Can anyone please help me with this trojan? whenever I start my computer, a window from NOD32 pops up and says that tuvsrqo.ddl is infected with "win32/genetik trojan". Thanks!

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Ok, here it goes the log: Logfile of HijackThis v1.99.1 Scan saved at 16:58:31, on 7/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Looknstop\looknstop.exe C:\Program Files\GhostSecuritySuite\gss.exe C:\Program Files\GhostSecuritySuite\gss.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\MNSFramework.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ldabprum.dll",setvm O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [GhostSecuritySuite] "C:\Program Files\GhostSecuritySuite\gss.exe" -minimize O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... O17 - HKLM\System\CCS\Services\Tcpip\..\{B06401EE-8190-40CA-87CA-7F603193BCD8}: NameServer = 200.138.142.2,200.138.142.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 (file missing) O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Please download SDFix by AndyManchesta and save it to your desktop. Please then reboot your computer in Safe Mode by doing the following: Restart your computer. After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually. Instead of Windows loading as normal, a menu with options should appear. Select the first option, to run Windows in "Safe Mode", then press "Enter". Choose your usual account. Once in Safe Mode, please do the following: In Safe Mode, right-click the SDFix.zip folder and choose Extract All. Open the extracted folder and double-click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt Post a new Hijack this log please.

Ok, first the SDFix log: SDFix: Version 1.69 Run by Pedro Mena Gomes - qui 08/03/2007 @ 17:22:03,82 Microsoft Windows XP [VersÆo 5.1.2600] Running From: C:\Documents and Settings\Pedro Mena Gomes\Desktop\SDFix Safe Mode: Checking Services: Name: Client IP-IPX Path: "C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 Client IP-IPX Deleted Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found... ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" Remaining Files: --------------- Checking For Files with Hidden Attributes : C:\Documents and Settings\Pedro Mena Gomes\Application Data\msdocx42.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\aigebwey.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\cjnfejvd.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\hixrvkqi.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\mqgfssfb.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\ovevowja.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\qxkanane.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\saomcfct.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\tohdhoao.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\wgyribcs.dll C:\WINDOWS\system32\vtsqn.dll C:\Documents and Settings\Pedro Mena Gomes\Local Settings\Temp\gxldqptv.exe C:\My Documents\Megafoco\Consultoria\Em andamento\Martin Travel - Cargos e Fun‡äes\Cargos e Fun‡äes\VersÆo Regimento Interno\~WRL3907.tmp C:\My Documents\OIC\Reuniäes\~WRL1357.tmp C:\My Documents\OIC\Reuniäes\~WRL1445.tmp C:\My Documents\OIC\Reuniäes\~WRL2174.tmp Add/Remove Programs List: AVG Anti-Spyware 7.5 Conexant HD Audio Soft Data Fax Modem with SmartCP DivX 5.0.2 Bundle FlexWallet (Desktop Edition) Ghost Security Suite HijackThis 1.99.1 Hijackthis 1.99.1 HP Imaging Device Functions 6.0 HP Photosmart Premier Software 6.0 Windows XP Media Center Edition 2005 KB888316 Windows XP Media Center Edition 2005 KB890629 Windows XP Media Center Edition 2005 KB895678 Update Rollup 2 for Windows XP Media Center Edition 2005 Windows XP Media Center Edition 2005 KB908250 K-Lite Codec Pack 2.79 Standard Look 'n' Stop 2.05p2 Microsoft Money 2007 Home & Business Mozilla Firefox (2.0.0.2) NOD32 antivirus system NVIDIA Drivers Intel(R) PRO Network Connections Drivers Skype 3.0 Synaptics Pointing Device Driver Skype add-on for IE Windows Media Connect Sonic Data Module Microsoft .NET Framework 1.1 Portuguese Language Pack CP_CalendarTemplates1 Sonic MyDVD Plus CP_Package_Variety2 Destinations