação de acesso remoto um controlo Iniciar.

Record Number: 1675
Source Name: Service Control Manager
Time Written: 20100313112108.000000+000
Event Type: Informações
User: XP-COMPUTADOR\Tiago Gomes

=====Application event log=====

Computer Name: XP-COMPUTADOR
Event Code: 0
Message: 
Record Number: 568
Source Name: iPod Service
Time Written: 20100322101240.000000+000
Event Type: Informações
User: 

Computer Name: XP-COMPUTADOR
Event Code: 1800
Message: O 'Serviço de centro de segurança de Windows' foi iniciado.

Record Number: 567
Source Name: SecurityCenter
Time Written: 20100322101238.000000+000
Event Type: Informações
User: 

Computer Name: XP-COMPUTADOR
Event Code: 1
Message: 
Record Number: 566
Source Name: Bonjour Service
Time Written: 20100322101237.000000+000
Event Type: Informações
User: 

Computer Name: XP-COMPUTADOR
Event Code: 0
Message: 
Record Number: 565
Source Name: iPod Service
Time Written: 20100321122914.000000+000
Event Type: Informações
User: 

Computer Name: XP-COMPUTADOR
Event Code: 1800
Message: O 'Serviço de centro de segurança de Windows' foi iniciado.

Record Number: 564
Source Name: SecurityCenter
Time Written: 20100321122913.000000+000
Event Type: Informações
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programas\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programas\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programas\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
DaRox
Active Member
 
Posts: 6
Joined: April 11th, 2010, 10:29 am

Re: Lot's of problems. Please help. Thanks

Unread postby muppy03 » April 20th, 2010, 5:26 am

Unfortunately I have some very bad news for you. You are infected with Virut which means the best course of action is a complete reformat and reinstallation of your OS.

O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Tiago Gomes\reader_s.exe

Here is some information.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.

http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=143034
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)

Miekiemoes, an expert for malware removal, and an MS-MVP, additionally has a blog post about Virut.

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows
:

http://web.mit.edu/ist/products/winxp/advanced/reinstall-format.html
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Lot's of problems. Please help. Thanks

Unread postby DaRox » April 20th, 2010, 1:29 pm

These are really bad news. Anyway, thanks very much for your help.

Just one last request. Can you tell me what should I do to prevent this happening again? ... programs to install, etc...
DaRox
Active Member
 
Posts: 6
Joined: April 11th, 2010, 10:29 am

Re: Lot's of problems. Please help. Thanks

Unread postby muppy03 » April 20th, 2010, 5:01 pm

These are really bad news. Anyway, thanks very much for your help.

Just one last request. Can you tell me what should I do to prevent this happening again? ... programs to install, etc...


First up one of the best ways to stay safe is to avoid P2P programs such as utorrent (that you have installed)

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

P2P programs also open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders them insecure, and access to the computer is left open even when the program is not in use. Therefore, the system's security is compromised.

So be aware that it's not just what's downloaded with P2P programs that creates problems, just having the program installed is like leaving all the doors to your house unlocked.

Also downloading ‘cracked’ software’ is a big risk as well as being illegal.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

  • Hosts File:
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:
  • MVPS Hosts File
  • Bluetack's Hosts File
  • Bluetack's Host Manager
  • hpHosts.

Be careful when opening attachments and downloading files:

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:


1) Sunbelt/Kerio
2) Agnitum
3) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.


Read some information here how to prevent Malware.


I hope this helps :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Lot's of problems. Please help. Thanks

Unread postby NonSuch » April 24th, 2010, 2:38 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 494 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware