Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo Variant


  • This topic is locked This topic is locked
9 replies to this topic

#1 Ricardo MS

Ricardo MS

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 01 June 2008 - 01:25 PM

Hi, my internet explorer began to pop-up virus warnings and fake anti-virus solutions.

I already scanned my computer with superantispyware and detected that my pc is infected with the Vundo variant. The software was able to remove part of the virus, but there are still some infected files, as shown in the report log below:

1st scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:45, on 01/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\VOIP321\VOIP321.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.149.20.17 wwws.realsecureweb.com.br # GbPlugin
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\Windows\system32\fccbbAQI.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.5\gbiehabn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccbbAQI.dll,#1
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BMafacfcc9] Rundll32.exe "C:\Users\Gordo\AppData\Local\Temp\hlrsymvb.dll",s
O4 - HKCU\..\Run: [ac9fcf55] rundll32.exe "C:\Users\Gordo\AppData\Local\Temp\vqmsjyko.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Gordo\AppData\Local\Temp\mLETkiJA.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 13372 bytes

2nd scan
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/01/2008 at 12:48 PM

Application Version : 4.1.1046

Core Rules Database Version : 3472
Trace Rules Database Version: 1463

Scan type : Complete Scan
Total Scan Time : 00:24:57

Memory items scanned : 739
Memory threats detected : 0
Registry items scanned : 9082
Registry threats detected : 9
File items scanned : 29590
File threats detected : 5

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
HKCR\CLSID\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
HKCR\CLSID\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}\InprocServer32
HKCR\CLSID\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FCCBBAQI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}
HKCR\CLSID\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}

Adware.Vundo Variant/Rel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Windows\system32\fccbbAQI.dll,#1 ]
HKU\S-1-5-21-1377198925-1594962045-1889557319-1000\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\Gordo\AppData\Local\Temp\mLETkiJA.dll,c ]

Adware.Tracking Cookie
C:\Users\Gordo\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordo@doubleclick[1].txt
C:\Users\Gordo\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordo@ads.clubedohardware.com[2].txt
C:\Users\Gordo\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordo@ads.bleepingcomputer[2].txt
C:\Users\Gordo\AppData\Roaming\Microsoft\Windows\Cookies\Low\gordo@ad.adnetwork.com[1].txt

I also used DSS and Highjack, obtaining the following results:

Main.txt:

Deckard's System Scanner v20071014.68
Run by Gordo on 2008-06-01 15:09:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
6: 2008-06-01 14:36:05 UTC - RP96 - Installed SUPERAntiSpyware Professional
5: 2008-05-31 17:23:04 UTC - RP95 - Installed Iron Man.
4: 2008-05-30 19:53:43 UTC - RP94 - SPTD setup V1.56
3: 2008-05-30 11:00:33 UTC - RP92 - Instalação de Pacote de Driver de Dispositivo: Apple, Inc. Controladores USB (barramento serial universal)
2: 2008-05-30 04:49:10 UTC - RP91 - Windows Update


-- First Restore Point --
1: 2008-05-29 18:17:29 UTC - RP90 - Ponto de Verificação Agendado


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Gordo.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:08, on 01/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\VOIP321\VOIP321.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Users\Gordo\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gordo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.149.20.17 wwws.realsecureweb.com.br # GbPlugin
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.5\gbiehabn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BMafacfcc9] Rundll32.exe "C:\Users\Gordo\AppData\Local\Temp\hlrsymvb.dll",s
O4 - HKCU\..\Run: [ac9fcf55] rundll32.exe "C:\Users\Gordo\AppData\Local\Temp\vqmsjyko.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 13553 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 OemBiosDevice (Royalty OEM Bios Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R? GbpSv -
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 01:00:36 352 --a------ C:\Windows\Tasks\McQcTask.job
2008-05-14 11:51:25 350 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 12:41:29 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-06-01 11:51:07 0 d-------- C:\Program Files\Trend Micro
2008-06-01 11:36:47 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-01 11:36:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 11:35:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 17:34:11 2829 --a------ C:\Windows\War3Unin.pif
2008-05-30 17:34:11 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-30 17:34:11 55308 --a------ C:\Windows\War3Unin.dat
2008-05-30 17:12:04 0 d-------- C:\Program Files\Warcraft III
2008-05-30 17:05:12 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-30 16:54:04 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-05-30 08:01:39 0 d-------- C:\Program Files\iPod
2008-05-30 08:01:31 0 d-------- C:\Program Files\iTunes
2008-05-30 08:00:22 0 d-------- C:\Program Files\Common Files\Apple
2008-05-30 07:53:20 0 d-------- C:\Users\All Users\Apple
2008-05-30 07:53:20 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 23:42:31 0 d-------- C:\Program Files\uTorrent
2008-05-28 18:08:14 0 d-------- C:\Users\All Users\Apple Computer
2008-05-28 18:08:14 0 d-------- C:\Program Files\QuickTime
2008-05-28 11:13:17 0 d-------- C:\Windows\pss
2008-05-27 01:23:17 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-26 11:19:48 0 d-------- C:\Program Files\Common Files\Corel
2008-05-26 11:18:59 0 d-------- C:\Program Files\Corel
2008-05-21 12:13:30 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-05-21 11:26:02 0 d-------- C:\Users\All Users\RapidSolution
2008-05-21 11:26:02 0 d-------- C:\Program Files\RapidSolution
2008-05-19 18:29:20 0 d-------- C:\Program Files\Java
2008-05-19 18:27:55 0 d-------- C:\Program Files\Common Files\Java
2008-05-17 20:12:52 0 d-------- C:\temp
2008-05-17 18:03:08 0 d-------- C:\Users\All Users\Nero
2008-05-17 18:03:08 0 d-------- C:\Program Files\Nero
2008-05-17 18:03:08 0 d-------- C:\Program Files\Common Files\Nero
2008-05-17 17:41:05 0 d-------- C:\Program Files\Common Files\Skype
2008-05-17 17:17:58 0 d-------- C:\Users\All Users\DVD Shrink
2008-05-17 17:17:57 0 d-------- C:\Program Files\DVD Shrink
2008-05-17 13:15:26 0 d-------- C:\Windows\system32\directx
2008-05-17 13:03:08 0 d-------- C:\Users\All Users\InstallShield
2008-05-17 12:35:05 0 d-------- C:\Program Files\Activision
2008-05-16 18:42:25 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-16 18:38:00 0 d-------- C:\Program Files\XviD
2008-05-16 18:37:30 0 d-------- C:\Program Files\DivX
2008-05-16 17:46:49 0 d-------- C:\Users\All Users\eMule
2008-05-16 17:46:33 0 d-------- C:\Program Files\eMule
2008-05-16 09:58:16 0 d-------- C:\PerfLogs
2008-05-14 23:22:19 0 d-------- C:\Program Files\GbPlugin
2008-05-14 23:22:16 0 d-------- C:\Users\All Users\GbPlugin
2008-05-14 17:26:59 0 d-------- C:\Program Files\Philips
2008-05-14 17:22:08 0 d-------- C:\Program Files\Skype
2008-05-14 16:37:38 183392 -rahs---- C:\grldr
2008-05-14 16:30:25 0 d-------- C:\Users\All Users\WEBREG
2008-05-14 15:58:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-14 15:54:01 0 d-------- C:\Program Files\MSXML 4.0
2008-05-14 15:09:39 0 d-------- C:\Users\All Users\HPSSUPPLY
2008-05-14 15:07:34 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-14 15:07:34 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-14 15:07:14 0 d-------- C:\Program Files\Common Files\HP
2008-05-14 15:02:14 148903 --a------ C:\Windows\hpoins19.dat
2008-05-14 15:00:13 0 d-------- C:\Users\All Users\HP
2008-05-14 15:00:10 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer>
2008-05-14 15:00:10 303104 --a------ C:\Windows\system32\hpovst01.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-05-14 15:00:10 573440 --a------ C:\Windows\system32\hpotscl1.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-05-14 15:00:08 26952 --a------ C:\Windows\hpomdl19.dat
2008-05-14 14:31:52 0 d-------- C:\Program Files\HP
2008-05-14 14:28:17 0 d-------- C:\Users\All Users\FLEXnet
2008-05-14 14:24:56 0 d-------- C:\Users\All Users\Adobe
2008-05-14 14:24:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:02:39 2864 --a------ C:\Windows\bthservsdp.dat
2008-05-14 12:50:11 0 d-------- C:\Program Files\Microsoft Works
2008-05-14 12:48:25 0 d-------- C:\Program Files\Microsoft.NET
2008-05-14 12:46:10 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-14 12:45:08 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-14 12:42:20 0 dr-h----- C:\MSOCache
2008-05-14 12:15:57 0 d-------- C:\Windows\PCHEALTH
2008-05-14 12:14:43 0 d-------- C:\Windows\system32\Macromed
2008-05-14 12:13:08 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-05-14 12:11:36 0 d-------- C:\Users\All Users\Google
2008-05-14 12:11:32 0 d-------- C:\Program Files\Google
2008-05-14 12:09:50 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-14 12:09:41 0 d-------- C:\Program Files\Windows Live
2008-05-14 12:09:12 0 d-------- C:\Users\All Users\WLInstaller
2008-05-14 12:08:38 0 d-------- C:\Users\All Users\Skype
2008-05-14 12:05:35 0 d-------- C:\Program Files\Common Files\Steam
2008-05-14 11:43:29 0 d-------- C:\Windows\Downloaded Installations
2008-05-14 11:30:04 0 d-------- C:\Program Files\Common Files\logishrd
2008-05-14 11:19:50 0 d-------- C:\Program Files\McAfee.com
2008-05-14 11:19:49 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-14 11:19:45 0 d-------- C:\Program Files\McAfee
2008-05-14 11:17:55 0 d-------- C:\Users\All Users\McAfee
2008-05-14 10:53:34 0 d-------- C:\Users\All Users\Logitech
2008-05-14 10:53:32 0 d-------- C:\Program Files\Logitech
2008-05-14 10:53:30 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-14 10:53:10 0 d-------- C:\Users\All Users\LogiShrd
2008-05-14 02:40:29 53248 -----n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-05-14 02:39:26 0 d-------- C:\Program Files\Common Files\Creative
2008-05-14 02:39:24 0 d--h----- C:\Program Files\Creative Installation Information
2008-05-14 02:38:32 0 d-------- C:\Users\All Users\Creative
2008-05-14 02:35:40 0 d-------- C:\Program Files\OpenAL
2008-05-14 02:35:13 0 d-------- C:\Windows\system32\Data
2008-05-14 02:35:13 3072 --a------ C:\Windows\CTXFIBRZ.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-14 02:35:13 11264 --a------ C:\Windows\CTDCRBRZ.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-14 02:35:10 67072 -----n--- C:\Windows\system32\CmdRtr.dll
2008-05-14 02:35:10 105472 -----n--- C:\Windows\system32\APOMngr.dll
2008-05-14 02:30:36 0 d-------- C:\Users\All Users\ATI
2008-05-14 02:29:59 0 --a------ C:\Windows\ativpsrm.bin
2008-05-14 02:26:17 0 d-------- C:\Program Files\Steam
2008-05-14 02:25:07 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-05-14 02:24:17 0 d-------- C:\Program Files\ATI
2008-05-14 02:23:35 0 d-------- C:\Program Files\ATI Technologies
2008-05-14 02:22:56 0 d-------- C:\AMD
2008-05-14 01:01:38 24576 -ra------ C:\Windows\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-05-14 01:01:35 0 d-------- C:\Program Files\ASUS
2008-05-14 01:01:20 143360 -r------- C:\Windows\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-05-14 01:01:19 1953792 -r------- C:\Windows\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-05-14 01:01:19 0 d-------- C:\RaidTool
2008-05-14 01:01:00 0 d-------- C:\Windows\RaidTool
2008-05-14 01:00:01 0 d-------- C:\Program Files\Realtek
2008-05-14 00:55:47 0 d-------- C:\Program Files\Marvell
2008-05-14 00:48:39 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-14 00:48:39 0 d-------- C:\Program Files\Creative
2008-05-14 00:48:38 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-14 00:48:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 00:48:09 102400 --a------ C:\Windows\system32\SFBH.dll <Not Verified; Sonic Focus, Inc; SFBH Dynamic Link Library>
2008-05-14 00:48:09 73728 --a------ C:\Windows\system32\AEADICom.dll <Not Verified; Andrea Electronics Corporation; Filters Access (32-bit)>
2008-05-14 00:48:01 0 d-------- C:\Users\All Users\SonicFocus
2008-05-14 00:47:44 0 d-------- C:\Program Files\Analog Devices
2008-05-14 00:47:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 00:45:06 0 d-------- C:\Windows\ASUSInstAll
2008-05-14 00:39:12 0 d-------- C:\Program Files\Intel
2008-05-14 00:39:06 0 d-------- C:\Intel
2008-05-14 00:38:04 10288 --a------ C:\Windows\system32\drivers\ASUSHWIO.SYS
2008-05-14 00:33:00 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-05-14 00:32:55 0 d-------- C:\Program Files\ClonySoft
2008-05-14 00:32:40 0 d--hs---- C:\Windows\Installer
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Modelos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Meus documentos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Menu Iniciar
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Dados de aplicativos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Configurações locais
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Ambiente de rede
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Ambiente de impressão
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Modelos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Menu Iniciar
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Favoritos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Documentos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Dados de aplicativos
2008-05-13 22:35:58 0 d--hs---- C:\Program Files\Common Files\Sistema
2008-05-13 22:35:58 0 d--hs---- C:\Program Files\Arquivos Comuns
2008-05-13 22:35:58 0 d--hs---- C:\Arquivos de programas
2008-05-13 22:30:21 0 d-------- C:\Windows\SoftwareDistribution
2008-05-13 22:29:08 0 d-------- C:\Windows\system32\catroot2
2008-05-13 22:29:01 0 d-------- C:\Windows\Debug
2008-05-13 22:29:00 0 d-------- C:\Windows\CSC
2008-05-13 22:28:00 0 d-------- C:\Windows\Prefetch
2008-05-13 22:27:52 0 d--hs---- C:\System Volume Information
2008-05-13 22:26:56 0 d-------- C:\Windows\Panther
2008-05-13 22:26:43 0 d--hs---- C:\Boot
2008-05-12 22:53:16 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-12 22:50:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 22:50:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 22:50:08 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 22:50:08 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:50:08 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-05-12 22:50:08 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:50:06 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:49:02 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-01 14:57:20 0 d-------- C:\Users\Gordo\AppData\Roaming\Skype
2008-06-01 12:26:21 634020 --a------ C:\Windows\system32\prfh0416.dat
2008-06-01 12:26:21 121690 --a------ C:\Windows\system32\prfc0416.dat
2008-06-01 12:22:23 0 d-------- C:\Users\Gordo\AppData\Roaming\skypePM
2008-06-01 12:19:11 0 d-------- C:\Users\Gordo\AppData\Roaming\uTorrent
2008-06-01 11:36:23 0 d-------- C:\Users\Gordo\AppData\Roaming\SUPERAntiSpyware.com
2008-06-01 11:35:42 0 d-------- C:\Program Files\Common Files
2008-05-30 16:53:40 0 d-------- C:\Users\Gordo\AppData\Roaming\DAEMON Tools
2008-05-30 08:02:03 0 d-------- C:\Users\Gordo\AppData\Roaming\Apple Computer
2008-05-27 02:13:09 0 d-------- C:\Users\Gordo\AppData\Roaming\Creative
2008-05-26 11:30:02 0 d-------- C:\Users\Gordo\AppData\Roaming\Corel
2008-05-21 12:14:01 0 d-------- C:\Users\Gordo\AppData\Roaming\Tunebite
2008-05-19 16:37:32 0 d-------- C:\Users\Gordo\AppData\Roaming\DivX
2008-05-17 18:48:29 0 d-------- C:\Users\Gordo\AppData\Roaming\Printer Info Cache
2008-05-17 18:48:29 0 d-------- C:\Users\Gordo\AppData\Roaming\Image Zone Express
2008-05-17 18:07:06 0 d-------- C:\Users\Gordo\AppData\Roaming\Nero
2008-05-16 10:10:45 174 --ahs---- C:\Program Files\desktop.ini
2008-05-16 10:00:35 0 d-------- C:\Program Files\Windows Calendar
2008-05-16 10:00:35 0 d-------- C:\Program Files\Movie Maker
2008-05-16 10:00:34 0 d-------- C:\Program Files\Windows Sidebar
2008-05-16 10:00:34 0 d-------- C:\Program Files\Windows Mail
2008-05-16 10:00:32 0 d-------- C:\Program Files\Windows Journal
2008-05-16 10:00:32 0 d-------- C:\Program Files\Windows Collaboration
2008-05-16 10:00:31 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-16 10:00:26 0 d-------- C:\Program Files\Windows Defender
2008-05-15 00:00:33 0 d-------- C:\Users\Gordo\AppData\Roaming\Logitech
2008-05-14 16:30:39 0 d-------- C:\Users\Gordo\AppData\Roaming\HP
2008-05-14 14:28:53 0 d-------- C:\Users\Gordo\AppData\Roaming\Adobe
2008-05-14 14:23:11 0 d-------- C:\Users\Gordo\AppData\Roaming\Google
2008-05-14 12:49:48 0 d-------- C:\Program Files\MSBuild
2008-05-14 12:14:44 0 d-------- C:\Users\Gordo\AppData\Roaming\Macromedia
2008-05-14 02:30:36 0 d-------- C:\Users\Gordo\AppData\Roaming\ATI
2008-05-14 00:56:11 0 d-------- C:\Users\Gordo\AppData\Roaming\TMP
2008-05-14 00:47:30 0 d-------- C:\Users\Gordo\AppData\Roaming\InstallShield
2008-05-14 00:32:40 0 d-------- C:\Users\Gordo\AppData\Roaming\ClonySoft
2008-05-13 22:38:21 0 d-------- C:\Users\Gordo\AppData\Roaming\Identities
2008-05-13 22:35:58 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 04:38]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [21/05/2007 14:53]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [20/03/2007 03:36]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [06/09/2007 11:19]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [06/09/2007 19:57]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"UpdReg"="C:\Windows\UpdReg.EXE" [11/05/2000 01:00]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 21:52]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [06/06/2007 03:35]
"CTHelper"="CTHELPER.EXE" [05/03/2007 04:09 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [05/03/2007 04:09 C:\Windows\System32\CTXFIHLP.EXE]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 19:12]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/06/2004 06:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [09/11/2006 10:19]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 17:45]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16/06/2004 06:03]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 04:33]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 06:39]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [14/05/2008 12:11]
"BMafacfcc9"="C:\Users\Gordo\AppData\Local\Temp\hlrsymvb.dll,s" []
"ac9fcf55"="C:\Users\Gordo\AppData\Local\Temp\vqmsjyko.dll,b" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [13/05/2008 12:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DevconDefaultDB"=C:\Windows\system32\READREG /SILENT /FAIL=1
"CtxfiReg"=CTXFIREG.exe /FAIL1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 21:40:10]
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [03/05/2007 15:52:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Windows\Downloaded Program Files\CONFLICT.5\gbiehabn.dll [16/05/2008 17:54 367016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Remote Help]
"C:\Program Files\ASUS\AI Remote\AiRc.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help]
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a5cecc1-21bc-11dd-b087-001e8c71dd80}]
AutoRun\command- "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32eaaba2-2e83-11dd-9993-000761a36c36}]
AutoRun\command- I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c9c5a11-21ed-11dd-81d9-000761a36c36}]
AutoRun\command- G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e4738b-2154-11dd-b627-806e6f6e6963}]
AutoRun\command- E:\.\Bin\Assetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

200.149.20.17 wwws.realsecureweb.com.br # GbPlugin


-- End of Deckard's System Scanner: finished at 2008-06-01 15:14:20 ------------

Extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: Portuguese

CPU 0: Intel® Core™2 Quad CPU Q9450 @ 2.66GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 2046.37 MiB / 938.4 MiB
Pagefile Memory (total/avail): 4335.76 MiB / 2814.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.41 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 292.97 GiB total, 124.74 GiB free.
D: is Fixed (NTFS) - 172.79 GiB total, 153.21 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 465.76 GiB total, 344.59 GiB free.
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00A7B0 ATA Device - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 292.97 GiB - C:
\PARTITION1 - Installable File System - 172.79 GiB - D:

\\.\PHYSICALDRIVE1 - Seagate FreeAgent Pro USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: SUPERAntiSpyware v4, 1, 0, 1046 (SUPERAntiSpyware.com)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Gordo\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RMS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Gordo
LOCALAPPDATA=C:\Users\Gordo\AppData\Local
LOGONSERVER=\\RMS-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1707
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Gordo\AppData\Local\Temp
TMP=C:\Users\Gordo\AppData\Local\Temp
USERDOMAIN=RMS-PC
USERNAME=Gordo
USERPROFILE=C:\Users\Gordo
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Gordo


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0416
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0416
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0416
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0416
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0416
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0416
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0416
--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:BRZ
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\NuNInst.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x416
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x416
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x416 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x416
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x416 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x416
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x416 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x416
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x416
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x416 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA8A7C81-B0D0-422D-8FBD-BF2D25986667}\setup.exe" -l0x416
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x416
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x416 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
AI Remote --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AFF134D-A6B4-4669-9573-36665FFD1F50}\Setup.exe" -l0x9
AI Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assistente de Conexão do Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS WiFi-AP @n --> C:\Program Files\InstallShield Installation Information\{6600970A-BAE7-412A-BFFC-91AD793B3A41}\Setup.exe -runfromtemp -l0x0009 -removeonly
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Call of Duty 4 - Modern Warfare --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FC7D0B4-0275-407E-98D2-C6912EEE8ED6}\setup.exe" -l0x9 -removeonly
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x416 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x416 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Host OpenAL (ADI) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA8A7C81-B0D0-422D-8FBD-BF2D25986667}\setup.exe" -l0x416 /remove
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Driver Diagnostics --> MsiExec.exe /I{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B --> C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Informações do Sistema Creative --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x416 /remove
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0416 -removeonly
Marvell Miniport Driver --> C:\Program Files\Marvell\Miniport Driver\Uninst.exe
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1046}
OpenAL --> "C:\Program Files\OpenAL\OALInst.exe" /U
PixiePack Codec Pack --> MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -l0x0416 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Visio 2007 (KB947590) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {199018BD-578E-44BD-A28F-7F944931CABD}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x416 /remove
SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe -runfromtemp -l0x0416 -removeonly
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Vista x86 OneClick Activator --> MsiExec.exe /I{2876AEE2-A9C9-4585-A46A-44CF451C960E}
VOIP321 --> MsiExec.exe /X{3C0C88F5-72EE-464C-AC78-A118367FB322}
Warcraft III --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warcraft III: All Products --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Live installer --> MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}
Windows Live Messenger --> MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3827 / Success
Event Submitted/Written: 06/01/2008 00:21:55 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type3826 / Success
Event Submitted/Written: 06/01/2008 00:21:55 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type3823 / Success
Event Submitted/Written: 06/01/2008 00:21:48 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
O serviço de Licenciamento de Software foi iniciado.

Event Record #/Type3815 / Warning
Event Submitted/Written: 06/01/2008 00:19:52 PM
Event ID/Source: 1530 / profsvc
Event Description:
O Windows detectou que seu arquivo do Registro ainda está sendo usado por outros aplicativos ou serviços. O arquivo será descarregado agora. Os aplicativos e serviços que usam o arquivo do Registro poderão não funcionar corretamente depois disso.

DETALHE -
2 user registry handles leaked from \Registry\User\S-1-5-21-1377198925-1594962045-1889557319-1000_Classes:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1377198925-1594962045-1889557319-1000_CLASSES
Process 1936 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1377198925-1594962045-1889557319-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Event Record #/Type3814 / Warning
Event Submitted/Written: 06/01/2008 00:19:51 PM
Event ID/Source: 1530 / profsvc
Event Description:
O Windows detectou que seu arquivo do Registro ainda está sendo usado por outros aplicativos ou serviços. O arquivo será descarregado agora. Os aplicativos e serviços que usam o arquivo do Registro poderão não funcionar corretamente depois disso.

DETALHE -
1 user registry handles leaked from \Registry\User\S-1-5-21-1377198925-1594962045-1889557319-1000:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1377198925-1594962045-1889557319-1000



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20662 / Warning
Event Submitted/Written: 06/01/2008 03:12:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Proteção em Tempo Real %RMS-PC27 detectou alterações. A Microsoft recomenda que você examine o software que fez essas alterações em busca de possíveis riscos. Você pode usar as informações sobre como esses programas operam a fim de decidir entre permitir sua execução ou removê-los do computador. Permita alterações somente se confiar no fornecedor do software ou programa. %RMS-PC27 não pode desfazer as alterações que você permitiu.

Para obter mais informações, consulte:
%RMS-PC275

ID de Verificação: {E92CD456-AB71-4F26-A78D-01066D21AC2E}

Usuário: RMS-PC\Gordo

Nome: %RMS-PC271

ID: %RMS-PC272

ID de Severidade: %RMS-PC273

ID de Categoria: %RMS-PC274

Caminho Encontrado: %RMS-PC276

Tipo de Alerta: %RMS-PC278

Tipo de Detecção: 1.1.1600.02

Event Record #/Type20661 / Warning
Event Submitted/Written: 06/01/2008 03:12:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Proteção em Tempo Real %RMS-PC27 detectou alterações. A Microsoft recomenda que você examine o software que fez essas alterações em busca de possíveis riscos. Você pode usar as informações sobre como esses programas operam a fim de decidir entre permitir sua execução ou removê-los do computador. Permita alterações somente se confiar no fornecedor do software ou programa. %RMS-PC27 não pode desfazer as alterações que você permitiu.

Para obter mais informações, consulte:
%RMS-PC275

ID de Verificação: {4160F062-E9FD-426F-9DD8-49C45114D68D}

Usuário: RMS-PC\Gordo

Nome: %RMS-PC271

ID: %RMS-PC272

ID de Severidade: %RMS-PC273

ID de Categoria: %RMS-PC274

Caminho Encontrado: %RMS-PC276

Tipo de Alerta: %RMS-PC278

Tipo de Detecção: 1.1.1600.02

Event Record #/Type20660 / Warning
Event Submitted/Written: 06/01/2008 03:12:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Proteção em Tempo Real %RMS-PC27 detectou alterações. A Microsoft recomenda que você examine o software que fez essas alterações em busca de possíveis riscos. Você pode usar as informações sobre como esses programas operam a fim de decidir entre permitir sua execução ou removê-los do computador. Permita alterações somente se confiar no fornecedor do software ou programa. %RMS-PC27 não pode desfazer as alterações que você permitiu.

Para obter mais informações, consulte:
%RMS-PC275

ID de Verificação: {98B8795E-EDDB-4FAF-B716-A17E0F5F5C58}

Usuário: RMS-PC\Gordo

Nome: %RMS-PC271

ID: %RMS-PC272

ID de Severidade: %RMS-PC273

ID de Categoria: %RMS-PC274

Caminho Encontrado: %RMS-PC276

Tipo de Alerta: %RMS-PC278

Tipo de Detecção: 1.1.1600.02

Event Record #/Type20659 / Warning
Event Submitted/Written: 06/01/2008 03:12:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
O agente de Proteção em Tempo Real %RMS-PC27 detectou alterações. A Microsoft recomenda que você examine o software que fez essas alterações em busca de possíveis riscos. Você pode usar as informações sobre como esses programas operam a fim de decidir entre permitir sua execução ou removê-los do computador. Permita alterações somente se confiar no fornecedor do software ou programa. %RMS-PC27 não pode desfazer as alterações que você permitiu.

Para obter mais informações, consulte:
%RMS-PC275

ID de Verificação: {D8C5763D-D8F4-4535-A10E-79D37D9A60B1}

Usuário: RMS-PC\Gordo

Nome: %RMS-PC271

ID: %RMS-PC272

ID de Severidade: %RMS-PC273

ID de Categoria: %RMS-PC274

Caminho Encontrado: %RMS-PC276

Tipo de Alerta: %RMS-PC278

Tipo de Detecção: 1.1.1600.02

Event Record #/Type20652 / Warning
Event Submitted/Written: 06/01/2008 02:17:37 PM
Event ID/Source: 134 / W32Time
Event Description:
O NtpClient não conseguiu definir um mesmo nível manual para ser usado como fonte de tempo devido a um erro de resolução de DNS em 'time.windows.com,0x9'. O NtpClient fará nova tentativa em 15 minutos e, depois disso, dobrará o intervalo para uma nova tentativa. Erro: Este host não é conhecido. (0x80072AF9)



-- End of Deckard's System Scanner: finished at 2008-06-01 15:14:20 ------------

I am sorry, but some of the lines are in Portuguese....

Can somebody help me??

Thanks a lot!!!

BC AdBot (Login to Remove)

 


#2 Ricardo MS

Ricardo MS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 01 June 2008 - 06:10 PM

Hi...i scanned my computer for the third time with Superantispyware and now it seems like the virus has been removed, once the software is not detecting any infection...

However, I remember reading a posting here in which someone had the same problem and Superantispyware also did not detect any infection, and only after sending the Highjackthis log file to an analyst that the virus was completely removed. Therefore, I am sending the last log from Highjackthis, right after I scanned with superantispyware.

Hope someone can take a look at this for me....

Also, after all the scanning, everytime I start windows there are 2 pop-up message saying that windows cannot find the dll. I marked these dlls in red.

Thanks a lot!!!

Deckard's System Scanner v20071014.68
Run by Gordo on 2008-06-01 18:31:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gordo.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:48, on 01/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\VOIP321\VOIP321.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Users\Gordo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gordo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.149.20.17 wwws.realsecureweb.com.br # GbPlugin
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.5\gbiehabn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BMafacfcc9] Rundll32.exe "C:\Users\Gordo\AppData\Local\Temp\hlrsymvb.dll",s
O4 - HKCU\..\Run: [ac9fcf55] rundll32.exe "C:\Users\Gordo\AppData\Local\Temp\vqmsjyko.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0063141212353388) (0063141212353388mcinstcleanup) - McAfee, Inc. - C:\Users\Gordo\AppData\Local\Temp\006314~1.EXE
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12540 bytes

-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 12:41:29 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-06-01 11:51:07 0 d-------- C:\Program Files\Trend Micro
2008-06-01 11:36:47 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-01 11:36:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 11:35:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 17:34:11 2829 --a------ C:\Windows\War3Unin.pif
2008-05-30 17:34:11 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-30 17:34:11 55308 --a------ C:\Windows\War3Unin.dat
2008-05-30 17:12:04 0 d-------- C:\Program Files\Warcraft III
2008-05-30 17:05:12 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-30 16:54:04 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-05-30 08:01:39 0 d-------- C:\Program Files\iPod
2008-05-30 08:01:31 0 d-------- C:\Program Files\iTunes
2008-05-30 08:00:22 0 d-------- C:\Program Files\Common Files\Apple
2008-05-30 07:53:20 0 d-------- C:\Users\All Users\Apple
2008-05-30 07:53:20 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 23:42:31 0 d-------- C:\Program Files\uTorrent
2008-05-28 18:08:14 0 d-------- C:\Users\All Users\Apple Computer
2008-05-28 18:08:14 0 d-------- C:\Program Files\QuickTime
2008-05-28 11:13:17 0 d-------- C:\Windows\pss
2008-05-27 01:23:17 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-26 11:19:48 0 d-------- C:\Program Files\Common Files\Corel
2008-05-26 11:18:59 0 d-------- C:\Program Files\Corel
2008-05-21 12:13:30 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-05-21 11:26:02 0 d-------- C:\Users\All Users\RapidSolution
2008-05-21 11:26:02 0 d-------- C:\Program Files\RapidSolution
2008-05-19 18:29:20 0 d-------- C:\Program Files\Java
2008-05-19 18:27:55 0 d-------- C:\Program Files\Common Files\Java
2008-05-17 20:12:52 0 d-------- C:\temp
2008-05-17 18:03:08 0 d-------- C:\Users\All Users\Nero
2008-05-17 18:03:08 0 d-------- C:\Program Files\Nero
2008-05-17 18:03:08 0 d-------- C:\Program Files\Common Files\Nero
2008-05-17 17:41:05 0 d-------- C:\Program Files\Common Files\Skype
2008-05-17 17:17:58 0 d-------- C:\Users\All Users\DVD Shrink
2008-05-17 17:17:57 0 d-------- C:\Program Files\DVD Shrink
2008-05-17 13:15:26 0 d-------- C:\Windows\system32\directx
2008-05-17 13:03:08 0 d-------- C:\Users\All Users\InstallShield
2008-05-17 12:35:05 0 d-------- C:\Program Files\Activision
2008-05-16 18:42:25 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-16 18:38:00 0 d-------- C:\Program Files\XviD
2008-05-16 18:37:30 0 d-------- C:\Program Files\DivX
2008-05-16 17:46:49 0 d-------- C:\Users\All Users\eMule
2008-05-16 17:46:33 0 d-------- C:\Program Files\eMule
2008-05-16 09:58:16 0 d-------- C:\PerfLogs
2008-05-14 23:22:19 0 d-------- C:\Program Files\GbPlugin
2008-05-14 23:22:16 0 d-------- C:\Users\All Users\GbPlugin
2008-05-14 17:26:59 0 d-------- C:\Program Files\Philips
2008-05-14 17:22:08 0 d-------- C:\Program Files\Skype
2008-05-14 16:37:38 183392 -rahs---- C:\grldr
2008-05-14 16:30:25 0 d-------- C:\Users\All Users\WEBREG
2008-05-14 15:58:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-14 15:54:01 0 d-------- C:\Program Files\MSXML 4.0
2008-05-14 15:09:39 0 d-------- C:\Users\All Users\HPSSUPPLY
2008-05-14 15:07:34 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-14 15:07:34 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-14 15:07:14 0 d-------- C:\Program Files\Common Files\HP
2008-05-14 15:02:14 148903 --a------ C:\Windows\hpoins19.dat
2008-05-14 15:00:13 0 d-------- C:\Users\All Users\HP
2008-05-14 15:00:10 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer>
2008-05-14 15:00:10 303104 --a------ C:\Windows\system32\hpovst01.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-05-14 15:00:10 573440 --a------ C:\Windows\system32\hpotscl1.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-05-14 15:00:08 26952 --a------ C:\Windows\hpomdl19.dat
2008-05-14 14:31:52 0 d-------- C:\Program Files\HP
2008-05-14 14:28:17 0 d-------- C:\Users\All Users\FLEXnet
2008-05-14 14:24:56 0 d-------- C:\Users\All Users\Adobe
2008-05-14 14:24:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:02:39 1660 --a------ C:\Windows\bthservsdp.dat
2008-05-14 12:50:11 0 d-------- C:\Program Files\Microsoft Works
2008-05-14 12:48:25 0 d-------- C:\Program Files\Microsoft.NET
2008-05-14 12:46:10 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-14 12:45:08 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-14 12:42:20 0 dr-h----- C:\MSOCache
2008-05-14 12:15:57 0 d-------- C:\Windows\PCHEALTH
2008-05-14 12:14:43 0 d-------- C:\Windows\system32\Macromed
2008-05-14 12:13:08 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-05-14 12:11:36 0 d-------- C:\Users\All Users\Google
2008-05-14 12:11:32 0 d-------- C:\Program Files\Google
2008-05-14 12:09:50 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-14 12:09:41 0 d-------- C:\Program Files\Windows Live
2008-05-14 12:09:12 0 d-------- C:\Users\All Users\WLInstaller
2008-05-14 12:08:38 0 d-------- C:\Users\All Users\Skype
2008-05-14 12:05:35 0 d-------- C:\Program Files\Common Files\Steam
2008-05-14 11:43:29 0 d-------- C:\Windows\Downloaded Installations
2008-05-14 11:30:04 0 d-------- C:\Program Files\Common Files\logishrd
2008-05-14 11:19:50 0 d-------- C:\Program Files\McAfee.com
2008-05-14 11:19:49 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-14 11:19:45 0 d-------- C:\Program Files\McAfee
2008-05-14 11:17:55 0 d-------- C:\Users\All Users\McAfee
2008-05-14 10:53:34 0 d-------- C:\Users\All Users\Logitech
2008-05-14 10:53:32 0 d-------- C:\Program Files\Logitech
2008-05-14 10:53:30 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-14 10:53:10 0 d-------- C:\Users\All Users\LogiShrd
2008-05-14 02:40:29 53248 -----n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-05-14 02:39:26 0 d-------- C:\Program Files\Common Files\Creative
2008-05-14 02:39:24 0 d--h----- C:\Program Files\Creative Installation Information
2008-05-14 02:38:32 0 d-------- C:\Users\All Users\Creative
2008-05-14 02:35:40 0 d-------- C:\Program Files\OpenAL
2008-05-14 02:35:13 0 d-------- C:\Windows\system32\Data
2008-05-14 02:35:13 3072 --a------ C:\Windows\CTXFIBRZ.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-14 02:35:13 11264 --a------ C:\Windows\CTDCRBRZ.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-14 02:35:10 67072 -----n--- C:\Windows\system32\CmdRtr.dll
2008-05-14 02:35:10 105472 -----n--- C:\Windows\system32\APOMngr.dll
2008-05-14 02:30:36 0 d-------- C:\Users\All Users\ATI
2008-05-14 02:29:59 0 --a------ C:\Windows\ativpsrm.bin
2008-05-14 02:26:17 0 d-------- C:\Program Files\Steam
2008-05-14 02:25:07 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-05-14 02:24:17 0 d-------- C:\Program Files\ATI
2008-05-14 02:23:35 0 d-------- C:\Program Files\ATI Technologies
2008-05-14 02:22:56 0 d-------- C:\AMD
2008-05-14 01:01:38 24576 -ra------ C:\Windows\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-05-14 01:01:35 0 d-------- C:\Program Files\ASUS
2008-05-14 01:01:20 143360 -r------- C:\Windows\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-05-14 01:01:19 1953792 -r------- C:\Windows\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-05-14 01:01:19 0 d-------- C:\RaidTool
2008-05-14 01:01:00 0 d-------- C:\Windows\RaidTool
2008-05-14 01:00:01 0 d-------- C:\Program Files\Realtek
2008-05-14 00:55:47 0 d-------- C:\Program Files\Marvell
2008-05-14 00:48:39 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-14 00:48:39 0 d-------- C:\Program Files\Creative
2008-05-14 00:48:38 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-14 00:48:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 00:48:09 102400 --a------ C:\Windows\system32\SFBH.dll <Not Verified; Sonic Focus, Inc; SFBH Dynamic Link Library>
2008-05-14 00:48:09 73728 --a------ C:\Windows\system32\AEADICom.dll <Not Verified; Andrea Electronics Corporation; Filters Access (32-bit)>
2008-05-14 00:48:01 0 d-------- C:\Users\All Users\SonicFocus
2008-05-14 00:47:44 0 d-------- C:\Program Files\Analog Devices
2008-05-14 00:47:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 00:45:06 0 d-------- C:\Windows\ASUSInstAll
2008-05-14 00:39:12 0 d-------- C:\Program Files\Intel
2008-05-14 00:39:06 0 d-------- C:\Intel
2008-05-14 00:38:04 10288 --a------ C:\Windows\system32\drivers\ASUSHWIO.SYS
2008-05-14 00:33:00 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-05-14 00:32:55 0 d-------- C:\Program Files\ClonySoft
2008-05-14 00:32:40 0 d--hs---- C:\Windows\Installer
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Modelos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Meus documentos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Menu Iniciar
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Dados de aplicativos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Configurações locais
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Ambiente de rede
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Ambiente de impressão
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Modelos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Menu Iniciar
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Favoritos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Documentos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Dados de aplicativos
2008-05-13 22:35:58 0 d--hs---- C:\Program Files\Common Files\Sistema
2008-05-13 22:35:58 0 d--hs---- C:\Program Files\Arquivos Comuns
2008-05-13 22:35:58 0 d--hs---- C:\Arquivos de programas
2008-05-13 22:30:21 0 d-------- C:\Windows\SoftwareDistribution
2008-05-13 22:29:08 0 d-------- C:\Windows\system32\catroot2
2008-05-13 22:29:01 0 d-------- C:\Windows\Debug
2008-05-13 22:29:00 0 d-------- C:\Windows\CSC
2008-05-13 22:28:00 0 d-------- C:\Windows\Prefetch
2008-05-13 22:27:52 0 d--hs---- C:\System Volume Information
2008-05-13 22:26:56 0 d-------- C:\Windows\Panther
2008-05-13 22:26:43 0 d--hs---- C:\Boot
2008-05-12 22:53:16 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-12 22:50:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 22:50:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 22:50:08 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 22:50:08 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:50:08 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-05-12 22:50:08 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:50:06 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:49:02 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-01 18:31:42 0 d-------- C:\Users\Gordo\AppData\Roaming\Skype
2008-06-01 17:36:02 634020 --a------ C:\Windows\system32\prfh0416.dat
2008-06-01 17:36:02 121690 --a------ C:\Windows\system32\prfc0416.dat
2008-06-01 16:00:58 0 d-------- C:\Users\Gordo\AppData\Roaming\skypePM
2008-06-01 12:19:11 0 d-------- C:\Users\Gordo\AppData\Roaming\uTorrent
2008-06-01 11:36:23 0 d-------- C:\Users\Gordo\AppData\Roaming\SUPERAntiSpyware.com
2008-06-01 11:35:42 0 d-------- C:\Program Files\Common Files
2008-05-30 16:53:40 0 d-------- C:\Users\Gordo\AppData\Roaming\DAEMON Tools
2008-05-30 08:02:03 0 d-------- C:\Users\Gordo\AppData\Roaming\Apple Computer
2008-05-27 02:13:09 0 d-------- C:\Users\Gordo\AppData\Roaming\Creative
2008-05-26 11:30:02 0 d-------- C:\Users\Gordo\AppData\Roaming\Corel
2008-05-21 12:14:01 0 d-------- C:\Users\Gordo\AppData\Roaming\Tunebite
2008-05-19 16:37:32 0 d-------- C:\Users\Gordo\AppData\Roaming\DivX
2008-05-17 18:48:29 0 d-------- C:\Users\Gordo\AppData\Roaming\Printer Info Cache
2008-05-17 18:48:29 0 d-------- C:\Users\Gordo\AppData\Roaming\Image Zone Express
2008-05-17 18:07:06 0 d-------- C:\Users\Gordo\AppData\Roaming\Nero
2008-05-16 10:10:45 174 --ahs---- C:\Program Files\desktop.ini
2008-05-16 10:00:35 0 d-------- C:\Program Files\Windows Calendar
2008-05-16 10:00:35 0 d-------- C:\Program Files\Movie Maker
2008-05-16 10:00:34 0 d-------- C:\Program Files\Windows Sidebar
2008-05-16 10:00:34 0 d-------- C:\Program Files\Windows Mail
2008-05-16 10:00:32 0 d-------- C:\Program Files\Windows Journal
2008-05-16 10:00:32 0 d-------- C:\Program Files\Windows Collaboration
2008-05-16 10:00:31 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-16 10:00:26 0 d-------- C:\Program Files\Windows Defender
2008-05-15 00:00:33 0 d-------- C:\Users\Gordo\AppData\Roaming\Logitech
2008-05-14 16:30:39 0 d-------- C:\Users\Gordo\AppData\Roaming\HP
2008-05-14 14:28:53 0 d-------- C:\Users\Gordo\AppData\Roaming\Adobe
2008-05-14 14:23:11 0 d-------- C:\Users\Gordo\AppData\Roaming\Google
2008-05-14 12:49:48 0 d-------- C:\Program Files\MSBuild
2008-05-14 12:14:44 0 d-------- C:\Users\Gordo\AppData\Roaming\Macromedia
2008-05-14 02:30:36 0 d-------- C:\Users\Gordo\AppData\Roaming\ATI
2008-05-14 00:56:11 0 d-------- C:\Users\Gordo\AppData\Roaming\TMP
2008-05-14 00:47:30 0 d-------- C:\Users\Gordo\AppData\Roaming\InstallShield
2008-05-14 00:32:40 0 d-------- C:\Users\Gordo\AppData\Roaming\ClonySoft
2008-05-13 22:38:21 0 d-------- C:\Users\Gordo\AppData\Roaming\Identities
2008-05-13 22:35:58 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 04:38]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [21/05/2007 14:53]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [20/03/2007 03:36]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [06/09/2007 11:19]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [06/09/2007 19:57]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"UpdReg"="C:\Windows\UpdReg.EXE" [11/05/2000 01:00]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 21:52]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [06/06/2007 03:35]
"CTHelper"="CTHELPER.EXE" [05/03/2007 04:09 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [05/03/2007 04:09 C:\Windows\System32\CTXFIHLP.EXE]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/06/2004 06:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [09/11/2006 10:19]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 17:45]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16/06/2004 06:03]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 04:33]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 06:39]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [14/05/2008 12:11]
"BMafacfcc9"="C:\Users\Gordo\AppData\Local\Temp\hlrsymvb.dll,s" []
"ac9fcf55"="C:\Users\Gordo\AppData\Local\Temp\vqmsjyko.dll,b" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [13/05/2008 12:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DevconDefaultDB"=C:\Windows\system32\READREG /SILENT /FAIL=1
"CtxfiReg"=CTXFIREG.exe /FAIL1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 21:40:10]
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [03/05/2007 15:52:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Windows\Downloaded Program Files\CONFLICT.5\gbiehabn.dll [16/05/2008 17:54 367016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Remote Help]
"C:\Program Files\ASUS\AI Remote\AiRc.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help]
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a5cecc1-21bc-11dd-b087-001e8c71dd80}]
AutoRun\command- "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32eaaba2-2e83-11dd-9993-000761a36c36}]
AutoRun\command- I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c9c5a11-21ed-11dd-81d9-000761a36c36}]
AutoRun\command- G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e4738b-2154-11dd-b627-806e6f6e6963}]
AutoRun\command- E:\.\Bin\Assetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-01 18:33:04 ------------