SkinsHP1 Sonic Update Manager J2SE Runtime Environment 5.0 Update 6 HP Quick Launch Buttons 6.10 A2 Unload OptionalContentQFolder HP Pavilion Webcam Skype Plugin Manager NetWaiting RandMap BufferChm HP Wireless Assistant 2.00 G2 HP QuickPlay 2.3 CP_Panorama1Config cp_LightScribeConfig CP_Package_Variety1 SonicAC3Encoder FullDPAppQFolder cp_PosterPrintConfig Microsoft Money Shared Libraries Sonic Express Labeler Macromedia Flash Player 8 LightScribe 1.4.97.1 Microsoft Works CP_Package_Basic1 Sony Ericsson PC Suite Sonic_PrimoSDK cp_UpdateProjectsConfig Macromedia Shockwave Player PhotoGallery Microsoft Office Professional Edition 2003 Microsoft Project Professional 2002 O comando ECHO est desactivado. CueTour HP Help and Support DeviceManagementQFolder Sonic Audio Module Adobe Reader 7.0.5 - Portuguˆs CP_AtenaShokunin1Config Sonic Copy Module SonicMPEGEncoder CP_Package_Variety3 HP Update cp_OnlineProjectsConfig HP User Guides 0035 Mobile Net Switch HpSdpAppCoreApp NOD32 FiX InstantShareDevices Localization Pack for Microsoft Windows XP Media Center Edition Finished And now the HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 17:36:18, on 8/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\MNSFramework.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Looknstop\looknstop.exe C:\Program Files\GhostSecuritySuite\gss.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\GhostSecuritySuite\gss.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ldabprum.dll",setvm O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [GhostSecuritySuite] "C:\Program Files\GhostSecuritySuite\gss.exe" -minimize O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... O17 - HKLM\System\CCS\Services\Tcpip\..\{B06401EE-8190-40CA-87CA-7F603193BCD8}: NameServer = 200.138.142.2,200.138.142.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Running the NOD32 on the system says that i still have the problem: probably a variant of Win32/Genetik trojan found in operating memory. System memory infection originated from file C:\WINDOWS\system32\tuvsrqo.dll.

Go to this link, http://virusscan.jotti.org/ and use the "browse" button to locate these files, one at the time C:\WINDOWS\system32\ldabprum.dll C:\WINDOWS\system32\tuvsrqo.dll then double click the file to enter it into the "upload and scan box", click submit then post the results. Please download Comboscan from this link: Comboscan Close all applications and windows. Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt. Please attach Supplementary.txt to your post. Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

First the scan results from the files: Scan result from file ldabprum.dll: Scan taken on 09 Mar 2007 13:27:30 (GMT) AntiVir : Found ADSPY/Virtumonde.HB.1 ArcaVir : Found nothing Avast : Found nothing AVG Antivirus : Found Generic.VSL BitDefender : Found nothing ClamAV : Found nothing Dr.Web : Found Trojan.Virtumod F-Prot Antivirus : Found nothing F-Secure Anti-Virus : Found not-a-virus:AdWare.Win32.Virtumonde.hb (4, 1, 400) Fortinet : Found nothing Kaspersky Anti-Virus : Found not-a-virus:AdWare.Win32.Virtumonde.hb NOD32 : Found nothing Norman Virus Control : Found W32/Virtumonde.FGA Panda Antivirus : Found nothing VirusBuster : Found Adware.Virtumonde.BM VBA32 : Found nothing Scan result from file tuvsrqo.dll: Scan taken on 09 Mar 2007 13:29:26 (GMT) AntiVir : Found TR/Crypt.ULPM.Gen ArcaVir : Found Adware.Virtumonde.Ha Avast : Found nothing AVG Antivirus : Found Generic.VMT BitDefender : Found MemScan:Adware.VirtuMonde.DY ClamAV : Found Trojan.Vundo-187 Dr.Web : Found Trojan.Virtumod F-Prot Antivirus : Found nothing F-Secure Anti-Virus : Found not-a-virus:AdWare.Win32.Virtumonde.ha (4, 1, 400) Fortinet : Found Adware/VirtuMonde Kaspersky Anti-Virus : Found not-a-virus:AdWare.Win32.Virtumonde.ha NOD32 : Found probably a variant of Win32/Genetik (probable variant) Norman Virus Control : Found W32/Virtumonde.EQI Panda Antivirus : Found nothing VirusBuster : Found nothing VBA32 : Found nothing Now the log from Comboscan: ComboScan v20070306.20 run by Pedro Mena Gomes on 2007-03-09 at 10:38:31 Computer is in Normal Mode. ---------------------- -- System Res--------- Successfully created ComboScan Restore Point. -- Last 5 Restore Point(s) -- 15: 2007-03-09 13:38:35 UTC - RP15 - ComboScan Restore Point 14: 2007-03-07 20:22:57 UTC - RP14 - Removed Ad-Aware SE Personal 13: 2007-03-04 16:04:21 UTC - RP13 - Installed Ad-Aware SE Personal 12: 2007-03-02 14:14:38 UTC - RP12 - Software Distribution Service 2.0 11: 2007-03-02 00:57:44 UTC - RP11 - Installed Microsoft Money Shared Libraries -- First Restore Point -- 1: 2007-02-26 00:47:22 UTC - RP1 - Ponto de verificação do sistema Performed disk cleanup. -- HijackThis (run as Pedro Mena Gomes.