A case of "'X' is not a valid Win32 app

I think this is probably another case of the kinds of viruses Porthos is combating, but I'm not sure of their type though.

It all started when I downloaded a file from Emule, then, without any notice from Avast Antivirus or my Firewall (Sygate), SecureMaker started to block incoming files from weird sites on the net. Afterwards, the machine kept restarting without any obvious reason or notice of any kind, and when it came back, Antivirus, Sygate, Windows Update, etc etc, wouldn't run, only this weird error of "'X Program' is not a valid Win32 application.

From this other computer (as I didn't want to keep connected in this situation) I started to search on the net about this virus, and eventually found this forum.

Since then, I've run Malwarebytes Anti-Malware, which seemed to help a bit because I was able to run Avast and other AntiViruses (now I'm using AVG). They didn't find much more viruses, and so I'm still feeling a bit insecure. SecureMaker also has given a few notices of executable files (although sometimes they have .jpg extension) being sent from the wicked sites.

As I have run Combo-Fix twice (and later got to understand that it works for individual help), I`ll post the result of the 2nd scan in my next post.


Hope I'm closed to being clean!
Thanks heaps,

Gab

And what have we learned.

Anyway, I think I won't be able to post the log right now, I tried to run it a few times after the first one, and now it has expired and so I don't have the log.

I'll send Hijack This log by the moment:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:24, on 19/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Arquivos de programas\Maxtor\ManagerApp\Onetouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\AceLogix\Free Ram Optimizer\fro.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Arquivos de programas\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARQUIV~1\Grisoft\AVG7\avgw.exe
C:\Arquivos de programas\SECUREMAKER\smdefrag.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main
R1 - HKLM\Software\Microsoft\Internet Explorer\Main
R1 - HKLM\Software\Microsoft\Internet Explorer\Main
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Arquivos de programas\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Arquivos de programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Arquivos de programas\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Arquivos de programas\Bluetack\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O4 - Global Startup: SECUREMAKER.lnk = C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&(URL
O16 - DPF: {0695F163-77CC-11D3-9480-0080C85A6BC8} (NetTrader.NetTraderQuotes) - url
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - (url
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - url
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - (URL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - (URL
O16 - DPF: {EB68B96F-F024-467B-AA8A-F1D1ADB27A5B} (melhores.DezMelhores) - (URL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Arquivos de programas\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Arquivos de programas\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Securemaker Disk Defragmenter Service (smdefrag) - Unknown owner - C:\Arquivos de programas\SECUREMAKER\smdefrag.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 10886 bytes

Unistall list:

