Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ybj8df.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 kevin-182

kevin-182

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 24 July 2008 - 10:09 PM

around an week ago i think i got rid of this ybj8df.exe by usin combofix... but i still keep gettin some msgs poppin up evry once in a while, and i'd like to make sure that evrythin's fine... i use NOD32, btw

here are the logs:

MAIN.txt

Deckard's System Scanner v20071014.68
Run by Kevin on 2008-07-25 00:03:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:25, on 25/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\Arquivos de programas\Net Studio\USB_FW.exe
C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Arquivos de programas\DesktopEarth\DesktopEarth.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Informat Technology\Dialer USB Modem\Dialer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrador\Desktop\dss.exe
C:\ARQUIV~1\HIJACK~1\Kevin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\ARQUIV~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [USBFireWall] C:\Arquivos de programas\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{68181CFD-2C31-4DB6-891E-3310D0AF8490}: NameServer = 200.169.117.22 200.169.119.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

--
End of file - 6067 bytes

-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-21 13:30:26 0 d--hs---- C:\WINDOWS\CSC
2008-07-21 09:52:19 68096 --a------ C:\WINDOWS\zip.exe
2008-07-21 09:52:19 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-21 09:52:19 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-21 09:52:19 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-21 09:52:19 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-21 09:52:19 98816 --a------ C:\WINDOWS\sed.exe
2008-07-21 09:52:19 80412 --a------ C:\WINDOWS\grep.exe
2008-07-21 09:52:19 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-14 17:57:39 0 d-------- C:\Arquivos de programas\Microsoft Games
2008-07-04 10:12:49 28672 --a------ C:\WINDOWS\system32\FolderWatcher.dll <Not Verified; UniCont Soft; FolderWatcher>
2008-07-04 10:12:49 102400 --a------ C:\WINDOWS\system32\FlashRenHelper.dll <Not Verified; RL Vision; Flash Renamer Helper>
2008-07-04 10:12:47 0 d-------- C:\Arquivos de programas\Flash Renamer
2008-07-03 10:31:27 612 --a------ C:\WINDOWS\eReg.dat
2008-07-03 09:50:06 0 d-------- C:\Arquivos de programas\OpenAL
2008-07-03 09:40:47 0 d-------- C:\Arquivos de programas\Codemasters
2008-06-27 11:06:33 0 d-------- C:\Arquivos de programas\FlashFXP


