[SOLVED] Weird e-mule after worm.bagle.ZIU

[Computer_Dummie]

Hi,

I downloaded a nasty file on e-mule that BitDefender detected as worm.bagle.ZIU. Apparently BD blocked the worm but I noticed that the temporary download file was still in e-mule's \temp folder. I couldn't remove it so I went into Safe Mode and deleted the folder. Funny thing is that now when I start e-mule, uploading starts before I connect to a server. Does anyone have a clue how I can solve this ? Is there something wrong with e-mule ?

My HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 02:12:19, on 17/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe
C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe
C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Sala\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Chevy]

To be safe, I'm sure one of our fine security folks will take a look at your log.

However, TSF does not provide any support for P2P or other file sharing applications ...

http://www.techsupportforum.com/rules.php

[Computer_Dummie]

I'd just like to add that I downloaded an old version of Acrobat Reader so nothing illegal was taking place. I usually stick to old versions of applications that aren't used often and which I only use basic functions.

[Sempurna]

Hi Computer_Dummie,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, let’s do this first.

Please download CCleaner (freeware) and save it to your desktop:

1. Run the CCleaner installer.
2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
3. Once installed, run CCleaner and click the "Windows" tab.
4. Select the following:
   • Check everything under the "Internet Explorer" section.
   • Check everything under the "Windows Explorer" section.
   • Check everything under the "System" section.
   • Check ONLY "Old Prefetch data" under the "Advanced" section.
5. Then, click the "Applications" tab:
   • CHECK everything there.
6. Next, click the "Options" button in the left pane, then click the "Advanced" button:
   • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
7. Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
8. When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

• Save it to your desktop.
• Double-click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION:
Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):

1. Click on "Kaspersky Online Scanner".
2. You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
3. The program will launch and then begin downloading the latest definition files.
4. Once the files have been downloaded click on "Next".
5. Now click on "Scan Settings".
6. In the scan settings make sure that the following are selected:
   • Scan using the following Anti-Virus database:
     Extended
   • Scan Options:
     Scan Archives
     Scan Mail Bases
7. Click "OK".
8. Now under select a target to scan:
   • Select "My Computer".
9. This program will start and scan your system.
10. The scan will take a while so be patient and let it run.
11. Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
12. Save the file to your desktop.
13. Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