ActivePerl 5.6.1 Build 638
Ad-Aware 2007
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Stock Photos 1.0
Advanced WindowsCare 2.50 Personal
Apple Software Update
Ask Toolbar
Atualização de Segurança para o Windows Media Player (KB911564)
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)
Atualização de Segurança para Windows Internet Explorer 7 (KB928090)
Atualização de Segurança para Windows Internet Explorer 7 (KB931768)
Atualização de Segurança para Windows Internet Explorer 7 (KB933566)
Atualização de Segurança para Windows Internet Explorer 7 (KB937143)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB939653)
Atualização de Segurança para Windows Internet Explorer 7 (KB942615)
Atualização de Segurança para Windows Internet Explorer 7 (KB944533)
Atualização de Segurança para Windows XP (KB893756)
Atualização de Segurança para Windows XP (KB896358)
Atualização de Segurança para Windows XP (KB896423)
Atualização de Segurança para Windows XP (KB896424)
Atualização de Segurança para Windows XP (KB896428)
Atualização de Segurança para Windows XP (KB899587)
Atualização de Segurança para Windows XP (KB899591)
Atualização de Segurança para Windows XP (KB900725)
Atualização de Segurança para Windows XP (KB901017)
Atualização de Segurança para Windows XP (KB901214)
Atualização de Segurança para Windows XP (KB902400)
Atualização de Segurança para Windows XP (KB904706)
Atualização de Segurança para Windows XP (KB905414)
Atualização de Segurança para Windows XP (KB905749)
Atualização de Segurança para Windows XP (KB908519)
Atualização de Segurança para Windows XP (KB911562)
Atualização de Segurança para Windows XP (KB911927)
Atualização de Segurança para Windows XP (KB912919)
Atualização de Segurança para Windows XP (KB913580)
Atualização de Segurança para Windows XP (KB914388)
Atualização de Segurança para Windows XP (KB914389)
Atualização de Segurança para Windows XP (KB917344)
Atualização de Segurança para Windows XP (KB917422)
Atualização de Segurança para Windows XP (KB917537)
Atualização de Segurança para Windows XP (KB917953)
Atualização de Segurança para Windows XP (KB918118)
Atualização de Segurança para Windows XP (KB918439)
Atualização de Segurança para Windows XP (KB919007)
Atualização de Segurança para Windows XP (KB920213)
Atualização de Segurança para Windows XP (KB920670)
Atualização de Segurança para Windows XP (KB920683)
Atualização de Segurança para Windows XP (KB920685)
Atualização de Segurança para Windows XP (KB921503)
Atualização de Segurança para Windows XP (KB922819)
Atualização de Segurança para Windows XP (KB923191)
Atualização de Segurança para Windows XP (KB923414)
Atualização de Segurança para Windows XP (KB923694)
Atualização de Segurança para Windows XP (KB923980)
Atualização de Segurança para Windows XP (KB924191)
Atualização de Segurança para Windows XP (KB924270)
Atualização de Segurança para Windows XP (KB924496)
Atualização de Segurança para Windows XP (KB924667)
Atualização de Segurança para Windows XP (KB925902)
Atualização de Segurança para Windows XP (KB926247)
Atualização de Segurança para Windows XP (KB926255)
Atualização de Segurança para Windows XP (KB926436)
Atualização de Segurança para Windows XP (KB927779)
Atualização de Segurança para Windows XP (KB927802)
Atualização de Segurança para Windows XP (KB928090)
Atualização de Segurança para Windows XP (KB928255)
Atualização de Segurança para Windows XP (KB928843)
Atualização de Segurança para Windows XP (KB929123)
Atualização de Segurança para Windows XP (KB930178)
Atualização de Segurança para Windows XP (KB931261)
Atualização de Segurança para Windows XP (KB931784)
Atualização de Segurança para Windows XP (KB932168)
Atualização de Segurança para Windows XP (KB933729)
Atualização de Segurança para Windows XP (KB935839)
Atualização de Segurança para Windows XP (KB935840)
Atualização de Segurança para Windows XP (KB936021)
Atualização de Segurança para Windows XP (KB937894)
Atualização de Segurança para Windows XP (KB938829)
Atualização de Segurança para Windows XP (KB939373)
Atualização de Segurança para Windows XP (KB941202)
Atualização de Segurança para Windows XP (KB941568)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB941644)
Atualização de Segurança para Windows XP (KB942830)
Atualização de Segurança para Windows XP (KB942831)
Atualização de Segurança para Windows XP (KB943055)
Atualização de Segurança para Windows XP (KB943460)
Atualização de Segurança para Windows XP (KB943485)
Atualização de Segurança para Windows XP (KB944653)
Atualização de Segurança para Windows XP (KB946026)
Atualização para Windows XP (KB894391)
Atualização para Windows XP (KB898461)
Atualização para Windows XP (KB900485)
Atualização para Windows XP (KB904942)
Atualização para Windows XP (KB908531)
Atualização para Windows XP (KB910437)
Atualização para Windows XP (KB911280)
Atualização para Windows XP (KB916595)
Atualização para Windows XP (KB920342)
Atualização para Windows XP (KB920872)
Atualização para Windows XP (KB922582)
Atualização para Windows XP (KB925720)
Atualização para Windows XP (KB927891)
Atualização para Windows XP (KB929338)
Atualização para Windows XP (KB930916)
Atualização para Windows XP (KB931836)
Atualização para Windows XP (KB933360)
Atualização para Windows XP (KB936357)
Atualização para Windows XP (KB938828)
Atualização para Windows XP (KB942763)
AutoMz Ultimate Tweaker
AvaTrader (remove only)
AVG 7.5
Barra de Ferramentas do Yahoo! com bloqueador de pop-up
Barsa CD
BlackBerry Desktop Software 4.2.2
BlackBerry Desktop Software 4.2.2
BOOMBox Internet Radio Player v1.0
CCleaner (remove only)
Civilization III Complete Edition
Compressor WinRAR
CoolSMS 2.06 beta
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DMIView
DVD Shrink 3.2
DVD Solution
EASEUS Partition Manager 1.1 Demo
eMule
ExtractNow
F-22 Lightning 3 Demo
Free CD Ripper V 1.4
Free Ram Optimizer XP 1.0
GameSpy Arcade
Glarysoft Process Manager 1.3
Glint System Monitor
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows XP (KB914440)
InCD
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
IRPF2007 - Declaração de Ajuste Anual
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_15
Java(TM) 6 Update 2
K-Lite Codec Pack 2.60 Full
LG ODD Auto Firmware Update
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Maxtor Backup
Maxtor Encryption
Maxtor OneTouch III
MediaMonkey 3.0
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Mz Ram Booster
Nero OEM
NVIDIA Drivers
PeerGuardian 2.0
PowerDVD
PowerProducer
Printer's Apprentice
PTDD Super Fdisk 1.0
QuickTime
Realtek AC'97 Audio
Roxio Media Manager
Second Life Brasil
SECUREMAKER (remove only)
Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)
Sothink Movie DVD Maker
SoulSeek Client 157 test 8
SpeedBit Video Accelerator
SurfOffline (remove only)
Sygate Personal Firewall
System Requirements Lab
The Cleaner 5
TimeLeft 3 Freeware edition
VersionTracker Pro Windows
WebZIP
Winamp
Winamp (remove only)
WindowBlinds
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinXP Manager
Wiz-Technology System Analyzer (Professional Edition) 3.21
Zilla Data Nuker 2.0.0.0
Zinf 2.2.1
ZIP Reader 8.00.0018

Uninstall these...

