Problem with disk 10 !!(RESOLVED)

**hilfer** · 31-05-2007

Hi all:

I'm sorry I posted same on win xp topic, as I didnt know that this is the right place for hijackthis logs.

So my problem is a a start up program called:msig disk10.exe:

here goes my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:46:14, on 31-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winsersec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\sdaemon.exe
C:\WINDOWS\winwd.exe
C:\Programas\Java\jre1.6.0_01\bin\jusched.exe
C:\Programas\BillP Studios\WinPatrol\winpatrol.exe
C:\Programas\CPUMon\CPUMon.exe
C:\Programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\disk10.exe
C:\Programas\Unlocker\UnlockerAssistant.exe
C:\Programas\PrettyMay\PrettyMay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\CounterPath\X-Lite\x-lite.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\X-PRO\X-PRO.exe
C:\Programas\Rainlendar2\Rainlendar2.exe
C:\Programas\Weather Watcher\ww.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programas\Locate\Locate32.exe
C:\Programas\TjInit Utility\TjInit.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\TjInit Utility\hkcntr.exe
C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp?...on=IncrediMail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [WinPatrol] C:\Programas\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [CPUMon] C:\Programas\CPUMon\CPUMon.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [msig] C:\WINDOWS\system32\disk10.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PrettyMay] C:\Programas\PrettyMay\PrettyMay.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [eyeBeam SIP Client] C:\Programas\CounterPath\X-Lite\x-lite.exe
O4 - HKCU\..\Run: [Skype] C:\Programas\Skype\Phone\Skype.exe /nosplash /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Programas\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [XSC SIP Client] C:\Programas\X-PRO\X-PRO.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Programas\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Programas\Weather Watcher\ww.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: hpoddt01.exe.lnk = ?
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Startup: TjInit Utility.lnk = C:\Programas\TjInit Utility\TjInit.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: winser - Unknown owner - C:\WINDOWS\system32\winsersec.exe

I think this is the cause for some strange freezings I'm having recently.

Any help would be appreciated.tks.hilfer.

**Neal** · 31-05-2007

Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done

Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:One at a time

C:\WINDOWS\system32\disk10.exe
C:\WINDOWS\system32\winsersec.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

If that one is to busy here is another option:

http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:

* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

I need scan results for those two files please and Dr. Web log and a new hijackthis log, thanks.

**hilfer** · 01-06-2007

Ok. Here they are:

Complete scanning result of "disk10.exe", received in VirusTotal at 06.01.2007, 00:50:28 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 05.31.2007 no virus found
AntiVir 7.4.0.29 05.31.2007 TR/Spy.Banker.Gen
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.31.2007 Win32:Banker-CAQ
AVG 7.5.0.467 05.31.2007 no virus found
BitDefender 7.2 05.31.2007 Generic.Banker.Delf.3AA572EB
CAT-QuickHeal 9.00 05.31.2007 no virus found
ClamAV devel-20070416 05.31.2007 Trojan.Bancos-1027
DrWeb 4.33 05.31.2007 BACKDOOR.Trojan
eSafe 7.0.15.0 05.31.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3681 06.01.2007 no virus found
Ewido 4.0 05.31.2007 Logger.Banbra.hp
FileAdvisor 1 06.01.2007 no virus found
Fortinet 2.85.0.0 05.31.2007 no virus found
F-Prot 4.3.2.48 05.31.2007 no virus found
F-Secure 6.70.13030.0 06.01.2007 Trojan-Spy.Win32.Banbra.hp
Ikarus T3.1.1.8 05.31.2007 Trojan-Spy.Win32.Banker.ahy
Kaspersky 4.0.2.24 06.01.2007 Trojan-Spy.Win32.Banbra.hp
McAfee 5043 05.31.2007 PWS-Banker.gen.b
Microsoft 1.2503 06.01.2007 no virus found
NOD32v2 2302 05.31.2007 probably a variant of Win32/Spy.Banker.ANV
Norman 5.80.02 05.31.2007 no virus found
Panda 9.0.0.4 05.31.2007 Trj/Banker.HOT
Prevx1 V2 06.01.2007 no virus found
Sophos 4.18.0 05.31.2007 Mal/DelpBanc-A
Sunbelt 2.2.907.0 05.30.2007 no virus found
Symantec 10 06.01.2007 no virus found
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 05.31.2007 suspected of Trojan-Spy.xBank.52
VirusBuster 4.3.23:9 05.31.2007 no virus found
Webwasher-Gateway 6.0.1 06.01.2007 Trojan.Spy.Banker.Gen

Aditional Information
File size: 1347584 bytes
MD5: c0e45b77dd190486f8dbe984e288b99d
SHA1: db5bc8c74605f123054998b5745fc2d25b47ded4
packers: UPX
packers: UPX
packers: UPX
packers: UPX

Complete scanning result of "winsersec.exe", received in VirusTotal at 06.01.2007, 00:59:49 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 05.31.2007 no virus found
AntiVir 7.4.0.29 05.31.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.31.2007 no virus found
AVG 7.5.0.467 05.31.2007 no virus found
BitDefender 7.2 05.31.2007 no virus found
CAT-QuickHeal 9.00 05.31.2007 no virus found
ClamAV devel-20070416 05.31.2007 no virus found
DrWeb 4.33 05.31.2007 no virus found
eSafe 7.0.15.0 05.31.2007 no virus found
eTrust-Vet 30.7.3681 06.01.2007 no virus found
Ewido 4.0 05.31.2007 no virus found
FileAdvisor 1 06.01.2007 no virus found
Fortinet 2.85.0.0 05.31.2007 no virus found
F-Prot 4.3.2.48 05.31.2007 no virus found
F-Secure 6.70.13030.0 06.01.2007 no virus found
Ikarus T3.1.1.8 05.31.2007 no virus found
Kaspersky 4.0.2.24 06.01.2007 no virus found
McAfee 5043 05.31.2007 no virus found
Microsoft 1.2503 06.01.2007 no virus found
NOD32v2 2302 05.31.2007 no virus found
Norman 5.80.02 05.31.2007 no virus found
Panda 9.0.0.4 05.31.2007 no virus found
Prevx1 V2 06.01.2007 no virus found
Sophos 4.18.0 05.31.2007 no virus found
Sunbelt 2.2.907.0 05.30.2007 no virus found
Symantec 10 06.01.2007 no virus found
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 05.31.2007 no virus found
VirusBuster 4.3.23:9 05.31.2007 no virus found
Webwasher-Gateway 6.0.1 06.01.2007 no virus found

Aditional Information
File size: 53248 bytes
MD5: 62f4fef16963eac06bea0a4e9fa3f726
SHA1: 0ad803ae6b8539e6629fba125e600ea4d4

**Neal** · 01-06-2007

Did you do the doctor web scan? I need to see the log please

I need a new hijackthis log also. Thanks.

**hilfer** · 01-06-2007

Here it is the dr web report:

installer-7698-496-WinRAR-3-61-Final-Portuguese.exe;C:\instaladores;Provavelmente UPX;Incurável.Movido.;
MYSRCHAS.DLL;C:\Programas\MyWay\SrchAstt\1.bin;Adw are.MyWay;Incurável.Movido.;
A0009169.exe;C:\System Volume Information\_restore{48948DC3-535C-4092-B498-10608AC47E89}\RP27;Provavelmente BACKDOOR.Trojan;Incurável.Movido.;
A0021690.exe;C:\System Volume Information\_restore{48948DC3-535C-4092-B498-10608AC47E89}\RP38;Provavelmente BACKDOOR.Trojan;Incurável.Movido.;
A0027641.DLL;C:\System Volume Information\_restore{48948DC3-535C-4092-B498-10608AC47E89}\RP43;Adware.MyWay;Incurável.Movido.;
A0027708.exe;C:\System Volume Information\_restore{48948DC3-535C-4092-B498-10608AC47E89}\RP43;Provavelmente BACKDOOR.Trojan;Incurável.Movido.;
A0043097.exe;C:\System Volume Information\_restore{48948DC3-535C-4092-B498-10608AC47E89}\RP49;Tool.CrackSearch;Incurável.Movi do.;
A0043098.exe;C:\System Volume Information\_restore{48948DC3-535C-4092-B498-10608AC47E89}\RP49;Provavelmente BACKDOOR.Trojan;Incurável.Movido.;
disk10.exe;C:\WINDOWS\system32;Provavelmente BACKDOOR.Trojan;Incurável.Movido.;
hbtools.exe;D:\;Adware.Hotbar;Incurável.Movido.;
install.exe;D:\;Adware.SaveNow;Incurável.Movido.;
ETRemover_v130.exe;D:\ETRemover_v130;Provavelmente BACKDOOR.Trojan;Incurável.Movido.;
EvID4226Patch.exe;D:\EvID4226Patch212-en;Tool.IncConnectionsLimit;Incurável.Movido.;
FFBB7051d01;D:\restantes ficheiros disco antigo\hilario ferreira\Definições locais\Application Data\Mozilla\Firefox\Profiles\qjsqqa40.defau;Adwar e.SaveNow;Incurável.Movido.;
A0001450.exe;D:\System Volume Information\_restore{48948DC3-535C-4092-B498-10608AC47E89}\RP15;Provavelmente UPX;Incurável.Movido.;
prompt[1].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\CDQ3G5IV;Adware.Winad;Incurável. Movido.;
prompt[2].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\CDQ3G5IV;Adware.Winad;Incurável. Movido.;
prompt[1].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\CLMROLQN;Adware.Winad;Incurável. Movido.;
prompt[1].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\ODMJK9AN;Adware.Winad;Incurável. Movido.;
prompt[2].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\ODMJK9AN;Adware.Winad;Incurável. Movido.;
prompt[4].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\ODMJK9AN;Adware.Winad;Incurável. Movido.;
prompt[1].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\W9ANO1QR;Adware.Winad;Incurável. Movido.;
prompt[2].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\W9ANO1QR;Adware.Winad;Incurável. Movido.;
prompt[3].php;D:\tudo\Documents and Settings\hilario\Definições locais\Temporary Internet Files\Content.IE5\W9ANO1QR;Adware.Winad;Incurável. Movido.;

