Sign in to follow this  
cali_dude777

Can't Load Some Pages On Ie7 And Yahoo Messenger Doesn't Work

Recommended Posts

did it all as requested.

 

HAXFIX logfile - by Marckie

 

version 4.44

s b 02/06/2007 20:52:23,35

 

--- Manual Haxdoorfix ---

 

Adding haxdoorkeys to delete...

vdmt

 

searching for services....

service vdmt16 found

[sWSC] DeleteService SUCCESS

 

 

--- Goldunfix ---

 

 

searching for files:

 

 

checking iexplore.exe

iexplore.exe is not infected

 

searching for SSODLkeys:

no SSODLkeys found

 

searching for notifykeys:

no notifykeys found

 

searching for services:

no services found

 

 

.....rebooting the computer.....

 

 

searching for ssodlkeys

 

not needed

 

 

searching for notifykeys

 

notifykey vdmt16 not found

 

 

searching for services

 

service vdmt16 not found

 

 

searching for safeboot services

 

not needed

 

 

searching for files

 

vdmt16.dll exists

deleting vdmt16.dll

vdmt16.dll has been deleted

 

vdmt16.sys exists

deleting vdmt16.sys

vdmt16.sys has been deleted

 

vdmt24.sys exists

deleting vdmt24.sys

vdmt24.sys has been deleted

 

 

checking for other files

 

klogini.dll exists

deleting klogini.dll

klogini.dll has been deleted

 

klo5.sys exists

deleting klo5.sys

klo5.sys has been deleted

 

P2.INI exists

deleting P2.INI

P2.INI has been deleted

 

 

checking for a3d files

 

fltr.a3d

i.a3d

ps.a3d

redir.a3d

deleting a3d files

a3d files are deleted

 

 

--- Catchme logfile - thank you Gmer ---

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-02 20:57:39

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

C:\Documents and Settings\RAFAEL\Configurações locais\Dados de aplicativos\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{280F465D-B056-2734-296F-8DF417813506}1\10-{280F465D-B056-2734-296F-8DF417813506}-v1-{6973CD0D-29CD-4C0A-AE39-0AC12B8689F0}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\REYNALDO\Desktop\CALS4Z9H.:Zone.Identifier 26 bytes hidden from API

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 2

 

 

 

Finished

Share this post


Link to post
Share on other sites

thanks for the reply.

 

HAXFIX logfile - by Marckie

 

version 4.44

dom 03/06/2007 14:22:22,67

 

--- Checking for Haxdoor ---

 

checking for a3d files

a3d files not found

 

checking for matching notify keys

no matching notify keys found

 

checking for matching services

no matching services found

 

checking for matching safeboot services

no matching safeboot services found

 

checking for other Haxdoor-files

no other Haxdoor-files found

 

 

--- Checking for Goldun ---

 

checking for SSODL keys

no ssodl keys found

 

checking for notify keys

no notify keys found

 

checking for services

no services found

 

checking for other Goldun-files

no other Goldun-files found

 

checking iexplore.exe

iexplore.exe is not infected

 

 

--- Catchme logfile - thank you Gmer ---

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-03 14:22:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

C:\Documents and Settings\RAFAEL\Configurações locais\Dados de aplicativos\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{280F465D-B056-2734-296F-8DF417813506}1\10-{280F465D-B056-2734-296F-8DF417813506}-v1-{6973CD0D-29CD-4C0A-AE39-0AC12B8689F0}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\REYNALDO\Desktop\CALS4Z9H.:Zone.Identifier 26 bytes hidden from API

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 2

 

 

--- Analysing Catchme logfile ---

 

no matching regkeys found

 

 

Finished!

Share this post


Link to post
Share on other sites

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Share this post


Link to post
Share on other sites

ok its scanning...

I have two other user's account on this computer. But I'm the administrator. When I perform these scans does it scan the whole computer or just my account?

Have you ever seen a problem like this? do you really think its spyware or something like that?

thank you

Share this post


Link to post
Share on other sites

"RAFAEL" - 2007-06-03 15:15:47 Service Pack 2

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\RAFAEL\Desktop\Rafael's Documents\Videos\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))

 

 

2007-06-03 06:07 <DIR> d-------- C:\Arquivos de programas\Fake Webcam

2007-06-03 05:50 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL

2007-06-03 05:43 <DIR> d-------- C:\DOCUME~1\LOURDES\DADOSD~1\WinRAR

2007-06-02 18:41 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2007-06-02 02:37 <DIR> d-------- C:\DOCUME~1\LOURDES\DADOSD~1\DivX

2007-06-01 18:33 <DIR> d-------- C:\Documents and Settings\RAFAEL\DoctorWeb

2007-06-01 18:33 <DIR> d-------- C:\DOCUME~1\RAFAEL\DoctorWeb

2007-06-01 16:34 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-31 17:20 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe

2007-05-31 17:20 9,006 --a------ C:\clean.bat

2007-05-31 17:20 86,528 --a------ C:\WINDOWS\system32\catchme.exe

2007-05-31 17:20 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2007-05-29 21:21 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-05-29 20:58 <DIR> d-------- C:\DOCUME~1\RAFAEL\DADOSD~1\AntiSpyware

2007-05-29 20:07 <DIR> d-------- C:\DOCUME~1\RAFAEL\DADOSD~1\DivX

2007-05-29 01:52 720,896 --a------ C:\WINDOWS\iun6002.exe

2007-05-28 17:30 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-05-28 17:30 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-05-28 17:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-05-24 18:26 <DIR> d-------- C:\DOCUME~1\REYNALDO\DADOSD~1\WinRAR

2007-05-23 19:37 <DIR> d-------- C:\DOCUME~1\RAFAEL\DADOSD~1\WinRAR

2007-05-13 19:49 86,016 --a------ C:\WINDOWS\unvise32.exe

2007-05-13 19:48 <DIR> d-------- C:\Arquivos de programas\Longman iBT

2007-05-11 14:54 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-05-11 01:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-05-11 01:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-05-11 01:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-05-11 01:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll

2007-05-06 00:47 <DIR> d-------- C:\IDAPI

2007-05-04 13:53 <DIR> d-------- C:\DOCUME~1\REYNALDO\DADOSD~1\MEGAUPLOADTOOLBAR

2007-05-03 19:26 <DIR> d-------- C:\DOCUME~1\LOURDES\DADOSD~1\MEGAUPLOADTOOLBAR

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-01 02:07:57 -------- d--h--w C:\Arquivos de programas\WindowsUpdate

2007-05-28 20:32:08 -------- d-----w C:\Arquivos de programas\DivX

2007-05-19 18:29:22 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-05-19 18:21:46 -------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-04-23 00:15:25 36,624 -c----w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

2007-04-18 16:13:00 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 01:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 01:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 01:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 01:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 01:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 01:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 01:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 01:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll

2007-04-13 21:37:23 -------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-04-13 20:39:01 -------- d-----w C:\Arquivos de programas\iTunes

2007-04-13 20:38:30 -------- d-----w C:\Arquivos de programas\iPod

2007-04-13 20:33:34 -------- d-----w C:\Arquivos de programas\QuickTime

2007-04-13 20:29:03 -------- d-----w C:\Arquivos de programas\Apple Software Update

2007-04-13 01:07:49 -------- d-----w C:\Arquivos de programas\CCleaner

2007-03-17 13:44:49 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-08 15:36:54 578,048 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:36:54 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:36:54 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{C41A1C0E-EA6C-11D4-B1B8-444553540000}=C:\WINDOWS\Downloaded Program Files\gbieh.dll [2007-02-22 15:00]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2004-01-15 09:33 C:\WINDOWS\system32\VTTimer.exe]

"PCClient.exe"="C:\Arquivos de programas\Trend Micro\Internet Security\PCClient.exe" [2004-12-09 18:21]

"Cmaudio"="cmicnfg.cpl" []

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-23 10:58]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="C:\WINDOWS\Downloaded Program Files\gbieh.dll" [2007-02-22 15:00]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 11:13]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages scecli

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-03 06:00:01 C:\WINDOWS\tasks\AntiSpyware Scheduled Scan.job

2007-04-13 20:29:11 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

********************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-03 15:33:40

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

********************************************************************

 

Completion time: 2007-06-03 15:38:50

C:\ComboFix-quarantined-files.txt ... 2007-06-03 15:38

C:\ComboFix2.txt ... 2007-06-01 16:34

 

--- E O F ---

Share this post


Link to post
Share on other sites

Can I see a new hijackthis log and log from hoxfix option 1 on the other account?

Share this post


Link to post
Share on other sites

I have a total of 3 accounts on this computer.

One is the one that i was running all the programs like haxfix, etc. That account has the problems which i mentioned.

Below are is the hijackthis logs from the other 2 accounts.

 

Logfile of HijackThis v1.99.1

Scan saved at 16:05:30, on 3/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4085

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4085

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Arquivos de programas\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe

O4 - HKCU\..\Run: [sais] c:\arquivos de programas\180solutions\sais.exe

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\svchost.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Arquivos de programas\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\tmproxy.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 4:17:40 PM, on 6/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\REYNALDO\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4085

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4085

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.usp.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Arquivos de programas\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sais] c:\arquivos de programas\180solutions\sais.exe

O4 - HKCU\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\svchost.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Arquivos de programas\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\tmproxy.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe

Share this post


Link to post
Share on other sites

One account at the time, so do this on the first log you mentioned here above:

 

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Share this post


Link to post
Share on other sites

I installed SDFix.exe on my computer. when i started in safe mode i couldn't access the other user's accounts i think its because they are just limited accounts. So when i started in safe mode the only option i could click on was my account (which is the administratior). I ran SDFix and i think it scanned the whole computer and below is the log file and a new hijackthis log file.

thank you

 

 

SDFix: Version 1.85

 

Run by RAFAEL - dom 03/06/2007 - 20:33:03,56

 

Microsoft Windows XP [versÆo 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing Security Center Service

Restoring Missing SharedAccess Service

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\ktd32.atm - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Checking For Files with Hidden Attributes:

 

C:\Documents and Settings\REYNALDO\Configura‡äes locais\Temp\_Setup.dll

C:\Documents and Settings\REYNALDO\Configura‡äes locais\Temp\_Setupx.dll

C:\WINDOWS\system32\Tools\All.exe

C:\WINDOWS\system32\Tools\Change.exe

C:\WINDOWS\system32\Tools\CheckPath.exe

C:\WINDOWS\system32\Tools\Counter.exe

C:\WINDOWS\system32\Tools\DelFolders.exe

C:\WINDOWS\system32\Tools\DirectSetup.exe

C:\WINDOWS\system32\Tools\RegClean.exe

C:\WINDOWS\system32\Tools\Regexe.exe

C:\WINDOWS\system32\Tools\RunRegexe.exe

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL0003.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL0004.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL0005.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL0006.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL0802.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL1050.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL1697.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL2017.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL2303.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL3033.tmp

C:\Documents and Settings\RAFAEL\Dados de aplicativos\Microsoft\Word\~WRL3993.tmp

C:\Documents and Settings\RAFAEL\Desktop\~WRL2228.tmp

C:\Documents and Settings\REYNALDO\Dados de aplicativos\Microsoft\Word\~WRL2139.tmp

C:\Documents and Settings\REYNALDO\Dados de aplicativos\Microsoft\Word\~WRL2802.tmp

C:\Documents and Settings\REYNALDO\Dados de aplicativos\Microsoft\Word\~WRL2851.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL0002.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL0004.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL0005.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL0078.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL0392.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL0981.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL1124.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL2182.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL2334.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL2820.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL2869.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL3108.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL3196.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL3199.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL3213.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL3489.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL3746.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL3829.tmp

C:\Documents and Settings\REYNALDO\Desktop\~WRL3871.tmp

C:\WINDOWS\system32\config\default.tmp.LOG

C:\WINDOWS\system32\config\software.tmp.LOG

C:\WINDOWS\system32\config\system.tmp.LOG

 

Finished

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:00:41, on 3/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe

C:\Arquivos de programas\Trend Micro\Internet Security\PccPfw.exe

C:\Arquivos de programas\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\RAFAEL\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Arquivos de programas\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Viewpoint Search - res://C:\Arquivos de programas\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Arquivos de programas\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\tmproxy.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe

Share this post


Link to post
Share on other sites

this is the log made on the account that has the problems. the other two accounts i couldnt access when i started windows in safe mode, they were not available.

Share this post


Link to post
Share on other sites

you don't have the passwords or what? what message do you get when you try to get in that account.

Share this post


Link to post
Share on other sites

no it just doesn't show the other two accounts on safe mode..

when i restarted in safe mode the only accounts that showed was administrator and my account.

Share this post


Link to post
Share on other sites

Can you post me a new hijackthis log made in normal mode from the other account?

Share this post


Link to post
Share on other sites

besides my account there are other 2 accounts on this computer but they are "limited accounts"

when i started a hijackthis scan on each accout this error message showed up. below is the attatchment of the error message. but i continued the scan and below are the hijackthis logs of the 2 other limited accounts.

 

Logfile of HijackThis v1.99.1

Scan saved at 12:43:17, on 4/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\LOURDES\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4085

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4085

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\svchost.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Arquivos de programas\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\tmproxy.exe (file missing)

 

---------------------------------------------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 12:47:15 PM, on 6/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\REYNALDO\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4085

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4085

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.usp.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\svchost.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Arquivos de programas\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\tmproxy.exe (file missing)

post-65-1181234566.gif

Edited by LS CalamityJane
resized screenshot as a gif rather than a bmp

Share this post


Link to post
Share on other sites

* Please open hijackthis and put a check next to the following:

 

O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\svchost.exe

 

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

 

* Please also do this on the other account and reboot your system and tell me how everything is working.

Share this post


Link to post
Share on other sites

i did the fix on the other 2 accounts and everything is working good. But on my account the problems are still the same.

i read on the internet something about these hosts files...think it can be something related to that?

thanks

Share this post


Link to post
Share on other sites

Hmm can I see again a last hijackthis log from the account with problems?

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 13:32:01, on 4/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Trend Micro\Internet Security\PccPfw.exe

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\RAFAEL\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Arquivos de programas\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\tmproxy.exe (file missing)

Share this post


Link to post
Share on other sites

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

 

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

 

There are basically two types of these programs:

On-Access and On-Demand

 

On-Access Scanners

As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

 

On-Demand Scanners

As the name implies, are scanners that only run when you ask them to.

Such as:

Online Scans and scanners that run on your machine but are not actively scanning your machine.

 

After that, post a new hijackthis log here and tell me how everything is working.

Share this post


Link to post
Share on other sites
Sign in to follow this