Ask Toolbar
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_15
Java(TM) 6 Update 2



Messenger Plus! 3 ADWARE
Messenger Plus Bundling Lop.com



Get your updated java..
Please follow these steps to remove older version Java components and update.

* Download the latest version of Java Runtime Environment (JRE) 6 Update 5 HERE
* Scroll to Java Runtime Environment (JRE) 6 Update 5 and click on the download button
Click on the Accept License Agreement button
Next select
Download Now! Windows Offline Installation, Multi-language

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

NEXT-remove all older versions of Java
Go to Start > Control Panel double-click on the Software icon > add/remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select it and click Remove.
* Close any programs you may have running - especially your web browser.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.

OK, I've unistalled all these and reinstalled Java Runtime Environment 6 Update...

I've also run a system scan with AVG, but Sygate Firewall still won't work, and if I try to force clicking on its icon. Also, I still get messages from SecureMaker like this one I just received:
Intruder Blocker has blocked file from coming URL: www3206080ru/images/rem11.exe

Is this normal? What Firewall should I use? I just got to know that it isn't free anymore...

Ok, I've got to sleep now (it's 3am in Brazil now), but I'll take the necessary steps tomorrow.


Thanks in advance Porthos, your help is invaluable!
See you soon.

Delete the combofix you have now and lets start over.

Make sure any antivirus or protective software is disabled before running combofix.
Here is a tutorial for most programs.
http://www.bleepingcomputer.com/forums/topic114351.html

Then Download ComboFix.exe from HERE to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it). Just save it to your desktop as MyCombo.exe. Then click the MyCombo.exe file to run the repair.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.


A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop, however given the infection there ComboFix will likely cause a reboot in order to complete it's repairs.

(ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver)

Post back the C:\ComboFix.txt log as well as a new HijackThis log please.

OK, I've got this log from Combo-Fix:
----------
ComboFix 08-03-18.1 - Rafa 2008-03-19 14:00:34.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.570 [GMT -3:00]
Executando de: C:\Documents and Settings\Rafa\Desktop\MyCombo.exe
* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf
.
---- Previous Run -------
.
C:\Documents and Settings\Rafa\Dados de aplicativos\inst.exe
C:\Documents and Settings\Rafa\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\EPXVSJYS\iforex.com
C:\Documents and Settings\Rafa\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\EPXVSJYS\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Rafa\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Rafa\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Rafa\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Rafa\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA
-------\srosa
-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((( Ficheiros criados de 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))
.