1. The log from the ComboFix scan.
2. The log from the Kaspersky scan.
3. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

~~~

[Computer_Dummie]

Hi Sempurna,

Your help is much appreciated. I'd like to let you know that since the event I have uninstalled and re-installed Bitdefender and Emule just as a precaution.

Here are my logs.

Combofix:

"Sala" - 2007-07-18 7:59:38 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-18 07:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-18 07:51 <DIR> d-------- C:\Arquivos de programas\CCleaner
2007-07-18 07:41 <DIR> d-------- C:\Arquivos de programas\Raspppoe
2007-07-17 08:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-17 08:18 <DIR> d---s---- C:\DOCUME~1\Sala\UserData
2007-07-17 08:13 <DIR> d-------- C:\DOCUME~1\Sala\DADOSD~1\Bitdefender
2007-07-17 08:07 <DIR> d-------- C:\Arquivos de programas\eMule
2007-07-17 08:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\BitDefender
2007-07-17 08:01 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-17 01:30 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster
2007-07-15 21:33 25,859 --a------ C:\WINDOWS\War3Unin.dat
2007-07-15 21:33 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-15 21:33 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-15 15:24 2,235 --a------ C:\WINDOWS\system32\sdbackup.reg
2007-07-15 15:10 <DIR> d-------- C:\DOCUME~1\Sala\DADOSD~1\uTorrent
2007-07-15 10:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-07-15 08:45 1,188 --a------ C:\WINDOWS\mozver.dat
2007-07-14 18:56 <DIR> d-------- C:\DOCUME~1\Sala\DADOSD~1\Sports Interactive
2007-07-14 18:54 <DIR> d-------- C:\Arquivos de programas\ToniArts
2007-07-14 18:47 <DIR> d-------- C:\DOCUME~1\Sala\Contacts
2007-07-14 18:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-14 18:46 <DIR> d-------- C:\Arquivos de programas\MSN Messenger
2007-07-14 18:42 <DIR> d-------- C:\DOCUME~1\Sala\DADOSD~1\EarMaster
2007-07-14 18:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\EarMaster
2007-07-14 18:42 <DIR> d-------- C:\Arquivos de programas\EarMaster Pro 5
2007-07-14 18:17 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-14 18:15 569,344 --------- C:\WINDOWS\system32\imagr5.dll
2007-07-14 18:15 544,768 --------- C:\WINDOWS\system32\imagx5.dll
2007-07-14 18:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-07-14 18:15 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll
2007-07-14 18:15 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-07-14 18:15 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-07-14 18:15 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2007-07-14 18:15 <DIR> d-------- C:\Arquivos de programas\Ahead
2007-07-14 18:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-14 17:55 90,112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2007-07-14 17:55 9,472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2007-07-14 17:55 45,056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2007-07-14 17:55 221,184 --a------ C:\WINDOWS\SnoopFreeUI.exe
2007-07-14 17:54 <DIR> d-------- C:\DOCUME~1\Sala\DADOSD~1\WinRAR
2007-07-14 17:51 <DIR> d-------- C:\WINDOWS\ShellNew
2007-07-14 17:50 <DIR> d-------- C:\DOCUME~1\Sala\DADOSD~1\Microsoft Web Folders
2007-07-14 17:47 <DIR> d--hs---- C:\RECYCLER
2007-07-14 17:42 <DIR> d-------- C:\Arquivos de programas\VIAudioi
2007-07-14 17:42 <DIR> d-------- C:\Arquivos de programas\VIA
2007-07-14 17:36 204,672 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2007-07-14 17:34 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-07-14 17:34 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools
2007-07-14 17:33 96,256 --a------ C:\WINDOWS\system32\drivers\sptd3517.sys
2007-07-14 17:33 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-14 17:29 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-14 17:29 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2007-07-14 17:29 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-07-14 17:29 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-14 17:29 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-14 17:29 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-07-14 17:29 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-14 17:29 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-07-14 17:29 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-07-14 17:29 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-07-14 17:29 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-07-14 17:29 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2007-07-14 17:29 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-07-14 17:29 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2007-07-14 17:29 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2007-07-14 17:29 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-14 17:29 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-14 17:29 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-14 17:29 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-14 17:29 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information
2007-07-14 17:27 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-07-14 17:27 <DIR> d-------- C:\WINDOWS\Profiles
2007-07-14 17:27 <DIR> d-------- C:\DOCUME~1\Sala\DADOSD~1\InterTrust
2007-07-14 17:22 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-14 17:22 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-07-14 17:22 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-14 17:21 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-07-14 17:18 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-07-14 17:18 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-07-14 17:18 <DIR> d-------- C:\WINDOWS\nview
2007-07-14 17:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield
2007-07-14 17:17 <DIR> d-------- C:\Arquivos de programas\NVIDIA
2007-07-14 17:11 1,136 --a------ C:\WINDOWS\checkip.dat
2007-07-14 17:11 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-14 17:06 <DIR> d-------- C:\DOCUME~1\Sala\DADOSD~1\Hewlett-Packard
2007-07-14 17:05 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-07-14 17:04 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-14 17:04 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-14 17:03 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard
2007-07-14 17:03 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard
2007-07-14 17:02 19,566 --a------ C:\WINDOWS\hpoins01.dat
2007-07-14 17:02 16,606 --------- C:\WINDOWS\hpomdl01.dat
2007-07-14 16:59 1,835,008 --ah----- C:\DOCUME~1\Sala\NTUSER.DAT
2007-07-14 16:59 <DIR> dr-h----- C:\DOCUME~1\Sala\Dados de aplicativos
2007-07-14 16:59 <DIR> dr------- C:\DOCUME~1\Sala\Meus documentos
2007-07-14 16:59 <DIR> dr------- C:\DOCUME~1\Sala\Menu Iniciar
2007-07-14 16:59 <DIR> dr------- C:\DOCUME~1\Sala\Favoritos
2007-07-14 16:59 <DIR> d--h----- C:\DOCUME~1\Sala\Modelos
2007-07-14 16:59 <DIR> d--h----- C:\DOCUME~1\Sala\Configura‡äes locais
2007-07-14 16:59 <DIR> d--h----- C:\DOCUME~1\Sala\Ambiente de rede


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 12:10:38 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
2007-07-14 19:59:51 48,628 ----a-w C:\WINDOWS\system32\perfc016.dat
2007-07-14 19:59:51 344,380 ----a-w C:\WINDOWS\system32\perfh016.dat
2007-07-14 19:53:25 -------- d-----w C:\Arquivos de programas\Serviços on-line
2007-07-14 19:52:30 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços
2007-04-19 16:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 16:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 16:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 16:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 16:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 16:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 16:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 16:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 16:26:00 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-04-19 16:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 16:26:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-04-19 16:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 16:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 16:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 16:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 16:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 16:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 16:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-04-19 16:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-04-19 16:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-04-19 16:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-04-19 16:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-04-19 16:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-04-19 16:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-04-19 16:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-04-19 16:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-04-19 16:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-04-19 16:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-04-19 16:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-04-19 16:26:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-04-19 16:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 16:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-04-19 16:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-04-19 16:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-04-19 16:26:00 3,203,072 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-04-19 16:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 16:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-04-19 16:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-04-19 16:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-04-19 16:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-04-19 16:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-04-19 16:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-04-19 16:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-04-19 16:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 16:26:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-04-19 16:26:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-04-19 16:26:00 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-04-19 16:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-04-19 16:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-04-19 16:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-04-19 16:26:00 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-04-19 16:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-04-19 16:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-04-19 16:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-04-19 16:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-04-19 16:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-04-19 16:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-04-19 16:26:00 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-04-19 16:26:00 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-04-19 16:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-04-19 16:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-04-19 16:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-04-19 16:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-04-19 16:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-04-19 16:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-04-19 16:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-04-19 16:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-04-19 16:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-04-19 16:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-04-19 16:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 16:26:00 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-04-19 16:26:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-04-19 16:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 16:26:00 2,973,696 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-04-19 16:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 16:26:00 2,859,008 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-04-19 16:26:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-04-19 16:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 16:26:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-04-19 16:26:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-04-19 16:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 16:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 16:26:00 118,784 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-04-19 16:26:00 1,732,608 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-04-19 16:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 16:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 16:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 16:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 16:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 16:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 16:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 12:02 37808 --------- C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 18:28]
"SnoopFreeUI"="SnoopFreeUI.exe" [2007-07-14 17:55 C:\WINDOWS\SnoopFreeUI.exe]
"BDMCon"="C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" [2007-07-17 09:08]
"BDAgent"="C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe" [2007-07-17 09:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]
"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58e56403-3228-11dc-9b4b-806d6172696f}]
AutoRun\command- E:\autoplay.exe


Contents of the 'Scheduled Tasks' folder
2007-07-14 2041 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1184443575.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 08:01:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???C:\temp\Via686\v???|???|?????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 8:02:59

--- E O F ---

[Computer_Dummie]

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 18, 2007 9:22:30 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 18/07/2007
Kaspersky Anti-Virus database records: 363540
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 80236
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:15:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temp\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Histórico\History.IE5\MSHist012007071820070719\index.dat Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Temp\~DFED3A.tmp Object is locked skipped
C:\Documents and Settings\Sala\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sala\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sala\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\cert8.db Object is locked skipped
C:\Documents and Settings\Sala\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\history.dat Object is locked skipped
C:\Documents and Settings\Sala\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\key3.db Object is locked skipped
C:\Documents and Settings\Sala\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\parent.lock Object is locked skipped
C:\Documents and Settings\Sala\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Sala\Dados de aplicativos\Mozilla\Firefox\Profiles\b86zf5b5.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Sala\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sala\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Sala\UserData\index.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E9F9DADE-2A24-476F-A670-D0D4BA1E9DC4}\RP12\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\PROPRIETARIO.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\SnopFree.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3517.sys Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00006929\tmp00000000 Object is locked skipped
C:\WINDOWS\Temp\ZLT05923.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT068d7.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{E9F9DADE-2A24-476F-A670-D0D4BA1E9DC4}\RP12\change.log Object is locked skipped

Scan process completed.

[Computer_Dummie]

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 09:30:17, on 18/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe
C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe
C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Sempurna]

Hi Computer_Dummie,

You’re most welcome, Computer_Dummie.

The logs appear to be clean.

How are things running now? Any persistent problem that I should know about?

~~~

[Computer_Dummie]

Hi Sempurna,

My computer seems fine. After reinstallation the programs worked normally.

Thanks for your help! Much appreciated.

[Sempurna]

You're most welcome.

Cheers!
Sempurna