1,105,375 Community Members

IE opening by itself

Member Avatar
bernardo-b
Newbie Poster
10 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hello
Yesterday I downloaded this: Infected Executable File Removed.

My Panda antivirus didn't see anything wrong with it, but it is some sort of spyware or trojan. Since I ran it last night, my IE opens up sometimes with an IQ test page '=)
Today I ran a quick scan with Windows Defender and it found a Win32/Renos.MQ (more info here -> http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=TrojanDownloader:Win32/Renos.MQ&threatid=152583)
It gave me the option to remove it, so I did. It took several minutes... And, how lovely, while it was doing it, my antivirus said "Virus neutralized!" and when I checked it, xxxxxxxx which was INSIDE Windows Defender's LocalCopy folder - I assume Panda just got in the way of Defender's task.
After it finished, the dangerous file that Defender wanted to send to Microsoft was dangerous link removed
Now I ran another quick scan on Defender and it didn't find anything. Still, I would like to double check. I remember using Hijack This a few years ago and all... Does anybody have any suggestions? I arrived in this forum through this topic, very relevant to my problem -> http://www.daniweb.com/forums/thread84164.html

Thanks a lot for your attention!

Member Avatar
bernardo-b
Newbie Poster
10 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Oh, no. I have news. The trojan, or whatever it is, is not gone. IE just opened up on a page called KizMe.

Member Avatar
bernardo-b
Newbie Poster
10 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Sorry, I don't mean to be bumping this up... I think it's not possible to edit an existing post, unless I missed something... Anyway, my antivirus is now detecting JS/Agent.NRU in a file called in[1].htm. The file is inside IE's Temporary Internet Files folder, and it's trying to open itself on Google Chrome (my default browser). The antivirus says it was not possible to disinfect it, and directs me to this page for instructions -> unauthorized link removed
The instructions are in Portuguese though... Not that I don't understand it ;-) But I just wanted to share... They must have it in English too, I'm sure.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

You really need to begin clean up by following the instructions on our Read Me Sticky and then copy/paste the requested logs right back here.

Member Avatar
bernardo-b
Newbie Poster
10 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hey, thanks!
I couldn't get GMER Two.log '=/ I left it alone doing its thing, went for lunch, did the dishes... when I came back I had a blue screen complaing about kxlyikog.sys
But here are the others (and thanks again!):

-MalwareBytes’ Anti-Malware log-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/07/2010 21:44:03
mbam-log-2010-07-28 (21-44-03).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 348218
Time elapsed: 4 hour(s), 52 minute(s), 54 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:\Users\bernardo\AppData\Local\Temp\Tnh.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\bernardo\AppData\Local\Temp\Tng.exe (Trojan.Downloader) -> Failed to unload process.

Memory Modules Infected:
C:\Users\bernardo\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\5DR8ZAD8GX (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5dr8zad8gx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\bernardo\AppData\Local\Temp\Tnh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\bernardo\AppData\Local\Temp\Tng.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\bernardo\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Users\bernardo\AppData\Local\Temp\Tnf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Setup\SCRIPTS\Install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Bernardo\Downloads\Adobe CS4 Activation Patch\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Bernardo\Downloads\Adobe.CS4.Master.Collection.Keygen.Only\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

-GMER One
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-28 14:22:12
Windows 6.1.7600
Running: uoc0xb1w.exe; Driver: C:\Users\bernardo\AppData\Local\Temp\kxlyikog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

-DDS.txt-

DDS (Ver_10-03-17.01) - NTFSx86
Run by bernardo at 21:50:25,89 on 28/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1033.18.2046.1164 [GMT -3:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\astsrv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\bernardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\bernardo\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = https://internetbanking.caixa.gov.br/SIIBC/index.processa
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared

\windows live\WindowsLiveLogin.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\program files\gbplugin\gbiehcef.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\bernardo\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [Cyberlink.exe] c:\users\bernardo\appdata\Cyberlink.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\bernardo\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bernardo\appdata\roaming\dropbox\bin