-- Find3M Report ---------------------------------------------------------------

2008-07-14 18:15:53 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft Games
2008-07-14 12:13:02 573 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\AutoGK.ini
2008-07-12 19:11:36 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent
2008-07-03 11:20:51 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\dBpoweramp
2008-07-03 10:31:23 0 d-------- C:\Arquivos de programas\EA GAMES
2008-07-03 09:40:44 0 d--h----- C:\Arquivos de programas\InstallShield Installation Information
2008-07-01 12:10:56 341508 --a------ C:\WINDOWS\system32\perfh016.dat
2008-07-01 12:10:56 47402 --a------ C:\WINDOWS\system32\perfc016.dat
2008-06-29 23:48:06 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla
2008-06-27 11:06:42 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\FlashFXP
2008-06-20 20:13:49 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe
2008-06-20 13:34:58 0 d-------- C:\Arquivos de programas\Bonjour
2008-06-20 13:34:46 0 d-------- C:\Arquivos de programas\Arquivos comuns\Adobe
2008-06-20 13:29:45 0 d-------- C:\Arquivos de programas\Arquivos comuns
2008-06-20 13:29:45 0 d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared
2008-06-17 13:33:39 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Vso
2008-06-16 09:28:12 0 d-------- C:\Arquivos de programas\AutoGK
2008-06-16 09:28:10 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-16 09:28:08 0 d-------- C:\Arquivos de programas\AviSynth 2.5
2008-06-13 23:55:20 0 d-------- C:\Arquivos de programas\gamani
2008-06-13 23:55:17 216064 --a------ C:\WINDOWS\iun3404.exe <Not Verified; Indigo Rose Corporation; Indigo Rose Corporation unin32>
2008-06-13 21:05:19 0 d-------- C:\Arquivos de programas\GameVicio
2008-06-13 20:36:20 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Ubisoft
2008-06-13 20:27:14 0 d-------- C:\Arquivos de programas\Ubisoft
2008-06-12 10:04:52 0 d-------- C:\Arquivos de programas\Audio Identifier
2008-06-12 00:51:02 0 d-------- C:\Arquivos de programas\Font Xplorer
2008-06-08 13:19:28 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Winamp
2008-06-08 13:10:11 0 d-------- C:\Arquivos de programas\Winamp
2008-06-07 11:29:51 0 d-------- C:\Arquivos de programas\CloneDVD
2008-06-07 11:25:13 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead
2008-06-07 10:35:37 0 d-------- C:\Arquivos de programas\Playlist Creator 3
2008-06-05 16:54:02 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM
2008-06-05 11:38:21 0 d-------- C:\Arquivos de programas\Mr QuestionMan
2008-06-05 11:07:11 0 d-------- C:\Arquivos de programas\Guidua 0.16
2008-06-04 14:34:16 0 d-------- C:\Arquivos de programas\SlySoft
2008-06-04 12:51:46 0 d-------- C:\Arquivos de programas\MagicISO
2008-06-04 12:41:53 0 d-------- C:\Arquivos de programas\DesktopEarth
2008-06-02 13:40:44 0 d-------- C:\Arquivos de programas\DVD Decrypter
2008-06-02 13:37:00 0 d-------- C:\Arquivos de programas\Net Studio
2008-06-02 13:28:57 0 d-------- C:\Arquivos de programas\microsoft frontpage
2008-06-02 12:48:48 0 d-------- C:\Arquivos de programas\winLAME
2008-06-02 12:21:19 0 d-------- C:\Arquivos de programas\DVD Audio Extractor
2008-06-01 13:28:07 0 d-------- C:\Arquivos de programas\Messenger Plus! Live
2008-06-01 12:52:51 0 d-------- C:\Arquivos de programas\WinAVI Video Converter
2008-06-01 12:52:15 0 d-------- C:\Arquivos de programas\Gabest
2008-06-01 12:52:03 0 d-------- C:\Arquivos de programas\K-Lite Codec Pack
2008-06-01 12:49:55 0 d-------- C:\Arquivos de programas\Windows Live
2008-06-01 12:49:41 0 d--hs--c- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller
2008-06-01 10:17:37 0 d-------- C:\Arquivos de programas\Essentials Codec Pack
2008-05-31 20:02:05 0 d-------- C:\Arquivos de programas\XP Codec Pack
2008-05-31 17:57:51 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\DVDFab
2008-05-31 15:34:24 34 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.log
2008-05-31 15:34:18 47360 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-31 15:34:18 1144 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.inf
2008-05-31 15:34:18 7887 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.cat
2008-05-31 15:34:02 0 d-------- C:\Arquivos de programas\DVDFab Platinum 3
2008-05-30 21:18:42 81920 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\ezpinst.exe
2008-05-30 20:11:17 0 d-------- C:\Arquivos de programas\Xilisoft
2008-05-30 19:55:35 0 d-------- C:\Arquivos de programas\Rockstar Games
2008-05-30 19:40:07 0 d-------- C:\Arquivos de programas\Exact Audio Copy
2008-05-30 19:26:08 0 d-------- C:\Arquivos de programas\Lame
2008-05-30 17:12:54 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\dvdcss
2008-05-30 16:54:52 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Help
2008-05-30 16:54:44 0 d-------- C:\Arquivos de programas\DVD Shrink