------------ Logfile of HijackThis v1.99.1 Scan saved at 10:38:53, on 9/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Looknstop\looknstop.exe C:\Program Files\GhostSecuritySuite\gss.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\GhostSecuritySuite\gss.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\WINDOWS\system32\MNSFramework.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\My Documents\Antivirus Tools\comboscan.exe C:\PROGRA~1\HIJACK~1\Pedro Mena Gomes.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {A25CF3EC-6EF5-4021-9F23-D135E969085B} - C:\WINDOWS\system32\tuvsrqo.dll O2 - BHO: (no name) - {D69F66EC-6EB1-433A-8253-B0BF3A30A3AE} - C:\WINDOWS\system32\vtsqn.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ldabprum.dll",setvm O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [GhostSecuritySuite] "C:\Program Files\GhostSecuritySuite\gss.exe" -minimize O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... O17 - HKLM\System\CCS\Services\Tcpip\..\{B06401EE-8190-40CA-87CA-7F603193BCD8}: NameServer = 200.138.142.2,200.138.142.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: tuvsrqo - C:\WINDOWS\SYSTEM32\tuvsrqo.dll O20 - Winlogon Notify: vtsqn - C:\WINDOWS\system32\vtsqn.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- File Associat------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.exe %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.exe %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.exe %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS 4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS 4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS 2R AMON - C:\WINDOWS\system32\drivers\amon.sys 3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys 1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys 3S Bcfilter (Jetico Personal Firewall Network Monitor) - C:\WINDOWS\system32\DRIVERS\bcfilter.sys (not found) 3S BcfilterMP - C:\WINDOWS\system32\DRIVERS\bcfilter.sys (not found) 3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys 4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys 4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys 3R e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - C:\WINDOWS\system32\drivers\e1e5132.sys 1R eabfiltr - C:\WINDOWS\system32\drivers\eabfiltr.sys 3S eabusb - C:\WINDOWS\system32\drivers\EabUsb.sys 2R ghostsec - C:\Program Files\GhostSecuritySuite\ghostsec.sys 3R HBtnKey - C:\WINDOWS\system32\drivers\CPQBttn.sys 3R HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\CHDAud.sys 3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys 3R HSFHWAZL - C:\WINDOWS\system32\drivers\HSFHWAZL.sys 3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys 0R iaStor (Intel AHCI Controller) - C:\WINDOWS\system32\drivers\iaStor.sys 1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys 3S k750bus (Sony Ericsson 750 driver (WDM)) - C:\WINDOWS\system32\drivers\k750bus.sys 3S k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\k750mdfl.sys 3S k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - C:\WINDOWS\system32\drivers\k750mdm.sys 3S k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - C:\WINDOWS\system32\drivers\k750mgmt.sys 3S k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - C:\WINDOWS\system32\drivers\k750obex.sys 1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys 1R lnsfw1 - C:\WINDOWS\system32\drivers\lnsfw1.sys 2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys 3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys 3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys 3R MQAC (Message Queuing access control) - C:\WINDOWS\system32\drivers\mqac.