\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Baixar com o Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\program files\free download manager\dlselected.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GbPluginCef - c:\program files\gbplugin\gbiehCef.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bernardo\appdata\roaming\mozilla\firefox\profiles\d29rhzhf.default\
FF - prefs.js: browser.startup.homepage -
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\bernardo\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\bernardo\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\bernardo\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\bernardo\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-12-10 30504]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 125960]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2009-12-10 53800]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 99336]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111112]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 111176]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 93848]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-27 233472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BazisVirtualCD;Virtual CD driver;c:\windows\system32\drivers\BazisVirtualCD.sys [2009-6-20 61080]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 VirtDiskBus;Virtual disk Enumerator;c:\windows\system32\drivers\VirtDiskBus.sys [2009-6-20 63640]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-8 1343400]

=============== Created Last 30 ================

2010-07-28 18:17:02 0 d-----w- c:\users\bernardo\appdata\roaming\Malwarebytes
2010-07-28 18:16:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 18:16:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 18:16:10 0 d-----w- c:\programdata\Malwarebytes
2010-07-28 18:16:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 17:20:47 93056 ----a-w- C:\kxlyikog.sys
2010-07-28 01:57:48 0 d-----w- c:\users\bernardo\appdata\roaming\DigiCel
2010-07-26 20:01:17 0 d-----w- C:\Bernardo
2010-07-17 23:01:40 0 d-----w- c:\program files\URUSoft

==================== Find3M ====================

2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 17:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-08-19 19:47:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2009-08-19 19:47:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2009-08-19 19:47:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2009-08-19 19:47:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-08-19 18:31:41 39446 ----a-w- c:\windows\inf\perflib\0419\perfd.dat
2009-08-19 18:31:41 39446 ----a-w- c:\windows\inf\perflib\0419\perfc.dat
2009-08-19 18:31:41 336704 ----a-w- c:\windows\inf\perflib\0419\perfi.dat
2009-08-19 18:31:41 336704 ----a-w- c:\windows\inf\perflib\0419\perfh.dat
2009-08-19 18:25:23 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2009-08-19 18:25:23 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2009-08-19 18:25:23 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2009-08-19 18:25:23 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2009-08-19 18:19:37 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat
2009-08-19 18:19:37 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat
2009-08-19 18:19:37 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat
2009-08-19 18:19:37 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat
2009-08-19 18:14:15 37534 ----a-w- c:\windows\inf\perflib\0410\perfd.dat
2009-08-19 18:14:15 37534 ----a-w- c:\windows\inf\perflib\0410\perfc.dat
2009-08-19 18:14:15 335478 ----a-w- c:\windows\inf\perflib\0410\perfi.dat
2009-08-19 18:14:15 335478 ----a-w- c:\windows\inf\perflib\0410\perfh.dat
2009-08-19 18:08:30 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2009-08-19 18:08:30 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2009-08-19 18:08:30 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2009-08-19 18:08:30 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2009-08-19 18:02:49 38258 ----a-w- c:\windows\inf\perflib\040b\perfd.dat
2009-08-19 18:02:49 38258 ----a-w- c:\windows\inf\perflib\040b\perfc.dat
2009-08-19 18:02:49 279790 ----a-w- c:\windows\inf\perflib\040b\perfi.dat
2009-08-19 18:02:49 279790 ----a-w- c:\windows\inf\perflib\040b\perfh.dat
2009-08-19 17:57:50 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2009-08-19 17:57:50 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2009-08-19 17:57:50 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2009-08-19 17:57:50 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2009-08-19 17:52:05 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2009-08-19 17:52:05 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2009-08-19 17:52:05 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2009-08-19 17:52:05 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2009-08-19 17:46:48 39236 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2009-08-19 17:46:48 39236 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2009-08-19 17:46:48 306636 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2009-08-19 17:46:48 306636 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 18:13:51 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-24 20:31:05 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c

\WinMail.exe

============= FINISH: 21:55:06,39 ===============

-Attach.txt-

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 19/11/2009 22:13:17
System Uptime: 28/07/2010 21:45:33 (0 hours ago)

Motherboard: TOSHIBA | | ISKAA
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 18,765 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 16,359 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP197: 25/07/2010 00:00:06 - Scheduled Checkpoint
RP198: 27/07/2010 10:20:48 - Windows Update
RP200: 28/07/2010 11:06:58 - Windows Defender Checkpoint