#3 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:35 PM

Posted 02 June 2008 - 07:21 AM

Hi,

Please download the ComboFix from the links above and follow all instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • "If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!"
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer


Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 Ricardo MS

Ricardo MS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 02 June 2008 - 10:43 AM

Hi, thanks for the reply. I am using Windows Vista, and I am having trouble to install the Recovery Console.

I followed the steps from the tutorial to access the Windows Recovery Environment, got to the System Recovery Options screen and to the Command Prompt Screen. The tutorial does not guide me on how to install the Recovery Console.

Should I run Combofix from DOS? Or do I need to start the computer in safe mode and then disable the softwares and run Combofix from there?

Thanks again!!

Regards,

Ricardo.

#5 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:35 PM

Posted 02 June 2008 - 10:55 AM

Olá,

Pule a etapa de instalar a console, baixe o ComboFix, desabilite os seus programas de proteção e rode o combofix em modo normal.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#6 Ricardo MS

Ricardo MS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 02 June 2008 - 11:49 AM

Olá...

Segue o log do Combo fix e do HiJackthis:

ComboFix:
ComboFix 08-06-01.6 - Gordo 2008-06-02 13:32:15.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.1164 [GMT -3:00]
Executando de: C:\Users\Gordo\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf
F:\Autorun.inf

.
((((((((((((((((((((((( Ficheiros criados de 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))
.

2008-06-01 23:22 . 2008-06-01 23:35 96,966 --a------ C:\Windows\System32\drivers\klin.dat
2008-06-01 23:22 . 2008-06-01 23:35 88,774 --a------ C:\Windows\System32\drivers\klick.dat
2008-06-01 23:21 . 2008-06-01 23:21 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-01 23:21 . 2008-06-02 13:35 31,204,128 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-06-01 23:21 . 2008-06-02 12:13 405,908 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-06-01 23:20 . 2008-06-01 23:20 <DIR> d-------- C:\kav
2008-06-01 18:40 . 2008-06-02 12:28 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-06-01 18:40 . 2008-06-02 12:28 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-06-01 18:39 . 2008-06-01 18:39 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-06-01 18:39 . 2008-06-01 18:39 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-06-01 15:08 . 2008-06-01 15:08 <DIR> d-------- C:\Deckard
2008-06-01 12:41 . 2008-06-01 12:41 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-06-01 11:51 . 2008-06-01 11:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-01 11:36 . 2008-06-01 11:36 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\SUPERAntiSpyware.com
2008-06-01 11:36 . 2008-06-01 11:36 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-01 11:36 . 2008-06-01 11:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-06-01 11:36 . 2008-06-01 11:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 11:35 . 2008-06-01 11:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 17:34 . 2008-05-30 17:37 139,264 --a------ C:\Windows\War3Unin.exe
2008-05-30 17:34 . 2008-05-30 17:37 55,308 --a------ C:\Windows\War3Unin.dat
2008-05-30 17:34 . 2008-05-30 17:37 2,829 --a------ C:\Windows\War3Unin.pif
2008-05-30 17:12 . 2008-05-31 22:23 <DIR> d-------- C:\Program Files\Warcraft III
2008-05-30 17:05 . 2008-05-30 17:05 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-30 16:54 . 2008-05-30 16:54 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-05-30 16:53 . 2008-05-30 16:53 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\DAEMON Tools
2008-05-30 08:02 . 2008-05-30 08:02 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\Apple Computer
2008-05-30 08:01 . 2008-05-30 08:01 <DIR> d-------- C:\Program Files\iTunes
2008-05-30 08:01 . 2008-05-30 08:01 <DIR> d-------- C:\Program Files\iPod
2008-05-30 08:00 . 2008-05-30 08:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-30 07:53 . 2008-05-30 07:53 <DIR> d-------- C:\Users\All Users\Apple
2008-05-30 07:53 . 2008-05-30 07:53 <DIR> d-------- C:\ProgramData\Apple
2008-05-30 07:53 . 2008-05-30 07:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-28 23:42 . 2008-06-01 12:19 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\uTorrent
2008-05-28 23:42 . 2008-05-28 23:42 <DIR> d-------- C:\Program Files\uTorrent
2008-05-28 18:08 . 2008-05-30 08:01 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-05-28 18:08 . 2008-05-30 08:01 <DIR> d-------- C:\ProgramData\Apple Computer
2008-05-28 18:08 . 2008-05-28 18:08 <DIR> d-------- C:\Program Files\QuickTime
2008-05-28 00:42 . 2008-03-07 23:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 00:42 . 2008-03-08 01:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 02:13 . 2008-05-27 02:13 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\Creative
2008-05-27 01:33 . 2007-03-23 04:05 29,272 --a------ C:\Windows\System32\AdobePDF.dll
2008-05-27 01:23 . 2008-05-27 01:23 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-26 11:30 . 2008-05-26 11:30 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\Corel
2008-05-26 11:19 . 2008-05-26 11:19 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-05-26 11:18 . 2008-05-26 11:18 <DIR> d-------- C:\Program Files\Corel
2008-05-21 13:18 . 2008-05-21 13:18 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-21 12:13 . 2008-05-21 12:13 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-05-21 11:26 . 2008-05-21 12:14 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\Tunebite
2008-05-21 11:26 . 2008-05-21 12:23 <DIR> d-------- C:\Users\All Users\RapidSolution
2008-05-21 11:26 . 2008-05-21 12:23 <DIR> d-------- C:\ProgramData\RapidSolution
2008-05-21 11:26 . 2008-05-21 11:26 <DIR> d-------- C:\Program Files\RapidSolution
2008-05-21 11:26 . 2008-02-20 13:47 27,936 --a------ C:\Windows\System32\drivers\tbhsd.sys
2008-05-19 18:29 . 2008-05-19 18:29 <DIR> d-------- C:\Program Files\Java
2008-05-19 18:27 . 2008-05-19 18:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-19 16:35 . 2008-05-19 16:35 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-18 01:44 . 2004-03-09 00:00 152,848 --a------ C:\Windows\System32\comdlg32.ocx
2008-05-17 20:12 . 2008-05-17 20:13 <DIR> d-------- C:\temp\FixEngine
2008-05-17 20:12 . 2008-05-17 20:12 <DIR> d-------- C:\temp
2008-05-17 18:48 . 2008-05-17 18:48 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\Printer Info Cache
2008-05-17 18:48 . 2008-05-17 18:48 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\Image Zone Express
2008-05-17 18:07 . 2008-05-17 18:07 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\Nero
2008-05-17 18:03 . 2008-05-17 18:03 <DIR> d-------- C:\Users\All Users\Nero
2008-05-17 18:03 . 2008-05-17 18:03 <DIR> d-------- C:\ProgramData\Nero
2008-05-17 18:03 . 2008-05-17 18:03 <DIR> d-------- C:\Program Files\Nero
2008-05-17 18:03 . 2008-05-17 18:05 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-17 17:41 . 2008-05-17 17:41 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-17 17:17 . 2008-05-17 18:36 <DIR> d-------- C:\Users\All Users\DVD Shrink
2008-05-17 17:17 . 2008-05-17 18:36 <DIR> d-------- C:\ProgramData\DVD Shrink
2008-05-17 17:17 . 2008-05-17 17:17 <DIR> d-------- C:\Program Files\DVD Shrink
2008-05-17 13:21 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-05-17 13:03 . 2008-05-17 13:03 <DIR> d-------- C:\Users\All Users\InstallShield
2008-05-17 13:03 . 2008-05-17 13:03 <DIR> d-------- C:\ProgramData\InstallShield
2008-05-17 12:35 . 2008-05-17 12:35 <DIR> d-------- C:\Program Files\Activision
2008-05-17 12:35 . 2004-06-16 06:03 73,728 --a------ C:\Windows\System32\ISUSPM.cpl
2008-05-16 19:03 . 2008-05-19 16:37 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\DivX
2008-05-16 18:42 . 2008-05-16 18:42 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-16 18:38 . 2008-05-16 18:38 <DIR> d-------- C:\Program Files\XviD
2008-05-16 18:37 . 2008-05-16 18:42 <DIR> d-------- C:\Program Files\DivX
2008-05-16 18:34 . 2008-05-18 03:01 39 --a------ C:\Windows\vbaddin.ini
2008-05-16 18:32 . 2008-05-16 18:32 162 --a------ C:\Windows\ODBC.INI
2008-05-16 17:46 . 2008-05-16 17:46 <DIR> d-------- C:\Users\All Users\eMule
2008-05-16 17:46 . 2008-05-16 17:46 <DIR> d-------- C:\ProgramData\eMule
2008-05-16 17:46 . 2008-05-16 17:46 <DIR> d-------- C:\Program Files\eMule
2008-05-16 10:01 . 2008-05-16 10:01 1,080 --a------ C:\Windows\System32\settingsbkup.sfm
2008-05-16 10:01 . 2008-05-16 10:01 1,080 --a------ C:\Windows\System32\settings.sfm
2008-05-16 09:58 . 2008-05-16 09:58 <DIR> d-------- C:\PerfLogs
2008-05-16 02:46 . 2008-01-19 04:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-16 02:45 . 2008-01-19 04:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-16 02:44 . 2008-01-19 04:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-16 02:43 . 2008-01-19 04:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-16 02:42 . 2008-01-19 03:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-16 02:41 . 2008-01-19 04:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-16 02:41 . 2008-01-19 04:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-16 02:41 . 2006-11-02 06:46 151,552 --a------ C:\Windows\System32\WpdMtp.dll
2008-05-16 02:41 . 2008-01-05 08:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-16 02:41 . 2008-01-05 08:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-05-16 02:41 . 2008-01-05 08:32 120,458 --a------ C:\Windows\System32\secpol.msc
2008-05-16 02:41 . 2008-01-05 08:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-05-16 02:41 . 2008-01-05 08:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-05-16 02:41 . 2008-01-05 08:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-16 02:40 . 2008-01-19 04:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-16 02:40 . 2008-01-19 04:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-16 02:40 . 2008-01-19 04:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-16 02:40 . 2008-01-19 04:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-16 02:39 . 2008-01-19 04:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-16 02:39 . 2008-01-19 04:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-16 02:39 . 2008-01-19 04:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-16 02:39 . 2008-01-19 04:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-15 00:00 . 2008-05-15 00:00 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\Logitech
2008-05-14 23:58 . 2008-01-09 12:26 301,656 --a------ C:\Windows\System32\BtCoreIf.dll
2008-05-14 23:58 . 2008-01-09 12:27 170,512 --a------ C:\Windows\System32\kemutb.dll
2008-05-14 23:58 . 2008-01-09 12:28 141,840 --a------ C:\Windows\System32\KemUtil.dll
2008-05-14 23:58 . 2008-01-09 12:28 117,264 --a------ C:\Windows\System32\KemWnd.dll
2008-05-14 23:58 . 2008-01-09 12:28 76,304 --a------ C:\Windows\System32\KemXML.dll
2008-05-14 23:22 . 2008-06-01 12:21 <DIR> d-------- C:\Users\All Users\GbPlugin
2008-05-14 23:22 . 2008-06-01 12:21 <DIR> d-------- C:\ProgramData\GbPlugin
2008-05-14 23:22 . 2008-06-01 12:21 <DIR> d-------- C:\Program Files\GbPlugin
2008-05-14 17:26 . 2008-05-14 17:26 <DIR> d-------- C:\Program Files\Philips
2008-05-14 17:22 . 2008-05-17 17:41 <DIR> d-------- C:\Program Files\Skype
2008-05-14 16:37 . 2008-05-14 16:37 183,392 -rahs---- C:\grldr
2008-05-14 16:30 . 2008-05-14 16:30 <DIR> d-------- C:\Users\All Users\WEBREG
2008-05-14 16:30 . 2008-05-14 16:30 <DIR> d-------- C:\ProgramData\WEBREG
2008-05-14 16:26 . 2008-05-14 16:30 <DIR> d-------- C:\Users\Gordo\AppData\Roaming\HP
2008-05-14 15:58 . 2008-05-14 15:58 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-14 15:57 . 2008-05-14 15:57 988,216 --a------ C:\Windows\System32\winload.exe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 02:35 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-05-16 13:10 174 --sha-w C:\Program Files\desktop.ini
2008-05-16 13:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-16 13:00 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-16 13:00 --------- d-----w C:\Program Files\Windows Mail
2008-05-16 13:00 --------- d-----w C:\Program Files\Windows Journal
2008-05-16 13:00 --------- d-----w C:\Program Files\Windows Defender
2008-05-16 13:00 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-16 13:00 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 12:33 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-16 12:33 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-14 15:49 --------- d-----w C:\Program Files\MSBuild
2008-05-14 01:35 --------- d-sh--w C:\ProgramData\Modelos
2008-05-14 01:35 --------- d-sh--w C:\ProgramData\Menu Iniciar
2008-05-14 01:35 --------- d-sh--w C:\ProgramData\Favoritos
2008-05-14 01:35 --------- d-sh--w C:\ProgramData\Documentos
2008-05-14 01:35 --------- d-sh--w C:\ProgramData\Dados de aplicativos
2008-05-14 01:35 --------- d-sh--w C:\Program Files\Common Files\Sistema
2008-05-14 01:35 --------- d-sh--w C:\Program Files\Arquivos Comuns
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-05 19:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 19:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 19:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 18:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 18:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
.