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys 3R NETw3x32 (Controlador da placa Intel(R) PRO/Wireless 3945ABG para Windows XP 32 Bits) - C:\WINDOWS\system32\drivers\NETw3x32.sys 3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys 1R nod32drv - C:\WINDOWS\system32\drivers\nod32drv.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3R rimmptsk - C:\WINDOWS\system32\drivers\rimmptsk.sys 3R rimsptsk - C:\WINDOWS\system32\drivers\rimsptsk.sys 3R rismxdp (Ricoh xD-Picture Card Driver) - C:\WINDOWS\system32\drivers\rixdptsk.sys 3R RMCAST (Reliable Multicast Protocol driver) - C:\WINDOWS\system32\drivers\rmcast.sys 3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys 3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys 3R SFilter (Look 'n' Stop Driver) - C:\WINDOWS\system32\drivers\lnsfw.sys 4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys 3R SNP2UVC (USB2.0 PC Camera (SNP2UVC)) - C:\WINDOWS\system32\drivers\snp2uvc.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys 3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys 3S UIUSys (Conexant Setup API) - C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS (not found) 3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys 3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS 3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys 1R WmiAcpi (Microsoft Windows Management Interface for ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys 1R WS2IFSL (Ambiente de compatibilidade com fornecedores de serviços não IFS do Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S AddFiltr - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe" 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 2R ehRecvr (Serviço receptor do Media Center) - C:\WINDOWS\eHome\ehRecvr.exe 2R ehSched (Serviço de programação do Media Center) - C:\WINDOWS\eHome\ehSched.exe 2R hpqwmiex - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3S IDriverT (InstallDriver Table Manager) - "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" 2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" 2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe 3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R MNSFramework (MNS Framework) - C:\WINDOWS\system32\MNSFramework.exe /start 2R MSMQ (Message Queuing) - C:\WINDOWS\system32\mqsvc.exe 2R MSMQTriggers (Message Queuing Triggers) - C:\WINDOWS\system32\mqtgsvc.exe 2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe" 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.exe" 3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 3S WMConnectCDS (Serviço Windows Media Connect) - C:\Program Files\Windows Media Connect 2\wmccds.exe -- Files created between 2007-02-09 and 20--------- 2007-03-08 17:22:18 0 -rahs---- C:\MSDOS.SYS 2007-03-08 17:22:18 0 -rahs---- C:\IO.SYS 2007-03-07 18:38:48 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\.jSMS<JSMS~1> 2007-03-07 17:23:09 0 d-------- C:\WINDOWS\system32\appmgmt 2007-03-06 20:24:14 0 d-------- C:\Program Files\GhostSecuritySuite<GHOSTS~1> 2007-03-06 20:11:08 36924 --a------ C:\WINDOWS\system32\fwapi.dll 2007-03-06 20:11:08 76160 --a------ C:\WINDOWS\system32\drivers\lnsfw1.sys 2007-03-06 20:11:08 46208 --a------ C:\WINDOWS\system32\drivers\lnsfw.sys 2007-03-06 20:08:00 0 d-------- C:\Program Files\Looknstop<LOOKNS~1> 2007-03-06 16:54:41 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-06 16:54:37 0 d-------- C:\Program Files\Grisoft 2007-03-06 14:56:59 123412 --a------ C:\WINDOWS\system32\ldabprum.dll 2007-03-05 16:13:34 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Skype 2007-03-05 16:13:30 0 d-------- C:\Program Files\Common Files\Skype 2007-03-05 16:13:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype 2007-03-05 16:12:33 0 d-------- C:\Program Files\Skype 2007-03-05 14:56:49 449603 ---hs---- C:\WINDOWS\system32\nqstv.bak2<NQSTV~2.BAK> 2007-03-05 14:25:07 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Adobe 2007-03-04 12:45:46 447407 ---hs---- C:\WINDOWS\system32\nqstv.bak1<NQSTV~1.BAK> 2007-03-04 12:45:23 282212 ---hs---- C:\WINDOWS\system32\vtsqn.dll 2007-03-04 12:42:45 3514 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-04 12:01:04 81728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-03-04 12:01:00 79488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys 2007-03-04 12:00:50 6576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-03-04 12:00:49 89872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys 2007-03-04 12:00:49 6144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-03-04 12:00:49 6144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys 2007-03-04 12:00:45 5744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys 2007-03-04 12:00:45 5744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys 2007-03-04 12:00:45 55216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys 2007-03-04 11:48:02 0 d-------- C:\WINDOWS\pss 2007-03-02 12:26:22 1168 --a------ C:\WINDOWS\mozver.dat 2007-03-02 12:23:43 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Talkback 2007-03-02 12:23:39 0 --a------ C:\WINDOWS\nsreg.dat 2007-03-02 12:12:38 281483 --a------ C:\WINDOWS\system32\ddccb.dll 2007-03-02 12:06:01 47 --a------ C:\WINDOWS\system32\imon1.dat 2007-03-02 11:53:22 278563 --a------ C:\WINDOWS\system32\sstqr.dll 2007-03-02 11:53:22 281483 --a------ C:\WINDOWS\system32\sstqq.dll 2007-03-02 11:46:01 0 d-------- C:\Program Files\InetGet2 2007-03-02 11:43:53 26637 -----n--- C:\WINDOWS\system32\tuvsrqo.dll 2007-03-02 11:43:53 0 d-------- C:\Program Files\Common Files\{32066D92-0725-2070-1113-060706060037}<{32066~1> 2007-03-02 11:41:54 298104 --a------ C:\WINDOWS\system32\imon.dll 2007-03-02 11:41:54 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-03-02 11:41:54 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-03-02 11:35:18 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-03-02 11:24:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage<OFFICE~1> 2007-03-02 11:15:18 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Lavasoft 2007-03-01 22:37:57 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Media Player Classic<MEDIAP~1> 2007-03-01 22:12:53 20 ---h----- C:\Documents and Settings\Pedro Mena Gomes\Application Data\msdocx42.dll 2007-03-01 22:12:43 0 d-------- C:\Program Files\Two Peaks Software<TWOPEA~1> 2007-03-01 22:06:39 86016 --a------ C:\WINDOWS\unvise32.exe 2007-03-01 22:06:36 0 d-------- C:\Program Files\DivX 2007-03-01 22:05:10 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-03-01 22:05:09 0 d-------- C:\Program Files\K-Lite Codec Pack<K-LITE~1> 2007-03-01 21:57:58 0 d-------- C:\Program Files\Microsoft Money 2007<MI28C4~1> 2007-03-01 21:48:02 0 d-------- C:\Program Files\Mobile Net Switch<MOBILE~1> 2007-03-01 20:51:42 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Sony Ericsson<SONYER~1> 2007-03-01 20:51:40 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Teleca 2007-03-01 20:49:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson<SONYER~1> 2007-03-01 20:49:52 0 d-------- C:\Program Files\Sony Ericsson<SONYER~1> 2007-03-01 20:49:52 0 d-------- C:\Program Files\Common Files\Teleca Shared<TELECA~1> 2007-03-01 20:49:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2007-03-01 20:48:08 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2> 2007-03-01 20:39:26 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-03-01 20:39:11 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-03-01 13:59:54 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-03-01 12:23:02 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0> 2007-03-01 12:22:54 132096 --a------ C:\WINDOWS\system32\wkssvc.dll 2007-03-01 12:22:54 721920 --a------ C:\WINDOWS\system32\lsasrv.dll 2007-03-01 12:22:44 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys 2007-03-01 12:21:56 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-03-01 12:19:38 37888 --a------ C:\WINDOWS\system32\olecnv32.dll 2007-03-01 12:16:04 1839488 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-01 12:06:20 23040 -----n--- C:\WINDOWS\kb913800.exe 2007-03-01 11:58:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1> 2007-03-01 11:57:34 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1> 