2008-05-30 11:40:43 1192 --a------ C:\WINDOWS\mozver.dat
2008-05-29 13:29:20 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AccurateRip
2008-05-29 13:19:59 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\vlc
2008-05-29 11:36:04 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\CyberLink
2008-05-29 10:35:00 0 d-------- C:\Arquivos de programas\KONAMI
2008-05-28 14:31:25 0 d-------- C:\Arquivos de programas\LS
2008-05-28 14:30:49 3069 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2008-05-28 14:30:39 3115 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-05-28 14:30:29 3595 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-05-28 14:30:17 2995 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-05-28 12:46:25 8465 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2008-05-28 12:46:22 13289 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-05-28 12:46:20 0 d-------- C:\Arquivos de programas\Illustrate
2008-05-28 11:51:34 0 d-------- C:\Arquivos de programas\Microsoft Works
2008-05-28 11:51:29 0 d-------- C:\Arquivos de programas\MSBuild
2008-05-28 10:57:00 0 d-------- C:\Arquivos de programas\Arquivos comuns\Sierra On-Line
2008-05-27 23:53:40 0 d-------- C:\Arquivos de programas\URUSoft
2008-05-27 23:52:00 0 d-------- C:\Arquivos de programas\CyberLink
2008-05-27 23:50:14 0 d-------- C:\Arquivos de programas\IrfanView
2008-05-27 23:42:57 0 d-------- C:\Arquivos de programas\TagRename
2008-05-27 23:41:45 0 d-------- C:\Arquivos de programas\VideoLAN
2008-05-27 23:40:14 0 d-------- C:\Arquivos de programas\UltraISO
2008-05-27 23:40:14 0 d-------- C:\Arquivos de programas\Arquivos comuns\EZB Systems
2008-05-27 14:33:26 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Corel
2008-05-27 14:01:55 0 d-------- C:\Arquivos de programas\Arquivos comuns\Corel
2008-05-27 14:01:53 0 d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield
2008-05-27 14:01:45 0 d-------- C:\Arquivos de programas\Corel
2008-05-27 13:55:53 0 d-------- C:\Arquivos de programas\ToniArts
2008-05-27 13:39:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-27 13:38:19 0 d-------- C:\Arquivos de programas\Informat Technology
2008-05-27 13:36:59 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia
2008-05-27 13:35:26 0 d-------- C:\Arquivos de programas\DAEMON Tools
2008-05-27 13:28:38 219648 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Sistema operacional Microsoft® Windows®>
2008-05-27 13:10:45 0 d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2008-05-27 13:10:29 0 d-------- C:\Arquivos de programas\Nero
2008-05-27 13:01:50 0 d-------- C:\Arquivos de programas\Hewlett-Packard
2008-05-27 13:01:37 0 d--h----- C:\Arquivos de programas\Zenographics
2008-05-27 12:59:18 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic
2008-05-27 12:46:38 0 d-------- C:\Arquivos de programas\Realtek
2008-05-27 12:46:01 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield
2008-05-27 12:43:41 0 d-------- C:\Arquivos de programas\Intel
2008-05-27 12:40:10 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Identities
2008-05-27 12:38:16 0 d-------- C:\Arquivos de programas\Java
2008-05-27 12:37:57 0 d-------- C:\Arquivos de programas\Arquivos comuns\Java
2008-05-27 12:37:41 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Real
2008-05-27 12:36:55 0 -rahs---- C:\MSDOS.SYS
2008-05-27 12:36:55 0 -rahs---- C:\IO.SYS
2008-05-27 12:36:55 0 --a------ C:\CONFIG.SYS
2008-05-27 12:36:55 0 --a------ C:\AUTOEXEC.BAT
2008-05-27 12:35:48 0 d--h----- C:\Arquivos de programas\WindowsUpdate
2008-05-27 12:35:44 0 d-------- C:\Arquivos de programas\Serviços on-line
2008-05-27 12:35:17 0 d-------- C:\Arquivos de programas\Arquivos comuns\Serviços
2008-05-27 12:35:14 0 d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap
2008-05-27 12:35:06 0 d-------- C:\Arquivos de programas\Movie Maker
2008-05-27 12:34:29 21844 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-27 12:33:52 0 d-------- C:\Arquivos de programas\MSN Gaming Zone
2008-05-27 12:33:46 0 d-------- C:\Arquivos de programas\Windows NT
2008-05-27 09:17:24 0 d-------- C:\Arquivos de programas\Arquivos comuns\ODBC
2008-05-27 09:17:22 0 d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
2008-05-27 09:17:00 62 --ahs---- C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [26/08/2005 18:14]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/06/2007 13:43]
"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]
"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [21/12/2007 08:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBFireWall"="C:\Arquivos de programas\Net Studio\USB_FW.exe" [22/03/2008 00:11]
"AnyDVD"="C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe" [28/03/2008 12:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [4/6/2008 12:41:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-07-25 00:03:40 ------------