and the HJT scanner report:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:31, on 01-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winsersec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\sdaemon.exe
C:\WINDOWS\winwd.exe
C:\Programas\Java\jre1.6.0_01\bin\jusched.exe
C:\Programas\BillP Studios\WinPatrol\winpatrol.exe
C:\Programas\PrettyMay\PrettyMay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\X-PRO\X-PRO.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programas\TjInit Utility\TjInit.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\TjInit Utility\hkcntr.exe
C:\Programas\Skype\Plugin Manager\SkypePM.exe
C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp?...on=IncrediMail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [WinPatrol] C:\Programas\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [PrettyMay] C:\Programas\PrettyMay\PrettyMay.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [IncrediMail] C:\Programas\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [XSC SIP Client] C:\Programas\X-PRO\X-PRO.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: hp psc 2000 Series.lnk = C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: hpoddt01.exe.lnk = ?
O4 - Startup: TjInit Utility.lnk = C:\Programas\TjInit Utility\TjInit.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: winser - Unknown owner - C:\WINDOWS\system32\winsersec.exe

Tks for yr time.
hilfer.

**Neal** · 02-06-2007

Are you still recieveing help at the Elder Geek?

How is your computer behaving now?

**hilfer** · 02-06-2007

Originally Posted by Neal

Are you still recieveing help at the Elder Geek?

How is your computer behaving now?

No I stopped the thread.

The only problem on my computer is a strange freezing from time to time without any special reason.
It just freezes no matter what I'm doing.
Sometimes when reboting, sometimes when watching a movie, when opening a folder or a file, and sometimes it freezes without any action at all !!!

This happens very ramdomly, 2 , 3 , 4 times a day, it depends.... !!!

Also strange is that it was happening before a format and its happening now after the format.My suspictions are tending now to a hardware problem...

Do you think this may be caused by that trojan related on the above scan reports ??

Tks for yr asking.

**Neal** · 02-06-2007

Possibly.

Have you installed anything before this freezeing problem?

Run hijackthis and click on scan only button and put checks next to these:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1

Nothing open but hijackthis and click on "fix checked"

REBOOT

Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

**hilfer** · 03-06-2007

here it is:

Actualização de segurança para Windows Internet Explorer 7 (KB929969)
Actualização de segurança para Windows XP (KB923789)
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Ares 2.0.9
Ashampoo Burning Studio 7
ATI - Utilitário de desinstalação de software
ATI Display Driver
AVG 7.5
AVG Anti-Spyware 7.5
BTuga Revolution
Combined Community Codec Pack 2007-02-22
ConvertXtoDVD 2.0.10b
CPUMon
CutePDF Writer 2.7
Disco de recordações HP
DivX Codec
DivX Content Uploader
DivX Web Player
DVD Shrink 3.2
EvilLyrics
GOM Player
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Foto e Imagem 2.0 - All-in-One
HP Foto e Imagem 2.0 - All-in-One Drivers
HP Foto e Imagem 2.0 - hp psc 2170 series
hp psc 2170 series
hp psc 2170 series
IncrediMail Xe
IObit SmartDefrag Beta3
J2SE Runtime Environment 5.0 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Lame ACM MP3 Codec
LimeWire 4.12.11
Locate32
Marvell Miniport Driver
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.4)
Painel de Controle da ATI
PC Security (tm)
PrettyMay Voice Plugin for Skype 2.5.0.128
Rainlendar2 (remove only)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update para Microsoft .NET Framework 2.0 (KB922770)
Skype 3.0
Skype Plugin Manager
Skype™ 3.2
SoundMAX
Spybot - Search & Destroy 1.4
Subtitle Workshop 2.51
Unlocker 1.8.5
Virtual DJ - Atomix Productions
Virtual Dj Final Skin Pack By Neo
Weather Watcher
WinAVI Video Converter
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinPatrol 2007
WinRAR archiver
X-Lite 3.0
X-PRO 2.0 release 1105x

-------

Hilfer.

**Neal** · 03-06-2007

That is ok there.

To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.

Uncheck cookies

Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)

Any better?

Problem with disk 10 !!(RESOLVED)

Problem with disk 10 !!(RESOLVED)

Similar Threads

[RESOLVED] Virus - Hard Disk Refuses to Open

[RESOLVED] Virus - I Cannot Access My Hard Disk

removable disk problem

Disk Defrag Problem

problem in disk defragmenter