2007-03-01 11:27:43 18200 --a------ C:\WINDOWS\system32\wups2.dll 2007-03-01 11:27:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1> 2007-03-01 11:26:11 0 d---s---- C:\Documents and Settings\Pedro Mena Gomes\UserData 2007-02-28 20:39:37 0 d-------- C:\Downloads<DOWNLO~1> 2007-02-28 20:38:57 0 d-------- C:\Games 2007-02-28 20:37:22 0 d-------- C:\Email 2007-02-27 20:12:35 0 d-------- C:\WINDOWS\Sun 2007-02-27 20:12:34 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Sun 2007-02-26 20:24:41 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\HP 2007-02-26 01:28:02 0 d--hs---- C:\WINDOWS\CSC 2007-02-25 22:07:33 17920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-02-25 22:06:52 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~4> 2007-02-25 22:06:17 0 d-------- C:\WINDOWS\SHELLNEW 2007-02-25 22:04:32 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET> 2007-02-25 22:02:30 0 dr-h----- C:\MSOCache 2007-02-25 21:51:30 102400 --a------ C:\WINDOWS\HPWebcam.exe 2007-02-25 21:51:30 53248 --a------ C:\WINDOWS\csnp2uvc.dll 2007-02-25 21:48:15 2359296 --ah----- C:\Documents and Settings\Pedro Mena Gomes\NTUSER.DAT 2007-02-25 21:47:17 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT 2007-02-25 21:39:38 0 d-------- C:\WINDOWS\Prefetch -- Find3M Re---------- 2007-03-06 20:35:58 0 d---s---- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Microsoft<MICROS~1> 2007-03-02 12:23:36 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Mozilla 2007-03-02 11:37:00 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-03-01 20:38:39 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-01 12:19:45 0 d-------- C:\Documents and Settings\Pedro Mena Gomes\Application Data\Macromedia<MACROM~1> 2007-02-25 21:51:30 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-25 21:51:30 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1> 2007-02-25 21:36:49 0 d-------- C:\Program Files\HPQ 2007-01-30 08:04:44 186120 --a------ C:\WINDOWS\system32\MNSFramework.exe<MNSFRA~1.EXE> 2007-01-29 05:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-23 15:15:22 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL> 2006-12-19 18:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 15:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll -- Registry ---------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions" "Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe" "RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe" "QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\"" "QlbCtrl"="%ProgramFiles%\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start" "nwiz"="nwiz.exe /installquiet /nodetect" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "MsmqIntCert"="regsvr32 /s mqrt.dll" "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "Cpqset"="C:\\Program Files\\Hewlett-Packard\\Default Settings\\cpqset.exe" "2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\ldabprum.dll\",setvm" "Look 'n' Stop"="\"C:\\Program Files\\Looknstop\\looknstop.exe\" -auto" "GhostSecuritySuite"="\"C:\\Program Files\\GhostSecuritySuite\\gss.exe\" -minimize" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{A25CF3EC-6EF5-4021-9F23-D135E969085B}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run] "{32066D92-0725-2070-1113-060706060037}"="\"C:\\Program Files\\Common Files\\{32066D92-0725-2070-1113-060706060037}\\Update.exe\" mc-110-12-0001291" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run] "{32066D92-0725-2070-1113-060706060037}"="\"C:\\Program Files\\Common Files\\{32066D92-0725-2070-1113-060706060037}\\Update.exe\" mc-110-12-0001291" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsrqo HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqn [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 -- End of ComboScan: finished at 2007-03-09 at 10:3 And finally the supplementary: ComboScan v20070306.20 run by Pedro Mena Gomes on 2007-03-09 at 10:38:31 Supplementary logfile - please post this as an attachment with your post. ---------------------- -- System Informa----- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz Percentage of Memory in Use: 24% Physical Memory (total/avail): 