Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
4 replies to this topic

#1 Fernando14

Fernando14

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 10 July 2006 - 06:24 AM

Please, help me!!!

Logfile of HijackThis v1.99.1
Scan saved at 08:13:00, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\Babylon\Babylon.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\TrojanHunter 4.5\THGuard.exe
C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe
C:\DOCUME~1\PARTIC~1\CONFIG~1\Temp\4ex4.modul32.exe
C:\WINDOWS\System32\alg.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Arquivos de programas\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Pesquisa do Google - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduzir palavra em inglês - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantâneo da página em cache - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Links para esta página - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Páginas semelhantes - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: License Management Service ESD - element5 - C:\Arquivos de programas\Arquivos comuns\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

BC AdBot (Login to Remove)

 


#2 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:12:14 AM

Posted 11 July 2006 - 04:14 AM

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

=====================================

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

@echo off
sc stop "Windows Log"
sc delete "Windows Log"
exit

Double click FixServices.bat. A window will open and close. This is normal.

=====================================


Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Show Hidden Files and Folders

Click Start » My Computer » Tools » Folder Options. Select the View tab.
  • Check - Show hidden files and folders
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files
Click Yes to confirm, then OK to exit.

=====================================

Reboot into Safe Mode
  • Restart your computer.
  • Before the Windows logo appear, tap F8 repeatedly.
  • A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
  • This will take a while than usual, so just wait.
=====================================



Locate and delete the following file(s), if present : C:\WINDOWS\system32\nvsvcd.exe
=====================================

Clear IE's Cookies and Cache
  • Close all instances of Outlook Express and Internet Explorer.
  • Go to Control Panel » Internet Options » General tab.
  • Click the Delete Cookies.
  • Next to it, Click the Delete Files button.
  • When prompted, place a check in: Delete all offline content, click OK.
Clear Firefox' Cookies ( in case you also have the Firefox browser )
  • Open Firefox.
  • Click Tools » Options.
  • Click the Privacy tab, then the Cookies tab.
  • Click the Clear Cookies Now button.
  • Then click OK to exit.
Clean Temporary Files
  • Go to Start » Run » type: cleanmgr » OK.
  • Choose (C:) and then click OK.
  • Make sure these are the only ones that are checked :
    • Temporary Internet Files
    • Temporary Files
    • Recycle Bin
  • Click OK to remove them.
  • Click Yes to confirm the deletion.
=====================================

Run an online scan at Panda's ActiveScan
  • Please go here using Internet Explorer.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open, click the big Check Now button.
    • Enter your Country.
    • Enter your State/Province.
    • Enter your e-mail address and click send.
    • Select either Home User or Company.
    • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • When the download is complete, click on My Computer to start the scan.
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

=====================================

In your next reply, please include these log(s):
  • HijackThis log (new)
  • Panda

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#3 Fernando14

Fernando14
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 July 2006 - 07:58 PM

Hello Jag11,
Thank very much for your help. Now, I'm posting the logs you have asked for:

Logfile of HijackThis v1.99.1
Scan saved at 21:56:09, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Arquivos de programas\Babylon\Babylon.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\TrojanHunter 4.5\THGuard.exe
C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=br
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Arquivos de programas\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Pesquisa do Google - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduzir palavra em inglês - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantâneo da página em cache - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Links para esta página - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Páginas semelhantes - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: License Management Service ESD - element5 - C:\Arquivos de programas\Arquivos comuns\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

__________________________________________________________________________
______PANDA LOG__________________________________________________________

Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Cookies\particular@acesso.uol.com[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Particular\Cookies\particular@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Particular\Cookies\particular@ads.pointroll[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Particular\Cookies\particular@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Cookies\particular@de.uol.com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Particular\Cookies\particular@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Particular\Cookies\particular@fastclick[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Cookies\particular@google.com[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Particular\Cookies\particular@hitbox[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Cookies\particular@ig.com[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Particular\Cookies\particular@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Particular\Cookies\particular@perf.overture[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Particular\Cookies\particular@server.iad.liveperson[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Cookies\particular@terra.com[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Particular\Cookies\particular@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Particular\Cookies\particular@tribalfusion[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Cookies\particular@uol.com[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.de.uol.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.google.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.admotion.com.ar/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\04hl0odt.default\cookies.txt[.maxserving.com/]
Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Particular\Meus documentos\Download\kmd.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Particular\Meus documentos\Minhas músicas\P2P\Cucusoft 7.06.zip[setup.exe]
Virus:Trj/LootSeek.EA Disinfected C:\RECYCLER\S-1-5-21-343818398-287218729-682003330-1003\Dc32.exe
Virus:Trj/LootSeek.EA Disinfected C:\RECYCLER\S-1-5-21-343818398-287218729-682003330-1003\Dc33.exe
Potentially unwanted tool:Application/Altnet Not disinfected F:\Bkp 26-01-06\Meus documentos\Download\kmd.exe
Adware:Adware/IST.ISTBar Not disinfected F:\Bkp 26-01-06\Meus documentos\Minhas músicas\P2P\Cucusoft 7.06.zip[setup.exe]

#4 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:12:14 AM

Posted 12 July 2006 - 12:50 AM

Ok, let's clean them up..

===

Update Java
  • Go to Start » Control Panel » Add/Remove Programs.
  • Search for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have this icon next to it: Posted Image
  • Click that entry and then click on the Change/Remove button.
  • Then download and install the newest version from here.
===

Locate and delete the following file(s), if present : C:\Documents and Settings\Particular\Meus documentos\Download\kmd.exe
C:\Documents and Settings\Particular\Meus documentos\Minhas músicas\P2P\Cucusoft 7.06.zip
F:\Bkp 26-01-06\Meus documentos\Download\kmd.exe
F:\Bkp 26-01-06\Meus documentos\Minhas músicas\P2P\Cucusoft 7.06.zip

===

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

===

Then post a new HJT log. Also tell us how are things running now! :thumbsup:
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#5 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:12:14 AM

Posted 24 July 2006 - 02:48 AM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Regards,
Jet Ian

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users