2008-03-19 02:21 . 2008-03-19 02:50 <DIR> d-------- C:\Documents and Settings\Rafa\.SunDownloadManager
2008-03-19 02:13 . 2007-04-12 18:03 241,664 --a------ C:\Arquivos de programas\Uninstall Ask Toolbar.dll
2008-03-17 21:36 . 2007-03-17 22:03 529,870 --a------ C:\WINDOWS\system32\prfh0416.dat
2008-03-17 21:36 . 2007-03-17 22:03 100,116 --a------ C:\WINDOWS\system32\prfc0416.dat
2008-03-16 22:26 . 2008-03-16 23:27 33,280 --a------ C:\WINDOWS\system32\NTSecurity.exe
2008-03-12 02:58 . 2008-03-12 02:58 <DIR> d-------- C:\Arquivos de programas\Glint System Monitor
2008-03-07 08:59 . 2008-03-07 08:59 268 --ah----- C:\sqmdata03.sqm
2008-03-07 08:59 . 2008-03-07 08:59 244 --ah----- C:\sqmnoopt03.sqm
2008-03-04 00:33 . 2008-03-19 02:57 <DIR> d-------- C:\Documents and Settings\Rafa\Dados de aplicativos\AVG7
2008-03-04 00:33 . 2008-03-04 00:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\AVG7
2008-03-04 00:32 . 2008-03-19 03:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg7
2008-03-03 19:10 . 2008-03-03 19:10 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-03 18:33 . 2008-03-04 00:04 <DIR> d-------- C:\Arquivos de programas\Destino
2008-02-29 14:23 . 2008-03-14 16:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-29 14:23 . 2008-02-29 14:23 1,409 --a------ C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 17:04 --------- d-----w C:\Arquivos de programas\SpeedBit Video Accelerator
2008-03-19 06:15 --------- d-----w C:\Arquivos de programas\The Cleaner Free
2008-03-19 05:53 --------- d-----w C:\Arquivos de programas\Java
2008-03-19 05:19 --------- d-----w C:\Arquivos de programas\MSN Messenger
2008-03-17 23:16 --------- d-----w C:\Arquivos de programas\Soulseek-Test
2008-03-17 05:30 120 ----a-w C:\drmHeader.bin
2008-03-12 05:58 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-03-10 19:42 256 ----a-w C:\Documents and Settings\Rafa\pool.bin
2008-03-04 03:35 --------- d-----w C:\Arquivos de programas\PeerGuardian2
2008-02-26 23:32 --------- d-----w C:\Arquivos de programas\MediaMonkey
2008-02-25 02:48 --------- d-----w C:\Arquivos de programas\SECUREMAKER
2008-02-20 15:37 --------- d-----w C:\Documents and Settings\Rafa\Dados de aplicativos\DMCache
2008-02-19 13:39 --------- d-----w C:\Documents and Settings\Rafa\Dados de aplicativos\VersionTracker Pro
2008-02-17 16:12 --------- d-----w C:\Arquivos de programas\SystemRequirementsLab
2008-02-17 15:56 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-02-17 15:55 --------- d-----w C:\Arquivos de programas\Lavasoft
2008-02-17 15:54 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-02-17 15:53 --------- d-----w C:\Arquivos de programas\TechTracker
2008-02-16 17:38 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-02-12 23:36 --------- d-----w C:\Arquivos de programas\Barsa CD
2008-02-11 00:40 --------- d-----w C:\Arquivos de programas\DAP
2008-02-09 17:21 --------- d-----w C:\Arquivos de programas\AviSynth 2.5
2008-02-09 17:21 --------- d-----w C:\Arquivos de programas\AviDvdBurner
2008-02-09 17:20 --------- d-----w C:\Arquivos de programas\VSO
2008-02-09 17:19 47,360 ----a-w C:\Documents and Settings\Rafa\Dados de aplicativos\pcouffin.sys
2008-02-09 17:19 --------- d-----w C:\Documents and Settings\Rafa\Dados de aplicativos\Vso
2008-02-09 17:16 --------- d-----w C:\Arquivos de programas\CoolSMS
2008-02-06 17:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink
2008-01-26 00:19 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-24 17:18 --------- d-----w C:\Arquivos de programas\VideoLAN
2008-01-19 00:42 --------- d-----w C:\Arquivos de programas\SourceTec
2004-10-01 18:00 40,960 ------w C:\Arquivos de programas\Uninstall_CDS.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]
"PeerGuardian"="C:\Arquivos de programas\PeerGuardian2\pg2.exe" [ ]
"Free Ram Optimizer"="C:\Arquivos de programas\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19 57344]
"ProtoWall"="C:\Arquivos de programas\Bluetack\ProtoWall\ProtoWall.exe" [2006-04-18 01:06 737280]
"CoolSMS"="" []
"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SmcService"="C:\ARQUIV~1\Sygate\SPF\smc.exe" [2008-03-03 03:29 2577632]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"MaxtorOneTouch"="C:\Arquivos de programas\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SpeedBitVideoAccelerator"="C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-02-19 22:44 2283120]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe" [2007-03-26 18:34 190696]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
SECUREMAKER.lnk - C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe [2008-02-12 12:58:56 3248128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NT Security Service"= NTSecurity.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 22:57 176128 C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinampAgent.lnk]
backup=C:\WINDOWS\pss\WinampAgent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-03-13 23:06 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2006-02-20 11:40 245760 C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-03-11 16:24 86016 C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\Soulseek-Test\\slsk.exe"=
"C:\\Arquivos de programas\\eMule\\emule.exe"=
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

R1 sm;Secretmaker driver;C:\WINDOWS\system32\drivers\sm.sys [2007-07-05 12:10]
R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-02-19 22:44]
R2 smdefrag;Securemaker Disk Defragmenter Service;C:\Arquivos de programas\SECUREMAKER\smdefrag.exe [2008-02-12 12:59]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 00:45]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-02-19 22:44]
R3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys [2006-01-02 01:20]
S2 Dnscache;Cliente DNS;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:45]
S3 portio;portio;C:\Arquivos de programas\Zinf\portio.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-03-12 00:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe
"2008-01-09 23:10:00 C:\WINDOWS\Tasks\schred.job"
- C:\Arquivos de programas\Zilla Data Nuker\Shredder.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 14:04:50
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53, 00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53, 00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53, 00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53, 00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\tray.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Arquivos de programas\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Tempo para conclusão: 2008-03-19 14:07:33 - machine was rebooted [Rafa]
ComboFix-quarantined-files.txt 2008-03-19 17:07:30
.
2008-03-14 17:25:29 --- E O F ---