2045.98 MiB / 1539.1 MiB Pagefile Memory (total/avail): 3937.48 MiB / 3523.51 MiB Virtual Memory (total/avail): 2047.88 MiB / 1996.39 MiB C: is Fixed (NTFS) - 102.62 GiB total, 87.48 GiB free. D: is Fixed (FAT32) - 8.14 GiB total, 1.39 GiB free. E: is CDROM (No Media) -- Security Ce-------- AUOptions is set to notify before install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Norton Internet Worm Protection v2006 (Symantec) [COLOR=RED]Disabled[/COLOR] FW: Look 'n' Stop 2.05p2 (Soft4Ever) v2.05p2 (Soft4Ever) AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.) -- Environment Varia-- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Pedro Mena Gomes\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PEDROPC ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA6 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Pedro Mena Gomes LOGONSERVER=\\PEDROPC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PCTYPE=PAVILION PLATFORM=MCD PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\PEDROM~1\LOCALS~1\Temp TMP=C:\DOCUME~1\PEDROM~1\LOCALS~1\Temp USERDOMAIN=PEDROPC USERNAME=Pedro Mena Gomes USERPROFILE=C:\Documents and Settings\Pedro Mena Gomes windir=C:\WINDOWS -- User Prof---------- Pedro Mena Gomes [I](admin)[/I] Administrator [I](admin)[/I] -- Add/Remove Prog---- --> C:\WINDOWS\system32\\MSIEXEC.exe /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.exe /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.exe /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Reader 7.0.5 - Português --> MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A70500000002} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.exe -U -IAt8VEN5a.inf DivX 5.0.2 Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log FlexWallet (Desktop Edition) --> "C:\Program Files\Two Peaks Software\FlexWallet\unins000.exe" Ghost Security Suite --> "C:\Program Files\GhostSecuritySuite\unins000.exe" Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe" HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x816 -removeonly HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Pavilion Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\Setup.exe" -l0x9 -u HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x416 -removeonly uninst HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall HP Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP User Guides 0035 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE247E71-C143-40BB-ADF2-A465DF062BAB}\Setup.exe" -l0x816 -removeonly HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x816 hpquninst Intel(R) PRO Network Connections Drivers --> Prounstl.exe J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} K-Lite Codec Pack 2.79 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" Localization Pack for Microsoft Windows XP Media Center Edition --> MsiExec.exe /I{FCD71FFD-0825-42DD-8BEC-CE8F97823B36} Look 'n' Stop 2.05p2 --> "C:\Program Files\Looknstop\looknstop.exe" -uninst Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B} Microsoft Money 2007 Home & Business --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Project Professional 2002 --> MsiExec.exe /I{903B0416-6000-11D3-8CFE-0050048383C9} Microsoft Works --> MsiExec.exe /I{6AA033A1-1234-48c7-9AAA-BBF67956B36C} Mobile Net Switch --> MsiExec.exe /X{D0BD098F-9228-49AB-AD68-B130E64C27DC} Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x816 ControlPanel NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL NOD32 FiX --> "C:\Program Files\Eset\unins000.exe" NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0 Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.exe -U -IAt8VEN5m.inf Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E} SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C} Sony Ericsson PC Suite --> MsiExec.exe /I{788A9E76-1079-445D-B9A1-6DBB9420F7C3} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update Rollup 2 for Windows XP Media Center Edition 2005 --> Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe Windows XP Media Center Edition 2005 KB890629 --> Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe" -- End of ComboScan: finished at 2007-03-09 at 10:3