==== Installed Programs ======================

7-Zip 4.65
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dreamweaver CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.7
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
AnyToISO
Apple Software Update
Ares 2.1.5
Assistant de connexion Windows Live
AviSynth 2.5
BrOffice.org 3.1
CDBurnerXP
Celtx (2.7)
Connect
D-Book 5.2.3
Dropbox
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
Facebook Plug-In
FileZilla Client 3.3.2.1
Foxit Reader
Free Download Manager 3.0
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Installation Windows Live
Java Auto Updater
Java(TM) 6 Update 20
kuler
Last.fm 1.5.4.24567
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.4)
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.0.3)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Notepad++
NSS (remove only)
Opera 10.60
Outil de téléchargement Windows Live
Oxin's Style! 3D GayVilla 2
Panda Cloud Antivirus
PC Connectivity Solution
PDF Settings CS4
PhotoRescue Advanced PC 2.1.700
Photoshop Camera Raw
Picasa 3
Poedit
QuickTime
Real Alternative 1.7.5
Realtek High Definition Audio Driver
Seagate Manager Installer
SeaTools for Windows
Sid Meier's Civilization 4
SimCity 4 Deluxe
Skype Toolbars
Skype™ 4.2
Subtitle Workshop 2.51
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Sims™ 3
The Sims™ 3 Ambições
The Sims™ 3 Vida em Alto Estilo Coleção de Objetos
The Sims™ 3 Volta ao Mundo
TIPCI
VLC media player 1.1.1
Winamp
Winamp: Detectar Aplicação
WinCDEmu
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger

==== Event Viewer Messages From Past Week ========

28/07/2010 21:45:51, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
28/07/2010 21:45:51, Error: atikmdag [43029] - Display is not active
28/07/2010 15:10:52, Error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.
28/07/2010 15:09:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The

bugcheck was: 0x00000050 (0xc966f00b, 0x00000000, 0x9d3def60, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id:

072810-23727-01.
28/07/2010 12:59:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
28/07/2010 10:35:21, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-

800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
26/07/2010 22:56:54, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following

error: Access is denied.
24/07/2010 17:01:21, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not

grow due to a user imposed limit.
23/07/2010 10:00:47, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a

transaction response from the WSearch service.
23/07/2010 10:00:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a

transaction response from the LanmanServer service.

==== End Of File ===========================

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Did you run the Microsoft® Windows® Malicious Software Removal Tool ?
If not please do so.
Then do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.

Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us

Member Avatar
bernardo-b
Newbie Poster
10 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Jools Holland '=)
Yes, I had run Microsoft's tool as instructed. I ran ESET now as instructed, my Panda and Windows Defender both turned off, but I didn't find a log file! '=/ The folders I have are C:\Program Files\ESET\ESET Online Scanner and inside there is only OnlineScanner.ocx and OnlineScannerUninstaller.exe

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Did you actually SEE it running, completely?

Member Avatar
bernardo-b
Newbie Poster
10 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Yes, I checked "remove found threats" and "scan unwanted applications"
It took some two hours to scan and it found 2 threats. I had the option to remove them, and I did it, but I don't think it removed anything... The screen after that was one where I chose to purchase it or try it... and that's all there was

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Hmmm, never had a screen to ask me to buy it before. Do this scan then:
http://housecall.trendmicro.com/

Member Avatar
bernardo-b
Newbie Poster
10 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hello
HouseCall's full scan found two threats (troj java.az and troj bytever.bo) and fixed them. I found no way to get it to produce a log though. Perhaps I should redo one of the previous scans and post the new log here? What do you think?
Thanks again '=)

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Please update MBA-M and do a new Full Scan with it. Then install HiJackThis and do a system scan and save the log.
Post back here with both logs.

Member Avatar
bernardo-b
Newbie Poster
10 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Heya
Here are the logs


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4371

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31/07/2010 01:39:52
mbam-log-2010-07-31 (01-39-52).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 345057
Time elapsed: 5 hour(s), 30 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


-------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:11:32, on 31/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\bernardo\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Users\bernardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernardo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\bernardo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://internetbanking.caixa.gov.br/SIIBC/index.processa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -

launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\bernardo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Cyberlink.exe] C:\Users\bernardo\AppData\Cyberlink.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = bernardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files\Free Download Manager

\dlselected.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync

\FreeAgentService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--
End of file - 7537 bytes

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: