PDA

View Full Version : viruses or spywares or both ??

Zuma
10 Jul 2005, 4:35pm
ok i'm getting popup's .. my pc freezes without warning .. and my contacts in msn keep getting links from me .. help ?? thank u all in advance !!

this is my log:

Logfile of HijackThis v1.99.1
Scan saved at 12:07:48, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\NetScreen\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\LingoCom\Lingoware.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\jawa32.exe
C:\Arquivos de programas\ICQLite\ICQLite.exe
C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe
C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe
C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
C:\Arquivos de programas\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
C:\Arquivos de programas\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\iisvers.exe
C:\WINDOWS\system32\xmconfig.exe
c:\windows\system32\palsp.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe
C:\Arquivos de programas\Netropa\InetKb\Inetkb.exe
C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
C:\Arquivos de programas\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Arquivos de programas\Talking Time Keeper\TalkingTimeKeeper.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Arquivos de programas\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\home\bubl.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Documents and Settings\home\bubl.exe
C:\Documents and Settings\home\bubl.exe
C:\WINDOWS\system32\palsp.exe
C:\WINDOWS\system32\palsp.exe
C:\Arquivos de programas\Hotbar\Bin\4.6.1.0\HbSrv.exe
C:\Documents and Settings\home\bubl.exe
C:\Documents and Settings\home\fhhy.exe
C:\Documents and Settings\home\bubl.exe
C:\Documents and Settings\home\fhhy.exe
C:\Documents and Settings\home\Meus documentos\Meus arquivos recebidos\hijackthis_199\HijackThis.exe
C:\ARQUIV~1\Netropa\InetKb\ikbupd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tlnohpkgzvvznpcrqovxf.com/MXCMi2DdzvZ/2EXv6LFPnN9WggagEr2pt214pVrKufdH0i9Psy8eYb7D4D02SkzM.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dani-tati.myflog.com.br/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.windowenhancer.com/nph-search.cgi?affid=sesm1&look=stmpl1&sstring=
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\system32\wsrchc3.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Arquivos de programas\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Arquivos de programas\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll
O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Arquivos de programas\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Arquivos de programas\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Arquivos de programas\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Arquivos de programas\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [slmss] C:\Arquivos de programas\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [startl.exe] "C:\Arquivos de programas\LingoCom\startl.exe" ###
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [IST Service] C:\Arquivos de programas\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [IEXPLO~1] c:\windows\system32\iexplo~1.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [qtrz] C:\WINDOWS\Xrywdj.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [peyus] C:\WINDOWS\pkdz.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Arquivos de programas\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Hotbar] C:\Arquivos de programas\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Arquivos de programas\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [rwzokflg] C:\WINDOWS\system32\ilbdtxbt.exe
O4 - HKLM\..\Run: [7gv3gW48f] C:\WINDOWS\lttqn.exe
O4 - HKLM\..\Run: [7gvùõš/‚²‘ÆßfÏNb‰»C:\Arquivos de programas\ISTsvc\istsvc.exe] C:\WINDOWS\lttqn.exe
O4 - HKLM\..\Run: [Á³# {"h'þ9ÓœÇ3rÅ WC:\Arquivos de programas\ISTsvc\istsvc.exe] C:\WINDOWS\lttqn.exe
O4 - HKLM\..\Run: [wxdxoda] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [ctxsvc] C:\WINDOWS\system32\ctxsvc.exe
O4 - HKLM\..\Run: [stratas] xmconfig.exe
O4 - HKLM\..\Run: [Boarddata] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [IEXPLO~1] c:\windows\system32\iexplo~1.exe
O4 - HKLM\..\RunServices: [stratas] xmconfig.exe
O4 - HKLM\..\RunOnce: [startl.exe] "C:\Arquivos de programas\LingoCom\startl.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DELETE ME] worm.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [stratas] xmconfig.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Arquivos de programas\ICQLite\ICQLite.exe -trayboot
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: TTK.lnk = C:\Arquivos de programas\Talking Time Keeper\TalkingTimeKeeper.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Arquivos de programas\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Arquivos de programas\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm077
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Arquivos de programas\LingoCom\Translator.lnk
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Arquivos de programas\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Arquivos de programas\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca287d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {718F4390-AF44-420C-9BC1-E2938E002D59} (IMGproj.UserControl1) - http://www.mypage.com.br/Myflog/Gerencia/Objeto/IMGproj.CAB
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E0A10ED-45DF-4DFC-ABD3-5FB93BEAE925}: NameServer = 200.165.132.148 200.149.55.140
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll
O20 - AppInit_DLLs: C:\WINDOWS\NMSOCKNT.DLL C:\WINDOWS\NMSOCKNT.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Arquivos de programas\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Arquivos de programas\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Buckeye_Sam
10 Jul 2005, 9:02pm
You have a variety of malware in your log. Let's get a little more information.


Run Hijackthis. Click on "Open the Misc Tools section". Next click on "Open uninstall manager".
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your in your next post.


===========


Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.


cd\
cd Arquivos de programas
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit


Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.
Zuma
11 Jul 2005, 4:14am
Many thanks man..

I did what you told me to do. This is the first content:

Adobe Acrobat 5.0
Agere Systems PCI Soft Modem
AnchorTag
Atualização de Segurança para Windows XP (KB883939)
Atualização de Segurança para Windows XP (KB890046)
Atualização de Segurança para Windows XP (KB896358)
Atualização de Segurança para Windows XP (KB896422)
Atualização de Segurança para Windows XP (KB896428)
Atualização para Windows XP (KB898461)
AVG Anti-Vírus 7.0
Barra de Ferramentas MSN
Canon Creative 3
Canon WebRecord
ColorDesk Photo
ColorNick v2 plugin for Messenger Plus!
ColorStore
CreataCard Special Edition - Canon 2
Creative WebCam Control
Creative WebCam Manual (English)
Creative WebCam Monitor
Design Essentials
Discador Globo.com
HijackThis 1.99.1
Hotbar Outlook Tools
Hotbar Web Tools
ICQ Toolbar
ICQ 5
Image Transfer
ImageMixer for Sony
Internet Keyboard
Internet Utilities 97
ISTsvc
Kazaa.com.br 2005
LimeWire
LingoWare
LiveUpdate 1.90 (Symantec Corporation)
Messenger Plus! 3
Microsoft Data Access Components KB870669
Microsoft Office XP Professional com FrontPage
MicroStaff WINASPI
Minha Edicao Personalizada do Ulead Photo Express 4.0
mIRC
Mozilla Firefox (1.0PR)
MSN Messenger 7.0
My Web Search (Popular Screensavers)
Nero - Burning Rom
NetScreen Remote Login
NetScreen-Remote
NVIDIA Display Driver
Picasa 2
PowerDVD
QWS3270 PLUS version 3.5.1
Saint Paint Studio
Shizmoo Web Games (ICQ)
Shopper Reports by Hotbar
Skype™ 1.0
Software HP PrecisionScan LT
Sony USB Driver
Soulseek Client 154 test 1
Sound Blaster Live!
StuffPlug-NG (Messenger Plus! Plugins)
Support Software
Talking Time Keeper
TrueType Font Installer
WCS Client
Winad Client
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
XXXToolbar

============================================

and this is the second one:

Adobe
Ahead
AnchorTag
Arquivos comuns
Bargain Buddy
ClearSearch
ClipGenie
Common Files
ComPlus Applications
Creative
CyberLink
DashBar
Discador Globo.com
DownloadWare
EARN
FunWebProducts
Grisoft
hbinst
Hotbar
ICQLite
ICQToolbar
InstallShield Installation Information
Internet Explorer
ISTbar
ISTsvc
K-Lite
Kazaa.com.BR
LimeWire
LingoCom
Messenger
Messenger Plus! 3
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Movie Maker
Mozilla Firefox
MSN
MSN Apps
MSN Gaming Zone
MSN Messenger
MyWebSearch
NetMeeting
Netropa
NetScreen
Norton SystemWorks
Outlook Express
Picasa2
PIXELA
QWS3270 PLUS
Saint Paint
scbar
Servi‡os on-line
shizmoo
ShopperReports
Skype
Sony Corporation
Soulseek
STC
Support Software
Symantec
SysAI
Talking Time Keeper
TV Media
Ubi Soft
Ulead Systems
Uninstall Information
VBouncer
WCS Client
Winamp
Windows Media Player
Windows NT
WindowsUpdate
xerox
Zero G Registry
Zone Labs
Buckeye_Sam
11 Jul 2005, 9:17pm
Excellent! That's what I needed to see.


Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Hotbar Outlook Tools
Hotbar Web Tools
ISTsvc
Messenger Plus! 3
My Web Search (Popular Screensavers)
Shopper Reports by Hotbar
Winad Client
XXXToolbar




Please delete these folders, if found.

C:\Arquivos de programas\Bargain Buddy
C:\Arquivos de programas\ClearSearch
C:\Arquivos de programas\DashBar
C:\Arquivos de programas\DownloadWare
C:\Arquivos de programas\FunWebProducts
C:\Arquivos de programas\Hotbar
C:\Arquivos de programas\ISTbar
C:\Arquivos de programas\ISTsvc
C:\Arquivos de programas\Messenger Plus! 3
C:\Arquivos de programas\MyWebSearch
C:\Arquivos de programas\ShopperReports
C:\Arquivos de programas\TV Media
C:\Arquivos de programas\VBouncer



Please follow these instructions to run Adware.

Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

Download Ad-Aware SE Personal 1.06:

Download Ad-Aware SE Personal 1.05 (http://www.majorgeeks.com/download506.html).
Save aawsepersonal.exe to a convenient location.

Install Ad-Aware SE Personal 1.06:

Double-click on aawsepersonal.exe to install the program.
Follow the default settings for installation.
After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.

Update Ad-Aware SE Personal 1.06:

Double-click the Ad-Aware SE Personal icon on your desktop.
Click "Check for updates now" then click "Connect".
It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".

Configure Ad-Aware SE Personal 1.06:

Click on the Gear button at the top of the window.
Click "General" on the left hand side to display the General Settings box.

Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

"Automatically save logfile"
"Automatically quarantine objects prior to removal"
"Safe Mode (always request confirmation)"
"Prompt to update outdated definitions" - change to 7 days from the default 14.


Click "Scanning" on the left hand side to display the Scan Settings box.

Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

"Scan within archives"
"Select drives & folders to scan" - select your hard drive(s).
"Scan active processes"
"Scan registry"
"Deep-scan registry"
"Scan my IE favorites for banned URLs"
"Scan my Hosts file"


Click "Advanced" on the left hand side to display the Advanced Settings box.

Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

"Move deleted files to Recycle Bin"
"Include additional object information"
"Include negligible objects information"
"Include environment information"


Click "Defaults" on the left hand side to display the Default Settings box.

Make sure these items have your preferred settings in them.:

"Default homepage"
"Default searchpage"


Click "Tweak" on the left hand side to display the Tweak Settings box.

Click the + (plus) sign next to the Log Files section. This will expand the section.
Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

"Include basic Ad-Aware settings in log file"
"Include additional Ad-Aware settings in log file"
"Include reference summary in log file"
"Include alternate data stream details in log file"

Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

"Unload recognized processes & modules during scan"
"Scan registry for all users instead of current user only"
"Obtain command line of scanned processes"

Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:

"Always try to unload modules before deletion"
"During removal, unload Explorer and IE if necessary"
"Let Windows remove files in use at next reboot"
"Delete quarantined objects after restoring"


Once you are done with these settings, click "Proceed" to save them.
This will take you back to the main screen.

Run Ad-Aware SE Personal 1.05:

Click the "Start" button.
Uncheck the "Search for negligible risk entries" entry.
Choose the "Use custom scanning options" scan mode.
Click the "Next" button.
Ad-Aware will begin to scan for malware residing on your computer.
Allow the scan to finish.
Right-click on any entry in the list and click "Select All" to select the whole list.
Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.




Reboot and post a new hijackthis log and we'll see what's left.