EXTRA.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Portuguese

CPU 0: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
CPU 1: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2047.48 MiB / 1484.03 MiB
Pagefile Memory (total/avail): 3939.97 MiB / 3605 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1947.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 60.33 GiB total, 9.06 GiB free.
D: is Fixed (NTFS) - 172.55 GiB total, 25.57 GiB free.
E: is Fixed (NTFS) - 223.11 GiB total, 108.38 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD250HJ - 232.88 GiB - 2 partitions
\PARTITION0 - Estendido c/Int. estendida 13 - 172.55 GiB - D:
\PARTITION1 (bootable) - Sistema de arquivos instalável - 60.33 GiB - C:

\\.\PHYSICALDRIVE1 - SAMSUNG HD250HJ - 232.88 GiB - 3 partitions
\PARTITION0 - Estendido c/Int. estendida 13 - 232.88 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Arquivos de programas\\FlashFXP\\FlashFXP.exe"="C:\\Arquivos de programas\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Arquivos de programas\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="C:\\Arquivos de programas\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Arquivos de programas\\FlashFXP\\FlashFXP.exe"="C:\\Arquivos de programas\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Arquivos de programas\\Codemasters\\GRID\\GRID.exe"="C:\\Arquivos de programas\\Codemasters\\GRID\\GRID.exe:*:Enabled:GRID"
"D:\\Instalações\\UTorrent.exe"="D:\\Instalações\\UTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrador\Dados de aplicativos
CLIENTNAME=Console
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=ORANGE-7EE8F8FF
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrador
LOGONSERVER=\\ORANGE-7EE8F8FF
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
USERDOMAIN=ORANGE-7EE8F8FF
USERNAME=Kevin
USERPROFILE=C:\Documents and Settings\Administrador
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Kevin (new local, admin)
Administrador (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /X{663EB4B1-1C35-475C-853A-A810C3EAB170}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0 - Português --> MsiExec.exe /I{AC76BA86-7AD7-1046-7646-A70000000000}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AnyDVD --> "C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Arquivos de programas\SlySoft\AnyDVD"
Arquivo do WinRAR --> C:\Arquivos de programas\WinRAR\uninstall.exe
Assassin's Creed --> C:\Arquivos de programas\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
Atualização para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Auto Gordian Knot 2.45 --> C:\Arquivos de programas\AutoGK\uninst.exe
AviSynth 2.5 --> "C:\Arquivos de programas\AviSynth 2.5\Uninstall.exe"
CloneDVD 4.1.0.23 --> "C:\Arquivos de programas\CloneDVD\unins000.exe"
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
dBpoweramp DSP Effects --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
dBpoweramp FLAC Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Monkeys Audio Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
DesktopEarth --> MsiExec.exe /I{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}
Dialer USB Modem --> MsiExec.exe /I{19627233-F4B3-45B8-A830-0BD1AA595167}
DVD Audio Extractor 4.2.2 --> "C:\Arquivos de programas\DVD Audio Extractor\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Arquivos de programas\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Arquivos de programas\DVD Shrink\unins000.exe"
DVDFab Platinum 4.0.0.0 Beta Custom by Doc --> "C:\Arquivos de programas\DVDFab Platinum 3\unins000.exe"
EasyCleaner --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
Exact Audio Copy 0.99pb3 --> C:\Arquivos de programas\Exact Audio Copy\uninst.exe
Flash Renamer 5.3 --> "C:\Arquivos de programas\Flash Renamer\unins000.exe"
FlashFXP v3 --> "C:\Arquivos de programas\FlashFXP\Uninstall.exe" "C:\Arquivos de programas\FlashFXP\install.log" -u
Font Xplorer 1.2.2 --> C:\Arquivos de programas\Font Xplorer\Uninstall.exe C:\ARQUIV~1\FONTXP~1\Install.log
GIF Movie Gear 3.0 --> C:\WINDOWS\iun3404.exe C:\Arquivos de programas\gamani\GIFMovieGear
GRID --> "C:\Arquivos de programas\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
GTA San Andreas --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Guidua (remove only) --> "C:\Arquivos de programas\Guidua 0.16\uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Administrador\Desktop\HijackThis.exe /uninstall
IrfanView (remove only) --> C:\Arquivos de programas\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
K-Lite Codec Pack 3.2.0 Full --> "C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"
LaserJet 1020 series --> C:\Arquivos de programas\Zenographics\{DA583C6C-E50E-460C-9C4F-1BF222468EB3}\Setup.exe -u "HPLJInstaller.dll=Hplj1020.inf"
Magic ISO Maker v5.4 (build 0247) --> C:\ARQUIV~1\MagicISO\UNWISE.EXE C:\ARQUIV~1\MagicISO\INSTALL.LOG
Medal of Honor Pacific Assault™ --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
Messenger Plus! Live --> "C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Motorola Handset USB Driver --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9
Mozilla Firefox (3.0.1) --> C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
Need For Speed Hot Pursuit 2 --> C:\Arquivos de programas\EA Games\Need For Speed Hot Pursuit 2\EAUninstall.exe
Nero 7 Premium --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301046}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 FiX v1.9 --> "C:\Arquivos de programas\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OB WMP11 --> MsiExec.exe /I{161A6021-8A74-4890-AB9C-2A3A7774B62C}
OpenAL --> "C:\Arquivos de programas\OpenAL\OalinstGridRelease.exe" /U
OrderReminder HP LaserJet 1020 --> "C:\Arquivos de programas\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Playlist Creator 3 --> C:\Arquivos de programas\Playlist Creator 3\uninstall.exe
PowerDVD --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Pro Evolution Soccer 2008 --> C:\Arquivos de programas\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0816
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Arquivos de programas\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x0416 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x416 -removeonly
SierraAddressBook 3.0 --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}\setup.exe"
SierraHome Print Artist 15.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Sierra\Print Artist 15.0\HiUninst.isu" -c"C:\Sierra\Print Artist 15.0\Uninstpa.DLL"
Subtitle Workshop 2.03 --> "C:\Arquivos de programas\URUSoft\Subtitle Workshop\uninstall.exe"
Tag&Rename 3.3.5 --> "C:\Arquivos de programas\TagRename\unins000.exe"
UltraISO Premium V8.62 --> "C:\Arquivos de programas\UltraISO\unins000.exe"
USB FireWall --> "C:\Arquivos de programas\InstallShield Installation Information\{104C20FA-8F42-4958-B746-2A043DE1ECBF}\setup.exe" -runfromtemp -l0x0009 -removeonly
VideoLAN VLC media player 0.8.1 --> C:\Arquivos de programas\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Arquivos de programas\Winamp\UninstWA.exe"
WinAVI Video Converter --> "C:\Arquivos de programas\WinAVI Video Converter\unins000.exe"
Windows Live installer --> MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}
Windows Live Messenger --> MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}
winLAME prerelease4 --> MsiExec.exe /I{062BFFA1-0CCC-400B-B840-F162328D8C00}
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1427 / Success
Event Submitted/Written: 07/24/2008 10:50:36 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1419 / Success
Event Submitted/Written: 07/24/2008 08:01:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1410 / Success
Event Submitted/Written: 07/24/2008 01:47:07 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1399 / Success
Event Submitted/Written: 07/23/2008 07:24:30 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1388 / Success
Event Submitted/Written: 07/23/2008 11:48:44 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8907 / Error
Event Submitted/Written: 07/23/2008 11:12:51 AM
Event ID/Source: 11 / Cdrom
Event Description:
O driver detectou um erro de controlador em \Device\CdRom0.

Event Record #/Type8906 / Error
Event Submitted/Written: 07/23/2008 11:12:42 AM
Event ID/Source: 11 / Cdrom
Event Description:
O driver detectou um erro de controlador em \Device\CdRom0.

Event Record #/Type8905 / Error
Event Submitted/Written: 07/23/2008 11:12:32 AM
Event ID/Source: 11 / Cdrom
Event Description:
O driver detectou um erro de controlador em \Device\CdRom0.

Event Record #/Type8904 / Error
Event Submitted/Written: 07/23/2008 11:12:23 AM
Event ID/Source: 11 / Cdrom
Event Description:
O driver detectou um erro de controlador em \Device\CdRom0.

Event Record #/Type8903 / Error
Event Submitted/Written: 07/23/2008 11:12:13 AM
Event ID/Source: 11 / Cdrom
Event Description:
O driver detectou um erro de controlador em \Device\CdRom0.



-- End of Deckard's System Scanner: finished at 2008-07-24 23:46:51 ------------


if any1 can help, thnx

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:18 PM

Posted 07 August 2008 - 11:51 PM

Hello kevin-182,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below, a staff member will review and take the steps necessary with you to get your machine back in working order, clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above, we still need to see the current state of the machine. A fresh scan and logs are still necessary

Click on Start then Run
Copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
Click on Check All
Click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please do not put the logs in quote or code boxes. Simply paste them into the text window.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:18 PM

Posted 12 September 2008 - 10:28 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users