------- Sigcheck -------

.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19 204800]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 04:33 202240]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-14 12:11 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 14:53 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 03:36 36864]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 19:57 626688]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 03:35 1261568]
"CTHelper"="CTHELPER.EXE" [2007-03-05 04:09 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-03-05 04:09 19968 C:\Windows\System32\CTXFIHLP.EXE]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]
"CtxfiReg"="CTXFIREG.exe" [2007-03-05 04:05 43520 C:\Windows\System32\CTXFIREG.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [2007-05-03 15:52:18 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Windows\Downloaded Program Files\CONFLICT.5\gbiehabn.dll [2008-05-16 17:54 367016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Remote Help]
--a------ 2007-09-03 21:27 3346432 C:\Program Files\ASUS\AI Remote\AiRc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help]
--a------ 2007-09-11 10:32 880640 C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 10:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2007-02-06 17:43 252704 C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 10:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-14 12:11 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FAA07215-942A-4520-A8A5-8E4C4E9035C6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D9872233-E50B-4C52-A4EB-5A78F24DFBBF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{31EAFCFA-CDD2-4E54-9E42-D070786A4CB4}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{BAECC00F-4907-4A69-BAE8-E8A3BC265519}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{E5B62D0A-E5DE-46E4-96AC-BD6D465AF06F}C:\\program files\\steam\\steamapps\\wolfao\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\wolfao\counter-strike source\hl2.exe:hl2
"UDP Query User{32F6414A-940D-4280-8A59-75EA1D47F84F}C:\\program files\\steam\\steamapps\\wolfao\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\wolfao\counter-strike source\hl2.exe:hl2
"TCP Query User{F11DCB62-ED02-4BCB-A325-C1EECABE4960}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{186AC0E6-80EC-477F-8E08-46AD115629C6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{E103AF85-7260-4C0B-A0A7-220CF1867AD8}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B5CCE2E0-C237-443B-8A00-246253477F3C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D15775A2-B47B-4D7C-88D0-A9962BBDF394}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{573BEE79-9722-4AA3-B517-720A66D6A456}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{48A8A7B7-FF3D-4E99-834E-B1B870243591}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{BB3FA29D-91E0-4A45-BEC8-7802A53EDE0A}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{73966D7D-FE8C-43E1-A8DA-802BA8D282B3}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{516E925B-0158-4C72-A3F5-173EBA8C1C29}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:MSI starter
"UDP Query User{07D27D06-B183-4298-96C6-70DE4CD92B08}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:MSI starter
"TCP Query User{ED492230-307E-4B5B-858C-1E763C8DA27E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5604853D-0607-4A26-9322-F64FCB184128}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{6369831E-827D-4B89-9DB4-B8AC61DAD56B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{46826138-D91E-4F32-AFEA-51464C7F1C9C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{6F53EF9E-1745-474A-92CB-3F6F5896758C}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{013323BA-8A39-41F9-A2E6-DB9571535BA1}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{4D15FF19-2D54-4CF0-89BA-524D1EFED418}C:\\kav\\kis\\setup.exe"= UDP:C:\kav\kis\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{E734AE57-C52F-4C91-B246-672266A4D2AA}C:\\kav\\kis\\setup.exe"= TCP:C:\kav\kis\setup.exe:Kaspersky Internet Security 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-06 20:41]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-20 19:55]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2007-03-05 07:02]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-08-15 22:49]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-08-15 05:22]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-05-14 00:33]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-30 22:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a5cecc1-21bc-11dd-b087-001e8c71dd80}]
\shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c9c5a11-21ed-11dd-81d9-000761a36c36}]
\shell\AutoRun\command - G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e4738b-2154-11dd-b627-806e6f6e6963}]
\shell\AutoRun\command - E:\.\Bin\Assetup.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 13:36:00
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

LVPrcSrv.exe [22224]

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-06-02 13:38:56
ComboFix-quarantined-files.txt 2008-06-02 16:38:44

Pre-Run: 123,877,355,520 bytes disponíveis
Post-Run: 123,890,642,944 bytes disponíveis

323 --- E O F --- 2008-05-28 06:01:02


HiJackthis:

Deckard's System Scanner v20071014.68
Run by Gordo on 2008-06-02 13:44:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gordo.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:51, on 02/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Gordo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gordo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.149.20.17 wwws.realsecureweb.com.br # GbPlugin
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.5\gbiehabn.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11997 bytes

-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 13:30:59 68096 --a------ C:\Windows\zip.exe
2008-06-02 13:30:59 49152 --a------ C:\Windows\VFind.exe
2008-06-02 13:30:59 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-02 13:30:59 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 13:30:59 98816 --a------ C:\Windows\sed.exe
2008-06-02 13:30:59 80412 --a------ C:\Windows\grep.exe
2008-06-02 13:30:59 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 13:30:44 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-01 23:22:56 96966 --a------ C:\Windows\system32\drivers\klin.dat
2008-06-01 23:22:56 88774 --a------ C:\Windows\system32\drivers\klick.dat
2008-06-01 23:21:38 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-01 23:21:37 31933472 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-06-01 23:20:43 0 d-------- C:\kav
2008-06-01 18:40:34 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-06-01 18:39:29 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-06-01 12:41:29 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-06-01 11:51:07 0 d-------- C:\Program Files\Trend Micro
2008-06-01 11:36:47 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-01 11:36:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 11:35:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 17:34:11 2829 --a------ C:\Windows\War3Unin.pif
2008-05-30 17:34:11 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-30 17:34:11 55308 --a------ C:\Windows\War3Unin.dat
2008-05-30 17:12:04 0 d-------- C:\Program Files\Warcraft III
2008-05-30 17:05:12 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-30 16:54:04 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-05-30 08:01:39 0 d-------- C:\Program Files\iPod
2008-05-30 08:01:31 0 d-------- C:\Program Files\iTunes
2008-05-30 08:00:22 0 d-------- C:\Program Files\Common Files\Apple
2008-05-30 07:53:20 0 d-------- C:\Users\All Users\Apple
2008-05-30 07:53:20 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 23:42:31 0 d-------- C:\Program Files\uTorrent
2008-05-28 18:08:14 0 d-------- C:\Users\All Users\Apple Computer
2008-05-28 18:08:14 0 d-------- C:\Program Files\QuickTime
2008-05-28 11:13:17 0 d-------- C:\Windows\pss
2008-05-27 01:23:17 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-26 11:19:48 0 d-------- C:\Program Files\Common Files\Corel
2008-05-26 11:18:59 0 d-------- C:\Program Files\Corel
2008-05-21 12:13:30 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-05-21 11:26:02 0 d-------- C:\Users\All Users\RapidSolution
2008-05-21 11:26:02 0 d-------- C:\Program Files\RapidSolution
2008-05-19 18:29:20 0 d-------- C:\Program Files\Java
2008-05-19 18:27:55 0 d-------- C:\Program Files\Common Files\Java
2008-05-17 20:12:52 0 d-------- C:\temp
2008-05-17 18:03:08 0 d-------- C:\Users\All Users\Nero
2008-05-17 18:03:08 0 d-------- C:\Program Files\Nero
2008-05-17 18:03:08 0 d-------- C:\Program Files\Common Files\Nero
2008-05-17 17:41:05 0 d-------- C:\Program Files\Common Files\Skype
2008-05-17 17:17:58 0 d-------- C:\Users\All Users\DVD Shrink
2008-05-17 17:17:57 0 d-------- C:\Program Files\DVD Shrink
2008-05-17 13:15:26 0 d-------- C:\Windows\system32\directx
2008-05-17 13:03:08 0 d-------- C:\Users\All Users\InstallShield
2008-05-17 12:35:05 0 d-------- C:\Program Files\Activision
2008-05-16 18:42:25 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-16 18:38:00 0 d-------- C:\Program Files\XviD
2008-05-16 18:37:30 0 d-------- C:\Program Files\DivX
2008-05-16 17:46:49 0 d-------- C:\Users\All Users\eMule
2008-05-16 17:46:33 0 d-------- C:\Program Files\eMule
2008-05-16 09:58:16 0 d-------- C:\PerfLogs
2008-05-14 23:22:19 0 d-------- C:\Program Files\GbPlugin
2008-05-14 23:22:16 0 d-------- C:\Users\All Users\GbPlugin
2008-05-14 17:26:59 0 d-------- C:\Program Files\Philips
2008-05-14 17:22:08 0 d-------- C:\Program Files\Skype
2008-05-14 16:37:38 183392 -rahs---- C:\grldr
2008-05-14 16:30:25 0 d-------- C:\Users\All Users\WEBREG
2008-05-14 15:58:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-14 15:54:01 0 d-------- C:\Program Files\MSXML 4.0
2008-05-14 15:09:39 0 d-------- C:\Users\All Users\HPSSUPPLY
2008-05-14 15:07:34 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-14 15:07:34 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-14 15:07:14 0 d-------- C:\Program Files\Common Files\HP
2008-05-14 15:02:14 148903 --a------ C:\Windows\hpoins19.dat
2008-05-14 15:00:13 0 d-------- C:\Users\All Users\HP
2008-05-14 15:00:10 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer>
2008-05-14 15:00:10 303104 --a------ C:\Windows\system32\hpovst01.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-05-14 15:00:10 573440 --a------ C:\Windows\system32\hpotscl1.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2008-05-14 15:00:08 26952 --a------ C:\Windows\hpomdl19.dat
2008-05-14 14:31:52 0 d-------- C:\Program Files\HP
2008-05-14 14:28:17 0 d-------- C:\Users\All Users\FLEXnet
2008-05-14 14:24:56 0 d-------- C:\Users\All Users\Adobe
2008-05-14 14:24:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:02:39 12 --a------ C:\Windows\bthservsdp.dat
2008-05-14 12:50:11 0 d-------- C:\Program Files\Microsoft Works
2008-05-14 12:48:25 0 d-------- C:\Program Files\Microsoft.NET
2008-05-14 12:46:10 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-14 12:45:08 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-14 12:42:20 0 dr-h----- C:\MSOCache
2008-05-14 12:15:57 0 d-------- C:\Windows\PCHEALTH
2008-05-14 12:14:43 0 d-------- C:\Windows\system32\Macromed
2008-05-14 12:13:08 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-05-14 12:11:36 0 d-------- C:\Users\All Users\Google
2008-05-14 12:11:32 0 d-------- C:\Program Files\Google
2008-05-14 12:09:50 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-14 12:09:41 0 d-------- C:\Program Files\Windows Live
2008-05-14 12:09:12 0 d-------- C:\Users\All Users\WLInstaller
2008-05-14 12:08:38 0 d-------- C:\Users\All Users\Skype
2008-05-14 12:05:35 0 d-------- C:\Program Files\Common Files\Steam
2008-05-14 11:43:29 0 d-------- C:\Windows\Downloaded Installations
2008-05-14 11:30:04 0 d-------- C:\Program Files\Common Files\logishrd
2008-05-14 11:17:55 0 d-------- C:\Users\All Users\McAfee
2008-05-14 10:53:34 0 d-------- C:\Users\All Users\Logitech
2008-05-14 10:53:32 0 d-------- C:\Program Files\Logitech
2008-05-14 10:53:30 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-14 10:53:10 0 d-------- C:\Users\All Users\LogiShrd
2008-05-14 02:40:29 53248 -----n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-05-14 02:39:26 0 d-------- C:\Program Files\Common Files\Creative
2008-05-14 02:39:24 0 d--h----- C:\Program Files\Creative Installation Information
2008-05-14 02:38:32 0 d-------- C:\Users\All Users\Creative
2008-05-14 02:35:40 0 d-------- C:\Program Files\OpenAL
2008-05-14 02:35:13 0 d-------- C:\Windows\system32\Data
2008-05-14 02:35:13 3072 --a------ C:\Windows\CTXFIBRZ.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-14 02:35:13 11264 --a------ C:\Windows\CTDCRBRZ.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-14 02:35:10 67072 -----n--- C:\Windows\system32\CmdRtr.dll
2008-05-14 02:35:10 105472 -----n--- C:\Windows\system32\APOMngr.dll
2008-05-14 02:30:36 0 d-------- C:\Users\All Users\ATI
2008-05-14 02:29:59 0 --a------ C:\Windows\ativpsrm.bin
2008-05-14 02:26:17 0 d-------- C:\Program Files\Steam
2008-05-14 02:25:07 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-05-14 02:24:17 0 d-------- C:\Program Files\ATI
2008-05-14 02:23:35 0 d-------- C:\Program Files\ATI Technologies
2008-05-14 02:22:56 0 d-------- C:\AMD
2008-05-14 01:01:38 24576 -ra------ C:\Windows\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-05-14 01:01:35 0 d-------- C:\Program Files\ASUS
2008-05-14 01:01:20 143360 -r------- C:\Windows\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-05-14 01:01:19 1953792 -r------- C:\Windows\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-05-14 01:01:19 0 d-------- C:\RaidTool
2008-05-14 01:01:00 0 d-------- C:\Windows\RaidTool
2008-05-14 01:00:01 0 d-------- C:\Program Files\Realtek
2008-05-14 00:55:47 0 d-------- C:\Program Files\Marvell
2008-05-14 00:48:39 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-14 00:48:39 0 d-------- C:\Program Files\Creative
2008-05-14 00:48:38 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-14 00:48:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 00:48:09 102400 --a------ C:\Windows\system32\SFBH.dll <Not Verified; Sonic Focus, Inc; SFBH Dynamic Link Library>
2008-05-14 00:48:09 73728 --a------ C:\Windows\system32\AEADICom.dll <Not Verified; Andrea Electronics Corporation; Filters Access (32-bit)>
2008-05-14 00:48:01 0 d-------- C:\Users\All Users\SonicFocus
2008-05-14 00:47:44 0 d-------- C:\Program Files\Analog Devices
2008-05-14 00:47:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 00:45:06 0 d-------- C:\Windows\ASUSInstAll
2008-05-14 00:39:12 0 d-------- C:\Program Files\Intel
2008-05-14 00:39:06 0 d-------- C:\Intel
2008-05-14 00:38:04 10288 --a------ C:\Windows\system32\drivers\ASUSHWIO.SYS
2008-05-14 00:33:00 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-05-14 00:32:55 0 d-------- C:\Program Files\ClonySoft
2008-05-14 00:32:40 0 d--hs---- C:\Windows\Installer
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Modelos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Meus documentos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Menu Iniciar
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Dados de aplicativos
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Configurações locais
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Ambiente de rede
2008-05-13 22:35:58 0 d--hs---- C:\Users\Default\Ambiente de impressão
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Modelos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Menu Iniciar
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Favoritos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Documentos
2008-05-13 22:35:58 0 d--hs---- C:\Users\All Users\Dados de aplicativos
2008-05-13 22:35:58 0 d--hs---- C:\Program Files\Common Files\Sistema
2008-05-13 22:35:58 0 d--hs---- C:\Program Files\Arquivos Comuns
2008-05-13 22:35:58 0 d--hs---- C:\Arquivos de programas
2008-05-13 22:30:21 0 d-------- C:\Windows\SoftwareDistribution
2008-05-13 22:29:08 0 d-------- C:\Windows\system32\catroot2
2008-05-13 22:29:01 0 d-------- C:\Windows\Debug
2008-05-13 22:29:00 0 d-------- C:\Windows\CSC
2008-05-13 22:28:00 0 d-------- C:\Windows\Prefetch
2008-05-13 22:27:52 0 d--hs---- C:\System Volume Information
2008-05-13 22:26:56 0 d-------- C:\Windows\Panther
2008-05-13 22:26:43 0 d--hs---- C:\Boot
2008-05-12 22:53:16 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-12 22:50:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 22:50:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 22:50:08 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 22:50:08 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:50:08 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-05-12 22:50:08 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:50:06 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 22:49:02 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-02 13:24:47 0 d-------- C:\Users\Gordo\AppData\Roaming\Skype
2008-06-02 12:32:10 634020 --a------ C:\Windows\system32\prfh0416.dat
2008-06-02 12:32:10 121690 --a------ C:\Windows\system32\prfc0416.dat
2008-06-02 09:37:09 0 d-------- C:\Users\Gordo\AppData\Roaming\skypePM
2008-06-01 18:37:13 0 d-------- C:\Program Files\Common Files
2008-06-01 12:19:11 0 d-------- C:\Users\Gordo\AppData\Roaming\uTorrent
2008-06-01 11:36:23 0 d-------- C:\Users\Gordo\AppData\Roaming\SUPERAntiSpyware.com
2008-05-30 16:53:40 0 d-------- C:\Users\Gordo\AppData\Roaming\DAEMON Tools
2008-05-30 08:02:03 0 d-------- C:\Users\Gordo\AppData\Roaming\Apple Computer
2008-05-27 02:13:09 0 d-------- C:\Users\Gordo\AppData\Roaming\Creative
2008-05-26 11:30:02 0 d-------- C:\Users\Gordo\AppData\Roaming\Corel
2008-05-21 12:14:01 0 d-------- C:\Users\Gordo\AppData\Roaming\Tunebite
2008-05-19 16:37:32 0 d-------- C:\Users\Gordo\AppData\Roaming\DivX
2008-05-17 18:48:29 0 d-------- C:\Users\Gordo\AppData\Roaming\Printer Info Cache
2008-05-17 18:48:29 0 d-------- C:\Users\Gordo\AppData\Roaming\Image Zone Express
2008-05-17 18:07:06 0 d-------- C:\Users\Gordo\AppData\Roaming\Nero
2008-05-16 10:10:45 174 --ahs---- C:\Program Files\desktop.ini
2008-05-16 10:00:35 0 d-------- C:\Program Files\Windows Calendar
2008-05-16 10:00:35 0 d-------- C:\Program Files\Movie Maker
2008-05-16 10:00:34 0 d-------- C:\Program Files\Windows Sidebar
2008-05-16 10:00:34 0 d-------- C:\Program Files\Windows Mail
2008-05-16 10:00:32 0 d-------- C:\Program Files\Windows Journal
2008-05-16 10:00:32 0 d-------- C:\Program Files\Windows Collaboration
2008-05-16 10:00:31 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-16 10:00:26 0 d-------- C:\Program Files\Windows Defender
2008-05-15 00:00:33 0 d-------- C:\Users\Gordo\AppData\Roaming\Logitech
2008-05-14 16:30:39 0 d-------- C:\Users\Gordo\AppData\Roaming\HP
2008-05-14 14:28:53 0 d-------- C:\Users\Gordo\AppData\Roaming\Adobe
2008-05-14 14:23:11 0 d-------- C:\Users\Gordo\AppData\Roaming\Google
2008-05-14 12:49:48 0 d-------- C:\Program Files\MSBuild
2008-05-14 12:14:44 0 d-------- C:\Users\Gordo\AppData\Roaming\Macromedia
2008-05-14 02:30:36 0 d-------- C:\Users\Gordo\AppData\Roaming\ATI
2008-05-14 00:56:11 0 d-------- C:\Users\Gordo\AppData\Roaming\TMP
2008-05-14 00:47:30 0 d-------- C:\Users\Gordo\AppData\Roaming\InstallShield
2008-05-14 00:32:40 0 d-------- C:\Users\Gordo\AppData\Roaming\ClonySoft
2008-05-13 22:38:21 0 d-------- C:\Users\Gordo\AppData\Roaming\Identities
2008-05-13 22:35:58 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [21/05/2007 14:53]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [20/03/2007 03:36]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [06/09/2007 11:19]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [06/09/2007 19:57]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"UpdReg"="C:\Windows\UpdReg.EXE" [11/05/2000 01:00]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 21:52]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [06/06/2007 03:35]
"CTHelper"="CTHELPER.EXE" [05/03/2007 04:09 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [05/03/2007 04:09 C:\Windows\System32\CTXFIHLP.EXE]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/06/2004 06:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [09/11/2006 10:19]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 17:45]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16/06/2004 06:03]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 04:33]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 06:39]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [14/05/2008 12:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DevconDefaultDB"=C:\Windows\system32\READREG /SILENT /FAIL=1
"CtxfiReg"=CTXFIREG.exe /FAIL1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [02/01/2007 21:40:10]
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [03/05/2007 15:52:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Windows\Downloaded Program Files\CONFLICT.5\gbiehabn.dll [16/05/2008 17:54 367016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Remote Help]
"C:\Program Files\ASUS\AI Remote\AiRc.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help]
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a5cecc1-21bc-11dd-b087-001e8c71dd80}]
AutoRun\command- "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c9c5a11-21ed-11dd-81d9-000761a36c36}]
AutoRun\command- G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e4738b-2154-11dd-b627-806e6f6e6963}]
AutoRun\command- E:\.\Bin\Assetup.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-02 13:49:00 ------------

Obrigado!

#7 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:35 PM

Posted 02 June 2008 - 12:01 PM

Olá,

O logs não mostram malwares. Nota algo estranho no pc?
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#8 Ricardo MS

Ricardo MS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 02 June 2008 - 12:51 PM

Agora está tudo certo...os pop-ups de dll pararam de aparecer e o Kaspersky e SuperAntispyware não detectaram nenhuma infecção.

Mas fico mais tranquilo por você ter verificado o log.

Muito obrigado pela ajuda, agora estou mais tranquilo!

Abraços!

#9 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:35 PM

Posted 03 June 2008 - 03:49 AM

Foi um prazer ajudá-lo. Por favor siga as instruções finais (abaixo) para melhoria da segurança no seu pc.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Follow the instructions here for Windows Vista to disable and then reenable system restore in order to clear old restore points:
    http://www.pchell.com/virus/systemrestore.shtml
    Note: only do this once, and not on a regular basis
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Two good paid for antivirus programs are NOD32 and Bitdefender
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
Glad i was able to help and please let me know if you still need assistence.Posted Image
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#10 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:35 PM

Posted 09 June 2008 - 05:42 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users